On 16/06/2017 20:59, Maurice McCarthy wrote: > On 15/06/17 14:13, Ted Unangst wrote: >> Maurice McCarthy wrote: >>> Hi, >>> >>> $ xauth list >>> ... >>> advancedsearch.virginmedia.com:0 MIT-MAGIC-COOKIE-1 >>> f3aa08ed0926482c51f5cb386e28a0ea >>> >>> >>> Virgin Media is my ISP. Is this an intrusion into my system please? I >>> ran xauth remove ... just for the sake of it anyhow. >> >> well, even if it wasn't, you just posted the secret key to a public list, so >> probably wise to remove it anyway. :) > > Thanks to all that have replied and apologies for the slow response. Had > to attend to more urgent matters. (Lost the blessed terrestrial TV > signal!) > > To TedU, > > Ooops! ... Well, I moved the .Xauthority file aside and restarted X to > create a new one. Obviously it has one line with my hostname in it. But > > $ xauth list > fresh.yem/unix:0 MIT-MAGIC-COOKIE-1 ... > advancedsearch.virginmedia.com:0 MIT-MAGIC-COOKIE-1 ... > > And only now did I notice that the magic cookie is identical for both > entries. This mystifies me. (BTW apparently Virgin has historically used > a bit of DNS hijacking so I bunged this line into /etc/hosts before > restarting X. > > 127.0.0.1 advancedsearch.virginmedia.com ) > > > To Peter Hessler, > > The reverse DNS went like this > > 80.2.249.209 cpc77525-cwma10-2-0-cust208.7-3.cable.virginm.net > > I run most traffic through a vpn but my router is a Virgin SuperHub2, as > they call it. > > > To Dot Yet, > > I've through system logs etc and nothing seems to look suspicious. Can't > find any attempts to execute commands nor authenticate. Further the > remote access port is disabled in the router settings. I've never asked > Virgin for support in years. > > > To Joe Holden, > > Thanks for the tip about NXDOMAIN queries. Don't see where to unset in > the router but I'm guessing the hosts file entry above should do the > same thing. > > I'll keep looking around to reassure myself anyhow > > Thanks to all, > Moss
It is done by the VM dns servers, if you visit a domain that doesn't exist you should be directed to the advanced search page, there *should* be a link to disable it there, but if not login to your account and disable it, can't remember what it is called... Hosts file won't solve the problem really since anything else will also get the same result
