FlashGot uses several ports to unknown IPs

Talk about internet security, computer security, personal security, your social security number...
Post Reply
jumper43
Posts: 3
Joined: Wed Jan 09, 2013 8:42 pm

FlashGot uses several ports to unknown IPs

Post by jumper43 » Wed Jan 09, 2013 9:09 pm

Hi,

I use FlashGot with Firefox on Ubuntu 12.10.

Yesterday I took a look at my netstat list by using "sudo netstat -taupen".
There where several entries with "4261/sh" which leads to unknows IP adresses.

I checked the process ID with "ps 4261", it respons with: "/bin/sh /tmp/flashgot.vpzjetqv.default/flashgot-1.fgt"

FlashGot was now even in use threw this time.

What is going on here? Why was there these entries?

I removed the plugin once, because I am worried.

Regards,
jumper43
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0

User avatar
therube
Ambassador
Posts: 7521
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: FlashGot uses several ports to unknown IPs

Post by therube » Wed Jan 09, 2013 11:43 pm

As a start, open flashgot-1.fgt & see what's in it.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0 SeaMonkey/2.16a2

jumper43
Posts: 3
Joined: Wed Jan 09, 2013 8:42 pm

Re: FlashGot uses several ports to unknown IPs

Post by jumper43 » Thu Jan 10, 2013 5:55 pm

ok, it would be a wise decision to rescue this file. The file was in a tmp folder and now automatically removed. :cry:
Something else I could do?
Why would flashgot use sh and establish connections? I thought flashgot only transfer download informations from Firefox to the local download manager (uGet).
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0

User avatar
therube
Ambassador
Posts: 7521
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: FlashGot uses several ports to unknown IPs

Post by therube » Thu Jan 10, 2013 6:09 pm

Oh, I'm only going to guess that FlashGot is setting up a server in order to communicate, locally, with your download manager?

I've see that temp file before, but don't recall at what point it might get generated, or whats inside?
(There are others that you can [might] see like flashgot.fgt.done & flashgot.log.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0 SeaMonkey/2.16a2

User avatar
Giorgio Maone
Site Admin
Posts: 8771
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: FlashGot uses several ports to unknown IPs

Post by Giorgio Maone » Fri Jan 11, 2013 12:12 am

On Linux, most download managers are launched directly from the script you're pointing at (or a similar one, since they're created as unique temporary files).
My guess is that your netstat is reporting it as the parent process, while the connections are opened via uGet.
However, until you reproduce and cat the actual file, it's just a guess (the curious part is where you say FlashGot is not in use).
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0

jumper43
Posts: 3
Joined: Wed Jan 09, 2013 8:42 pm

Re: FlashGot uses several ports to unknown IPs

Post by jumper43 » Fri Jan 11, 2013 1:13 am

Hi,

I could recreate this in my VM.
What I do:
- Download a file from chip.de by usung flasgot.
- checked netstat - no sign of these entries
- so I go facebook webside
- a few seconds later the sh connections are comming

"Ooops, something in your posting triggered my antispam filter...
Please use the "Back" button to modify your content and retry."

I could not paste my file here...not even a link to paste.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: FlashGot uses several ports to unknown IPs

Post by Tom T. » Fri Jan 11, 2013 4:53 am

jumper43 wrote:"Ooops, something in your posting triggered my antispam filter...
Please use the "Back" button to modify your content and retry."

I could not paste my file here...not even a link to paste.

Try enclosing the text, or the link, in code tags.

If the spam filter still triggers, then you may PM the requested information to therube and Giorgio.
(I work only with NoScript, but saw your problem with the spam filter. No need to include me, thanks.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.0) Gecko/20100101 Firefox/18.0

User avatar
therube
Ambassador
Posts: 7521
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: FlashGot uses several ports to unknown IPs

Post by therube » Fri Jan 11, 2013 9:16 pm

jumper43 wrote:Hi,

The file "vlc-2.0.5-win32.exe" is the test download file.

Code: Select all

$ cat flashgot-1.fgt 
#!/bin/sh
echo "URL 1/1"...
"uget-gtk" --http-cookie-file=/tmp/flashgot.mklvaif8.default/cookies  --http-referer=http://www.chip.de/downloads/c1_downloads_hs_getfile_v1_16094596.html\?t=1357859534\&v=3600\&s=5ed33821c47c21bf1c8c46f810d98ddc  http://dl.cdn.chip.de/downloads/90803/vlc-2.0.5-win32.exe\?1357859273-1357866773-9365f6-B-22b159e3ad90fa9ed458e6288e475386.exe

flashgot.log

Code: Select all

*** FlashGot 1.5.2 started at Thu, 10 Jan 2013 23:20:02 GMT ***
Per-session init started
Per-session init done in 9ms
Running /bin/sh /tmp/flashgot.mklvaif8.default/flashgot.fgt -- blocking
Native execution time 227
Aria|KO
Downloader 4 X (nt)|KO
Downloader 4 X|KO
GNOME Gwget|KO
FlareGet|KO
KDE KGet|KO
wxDownload Fast|KO
/usr/bin/axel
Axel|OK
cURL|KO
FatRat|KO
Prozilla|KO
/usr/bin/wget
Wget|OK
/usr/bin/uget-gtk
Uget|OK
Aria 2|KO
Steadyflow|KO
ZigzagDownLoader|KO

Warning: download manager ZigzagDownLoader not found
Warning: download manager wxDownload Fast not found
Warning: download manager TrueDownloader not found
Warning: download manager Thunder (Old) not found
Warning: download manager Thunder not found
Warning: download manager Steadyflow not found
Warning: download manager Star Downloader not found
Warning: download manager Speed Download Lite not found
Warning: download manager Speed Download not found
Warning: download manager ReGet not found
Warning: download manager Prozilla not found
Warning: download manager Orbit not found
Warning: download manager NetAnts not found
Warning: download manager Net Transport 2 not found
Warning: download manager Net Transport not found
Warning: download manager Mass Downloader not found
Warning: download manager LeechGet 2002 not found
Warning: download manager LeechGet not found
Warning: download manager Leech not found
Warning: download manager KDE KGet not found
Warning: download manager JDownloader not found
Warning: download manager Internet Download Manager not found
Warning: download manager Internet Download Accelerator not found
Warning: download manager InstantGet not found
Warning: download manager iGetter Win not found
Warning: download manager iGetter not found
Warning: download manager HiDownload not found
Warning: download manager GNOME Gwget not found
Warning: download manager GigaGet not found
Warning: download manager GetRight not found
Warning: download manager FreshDownload not found
Warning: download manager Free Download Manager not found
Warning: download manager Folx not found
Warning: download manager FlashGet 2.x not found
Warning: download manager FlashGet 2 not found
Warning: download manager FlashGet not found
Warning: download manager FlareGet not found
Warning: download manager FatRat not found
Warning: download manager DTA (Turbo) not found
Warning: download manager DTA not found
Warning: download manager Downloader 4 X (nt) not found
Warning: download manager Downloader 4 X not found
Warning: download manager Download Master not found
Warning: download manager Download Accelerator Plus not found
Warning: download manager cURL not found
Warning: download manager BitComet not found
Warning: download manager Aria 2 not found
Warning: download manager Aria not found
Download managers detection done in 248ms
JDownloader response:
0

Recent post info found: [xpconnect wrapped (nsISupports, nsIChannel, nsIHttpChannel, nsIUploadChannel)], http://127.0.0.1:9666/flashgot VS http://dl.cdn.chip.de/downloads/90803/vlc-2.0.5-win32.exe?1357859273-1357866773-9365f6-B-22b159e3ad90fa9ed458e6288e475386.exe, false, false
Preprocessing done in ms96
Starting dispatch
Running /bin/sh /tmp/flashgot.mklvaif8.default/flashgot-1.fgt -- async
Native execution time 45
Dispatch done in ms70
Total processing time: ms180
Starting cleanup
Cleanup done
*** FlashGot 1.5.3 started at Thu, 10 Jan 2013 23:22:49 GMT ***
Per-session init started
Per-session init done in 29ms
Starting cleanup
Cleanup done
*** FlashGot 1.5.3 started at Thu, 10 Jan 2013 23:28:34 GMT ***
Per-session init started
Per-session init done in 31ms
Starting cleanup
Cleanup done
*** FlashGot 1.5.3 started at Fri, 11 Jan 2013 00:56:16 GMT ***
Per-session init started
Per-session init done in 14ms
Running /bin/sh /tmp/flashgot.mklvaif8.default/flashgot.fgt -- blocking
Native execution time 228
Aria|KO
Downloader 4 X (nt)|KO
Downloader 4 X|KO
GNOME Gwget|KO
FlareGet|KO
KDE KGet|KO
wxDownload Fast|KO
/usr/bin/axel
Axel|OK
cURL|KO
FatRat|KO
Prozilla|KO
/usr/bin/wget
Wget|OK
/usr/bin/uget-gtk
Uget|OK
Aria 2|KO
Steadyflow|KO
ZigzagDownLoader|KO

Warning: download manager ZigzagDownLoader not found
Warning: download manager wxDownload Fast not found
Warning: download manager TrueDownloader not found
Warning: download manager Thunder (Old) not found
Warning: download manager Thunder not found
Warning: download manager Steadyflow not found
Warning: download manager Star Downloader not found
Warning: download manager Speed Download Lite not found
Warning: download manager Speed Download not found
Warning: download manager ReGet not found
Warning: download manager Prozilla not found
Warning: download manager Orbit not found
Warning: download manager NetAnts not found
Warning: download manager Net Transport 2 not found
Warning: download manager Net Transport not found
Warning: download manager Mass Downloader not found
Warning: download manager LeechGet 2002 not found
Warning: download manager LeechGet not found
Warning: download manager Leech not found
Warning: download manager KDE KGet not found
Warning: download manager JDownloader not found
Warning: download manager Internet Download Manager not found
Warning: download manager Internet Download Accelerator not found
Warning: download manager InstantGet not found
Warning: download manager iGetter Win not found
Warning: download manager iGetter not found
Warning: download manager HiDownload not found
Warning: download manager GNOME Gwget not found
Warning: download manager GigaGet not found
Warning: download manager GetRight not found
Warning: download manager FreshDownload not found
Warning: download manager Free Download Manager not found
Warning: download manager Folx not found
Warning: download manager FlashGet 2.x not found
Warning: download manager FlashGet 2 not found
Warning: download manager FlashGet not found
Warning: download manager FlareGet not found
Warning: download manager FatRat not found
Warning: download manager DTA (Turbo) not found
Warning: download manager DTA not found
Warning: download manager Downloader 4 X (nt) not found
Warning: download manager Downloader 4 X not found
Warning: download manager Download Master not found
Warning: download manager Download Accelerator Plus not found
Warning: download manager cURL not found
Warning: download manager BitComet not found
Warning: download manager Aria 2 not found
Warning: download manager Aria not found
Download managers detection done in 252ms
JDownloader response:
0
...

The firefox and sh entries from netstat:

Code: Select all

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name     
tcp        0      0 MY_IP:50042    188.111.53.50:80        ESTABLISHED 1000       11654       1586/sh         
tcp        0      0 MY_IP:42139    173.194.69.120:443      ESTABLISHED 1000       12695       1519/firefox   
tcp        0      0 MY_IP:47745    188.111.53.41:80        ESTABLISHED 1000       11619       1586/sh         
tcp        0      0 MY_IP:47750    188.111.53.41:80        ESTABLISHED 1000       11642       1586/sh         
tcp        0      0 MY_IP:60039    173.194.69.101:80       ESTABLISHED 1000       12629       1519/firefox   
tcp        0      0 MY_IP:47744    188.111.53.41:80        ESTABLISHED 1000       11618       1586/sh         
tcp        0      0 MY_IP:50036    188.111.53.50:80        ESTABLISHED 1000       11648       1586/sh         
tcp        0      0 MY_IP:50037    188.111.53.50:80        ESTABLISHED 1000       11649       1586/sh         
tcp        0      0 MY_IP:47749    188.111.53.41:80        ESTABLISHED 1000       11641       1586/sh         
tcp        0      0 MY_IP:47748    188.111.53.41:80        ESTABLISHED 1000       11640       1586/sh         
tcp        0      0 MY_IP:50043    188.111.53.50:80        ESTABLISHED 1000       11655       1586/sh         
tcp        0      0 MY_IP:50398    173.194.44.147:80       ESTABLISHED 1000       12618       1519/firefox   
tcp        0      0 MY_IP:45468    173.194.44.151:80       ESTABLISHED 1000       12649       1519/firefox   
tcp        0      0 MY_IP:45403    173.194.69.113:80       ESTABLISHED 1000       12624       1519/firefox   
tcp        0      0 MY_IP:50763    173.194.69.120:80       ESTABLISHED 1000       12694       1519/firefox   
tcp        0      0 MY_IP:45466    173.194.44.151:80       ESTABLISHED 1000       12644       1519/firefox   
tcp        0      0 MY_IP:41177    173.194.44.151:443      ESTABLISHED 1000       12645       1519/firefox   
tcp        0      0 MY_IP:50038    188.111.53.50:80        ESTABLISHED 1000       11650       1586/sh         
tcp        0      0 MY_IP:47743    188.111.53.41:80        ESTABLISHED 1000       11617       1586/sh 


If I deactivate flashgot and copy the link from Firefox to uget, there is only one connection:

Code: Select all

tcp        0      0 MY_IP:33882    193.45.10.144:80        ESTABLISHED 1000       11367       1554/uget-gtk 

After the download finished:

Code: Select all

tcp        0      0 MY_IP:33882    193.45.10.144:80        TIME_WAIT   0          0           -           


I do now really know why these connections.
Today I tried to download the same file via flashgot and there was only one connection with uget-gtk, it is strange.


Regards,
jumper43
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0 SeaMonkey/2.16a2

Post Reply