Just a quick question. I've been using NoScript for a while now and I've noticed the sudden surge in sites that have "cloudfront.net" included in their list to allow. I'm talking like one in every 4 or 5 sites (rough estimate) I come across has some kind of something that ends with "cloudfront.net". Here's the one I found in change.org "d22r54gnmuhwmk.cloudfront.net". Another url I've notices is "s3.amazonaws.com".
I've looked into these and the domain seems to be a legitimate Amazon service but I can't help feel something is not right considering that they all just started appearing suddenly with no gradual increase, they basically just appeared one day.
I'm I being over-paranoid or is my system infected?
Cloudfront appearing in a lot of sites
Cloudfront appearing in a lot of sites
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Re: Cloudfront appearing in a lot of sites
Well, cloudfront.net and s3.amazonaws.com are both Amazon-hosted CDNs which could be used by anyone...
Can you give other examples?
You haven't given enough information to judge whether "generally" these cloudfront appearances are malware, but that one is legitimate - I completely block cloudfront.net everywhere, and the site was missing all its style.Sharcs wrote:Here's the one I found in change.org "d22r54gnmuhwmk.cloudfront.net"
Can you give other examples?
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0
Re: Cloudfront appearing in a lot of sites
Thanksbarbaz wrote:Well, cloudfront.net and s3.amazonaws.com are both Amazon-hosted CDNs which could be used by anyone...
You haven't given enough information to judge whether "generally" these cloudfront appearances are malware, but that one is legitimate - I completely block cloudfront.net everywhere, and the site was missing all its style.Sharcs wrote:Here's the one I found in change.org "d22r54gnmuhwmk.cloudfront.net"
Can you give other examples?
So as long as it ends in "cloudfront.net" and "s3.amazonaws.com" they're ok right? And there is no known way of exploiting that... right?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Re: Cloudfront appearing in a lot of sites
Also I'll try and collect a few of them and dump them here in a few days and you guys can decide.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Re: Cloudfront appearing in a lot of sites
I don't know what you mean here. What I'm saying is that if you see "cloudfront.net" or "s3.amazonaws.com" in the NoScript menu, that's no indication of what it is, because it could come from pretty much anyone. If you're really worried about it, good test is to block cloudfront/amazonaws completely using ABE (add this NoScript Options > Advanced > ABE > USER)Sharcs wrote:So as long as it ends in "cloudfront.net" and "s3.amazonaws.com" they're ok right? And there is no known way of exploiting that... right?
Code: Select all
Site .cloudfront.net .s3.amazonaws.com
DenyCode: Select all
Site [exact-cloudfront-or-amazonaws-full-domain] [other-exact-cloudfront-or-amazonaws-full-domain-if-the-site-has-more-than-one]
Accept from [site-that-breaks-without-it-allowed](If the site requires dynamic cloudfront/amazonaws domains use ".cloudfront.net" for cloudfront and ".s3.amazonaws.com" for amazonaws.)
If a site tries to load cloudfront/amazonaws but works with it blocked then just leave it blocked, it's not gonna be something you want anyway.
Note this can be a bit of a PITA but if you're concerned enough about it you'll find it's worth the time (and does catch some trackers/crap).
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; FreeBSD amd64; rv:28.0) Gecko/20100101 Firefox/28.0