InformAction Forums

When I go to this site ''http://www.bugun.com.tr/BugunTv'' to watch the tv channel, noscript shows ''127.0.0.1'' in menu as blocked. This happens only for this site. I am sure the site is legitimate.

Is it something to worry about?

Thanks...

Hmm...odd.

Are you using a custom Hosts file? Generally they point unwanted traffic to the loopback address (although Giorgio has a better recommendation).

Does this site require you to install any custom software (eg a Firefox plugin) in order to use it? That might be listening on the loopback address.

Thanks for the reply.

I checked out my hosts file and found that it is factory default hosts file. The site doesn't require me to install anything. I scanned the pc with MBAM and KIS 2014 and they didn't find anything. The PC is restored to factory defaults three months ago and since then it is just used for visiting legitimate web sites. I think virus risk is less probable.

Since I want to keep this this PC very clean, should I restore it using backup?

efe wrote:Since I want to keep this this PC very clean, should I restore it using backup?

That won't help you. The issue is obviously on the site's end and NoScript will block anything outside your LAN from requesting resources on your computer, so if the site works without allowing 127.0.0.1 and you're *very* sure the site isn't infected, then just don't allow 127.0.0.1 and don't worry about it, you should be fine.

barbaz wrote:

efe wrote:Since I want to keep this this PC very clean, should I restore it using backup?

That won't help you. The issue is obviously on the site's end and NoScript will block anything outside your LAN from requesting resources on your computer, so if the site works without allowing 127.0.0.1 and you're *very* sure the site isn't infected, then just don't allow 127.0.0.1 and don't worry about it, you should be fine.

I chose ''allow all these sites'' option for one time unfortunately. I am sure about the site's safety but I know there is no 100 percent safe site in the world. So you are saying that I made it available for the site to reach my resources. As I understand it, this was a dangerous action and the site could have installed something to my computer without my knowledge, right? If so I'm doing the restore.

Thanks...

efe wrote:I chose ''allow all these sites'' option for one time unfortunately. I am sure about the site's safety but I know there is no 100 percent safe site in the world. So you are saying that I made it available for the site to reach my resources.

I think not, ABE is separate from script blocking so as long as you didn't add any exception there you should still be fine.

If you're going to use the allow all this menu option, you might consider marking 127.0.0.1 in Untrusted.

barbaz wrote:

efe wrote:I chose ''allow all these sites'' option for one time unfortunately. I am sure about the site's safety but I know there is no 100 percent safe site in the world. So you are saying that I made it available for the site to reach my resources.

I think not, ABE is separate from script blocking so as long as you didn't add any exception there you should still be fine.

If you're going to use the allow all this menu option, you might consider marking 127.0.0.1 in Untrusted.

I don't thoroughly understand the mechanics of ABE but seems it is some sort of firewall. I didn't add any exception to it before.

I also have KIS 2014 which has a firewall. Shouldn't it have asked for confirmation if that site tried to connect my PC?

I am happy to hear that I didn't have to restore the PC. Since I need it to be very clean.

efe wrote:I also have KIS 2014 which has a firewall. Shouldn't it have asked for confirmation if that site tried to connect my PC?

well, no incoming connections were actually attempted...
since it's your own browser that would be trying to make the connections, the firewall would probably have seen the origin as your own PC; anyway, ABE sits in the browser so it can actually prevent connections rather than halting them, i.e. ABE acts *before* system firewall on outgoing connections

Thanks for the info!

ABE is sort of a firewall, but not in the usual sense. It's a firewall for web applications.

When your browser downloads a web page, the page can (and usually does) include instructions to fetch resources from other sites. ABE acts as a firewall for those requests, determining which sites can interact with each other.

It's uncommon, and not usually desirable, for a website to want to contact a site on your local network. But it's not unheard-of. Anyway, as barbaz mentioned, allowing 127.0.0.1 should make no difference to ABE, which is a separate module.