Redzone Avoidance, Quick and Dirty

1 02 2011

Keep in mind that there is NO WAY to avoid being scanned by a RedZone no matter what they claim, unless you are a Linden.

So says zFire Xue on his RedZone site to spyware owners panicking about the effectiveness of Greenzone, the free Redzone detector.

To be clear, Greenzone works, but zFire is right that by the time Greenzone warns you of Redzone spyware on a sim, you have already been scanned. He is telling fibs, however, when he says you cannot avoid being scanned (he tells lots of fibs. His ability to con people somewhat surpasses his abilities as a programmer).

Second Life marketplace has some very expensive notecards which will tell you exactly how to avoid being scanned. But to save you the money, here is what you need to know.

If you are (rightly) concerned about Redzone spyware, there are three steps you can take to protect yourself.

1. Disable Media

Redzone uses a security hole in SL Parcel Media. To avoid this security hole, switch off your media settings. Click:

edit/preferences and click “audio and video”. Uncheck “enable streaming music”, “enable streaming media” and also “automatically play streaming media” in the settings. Also do not allow scripts to control your media settings. This is the best defence against redzone and other spyware devices.

Unfortunately there is a problem. Some land owners use redzone in dance clubs. The enjoyment of these clubs can be somewhat marred by unchecking your media settings! What else can you do?

2. Disable Cookies

Click edit/preferences. Click the web preferences option and uncheck the “accept cookies” checkbox.

This on its own will not help much. Do it anyway though. Cookies are not good for your privacy!

3. Block isellsl.ath.cx

This tip will stop redzone dead. Be warned though that at some point zFire will read this blog (you will know he has done so when he adds a comment claiming this doesn’t work. See above regarding fibs). Until he works around it, blocking isellsl.ath.cx will kill all known redzones dead. They will not be able to fool you into sending data back to base because the system relies on your client sending an HTTP GET request to that site.

The obvious work around will be for zFire to change the site DNS name (although this is a pain in his butt because he has to roll out the change in a new version of the software. Also he is using a free DNS service that limits the number of domain names he can have unless he starts paying for them). If and when he does this, the block will no longer protect you. For maximum security, keep streaming media off except on sims you trust. Greenzone can help you decide whether it is safe to switch on streaming media, but its an arms race with spyware writers. Whatever Greenzone detects, zFire will attempt to work around. Media off is safest.

How do you block that site?

There are several ways. If you have a firewall you may be able to just black list the site for outgoing connections. Thereafter all data to the site will be dropped. Test this by loading the site in your web browser. If you see the site, the block failed. Keep playing with your firewall.

But the other quick and dirty fix is to add this to your hosts file:

127.0.0.1  isellsl.ath.cx

in Linux or on a Mac, you need to open /etc/hosts in your favourite text editor and add this line.

If you are not sure how, here is the step by step instruction on a Mac. The instructions for Linux will be almost identical, depending on flavour. If you are running Linux you probably know how to do this already.

Start Terminal (type terminal in search if you never used it before)
In the terminal window type:

sudo emacs /etc/hosts
(enter your password when asked)
Use arrow down keys to move to the end of the file
add:

127.0.0.1 isellsl.ath.cx
ctrl-x and ctrl-s to save the file
ctrl-x and ctrl-c to exit

On a Windows based PC, the file is in your WINDOWS folder (whatever that is called, but assuming it is C:\WINDOWS):

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

If you edit in notepad, take care it does not gain a .txt extension. The file should have no extension. You probably need to be logeed in with administrative privileges to change this file.

Again test the block by going to the website. If you see the website, keep trying or post a comment here.

Take care and stay safe.

About these ads

Actions

Information

6 responses

8 02 2011
Draconian Hax

Add this to hosts file explanation:

http://www.abelhadigital.com/hostsman

Free windows Hosts-file manager @ http://www.abelhadigital.com/hostsman
Good explanation on how it works here: http://nixbits.org/wiki/Hostsfile

Hosts file blocking is a must have.

As for IP sim scan there should be not much whining about it as it is something that is done in many chat network types such as irc where chat-room operators have the same access that info for chat-room control.

IRC has been around for since 1988

http://en.wikipedia.org/wiki/Internet_Relay_Chat

Many of its features have been ported to other chat systems. The /me SL command was ported from IRC. The difference from IRC is that it’s users are in general much more educated about this matter.

On paltalk even your hard drive serial number is used for bans. (Paltalk itself used to be detected as spyware)

On SL what does REALLY matter is how the IP is obtained. Obtaining the IP address from for example a shoutcast server is legal for the shoutcast OWNER and he does not even need to use redzone as the only thing needed is to login as admin on the shoutcast server. Have people ever cried about giving their IP when listening to music ? Any server were we connect; we will be giving your ip info and more to the administrator of that server.

RedZone is a crappy tool but lets not give the other side arguments that he will be able to fight with regular well known facts.

Update your very valuable post. It will be on my blog later.
IM me in world if you need to get in tech details about how ips are obtained.

8 02 2011
no2redzone

Thank you for those links. That will be useful information for Windows users in particular wishing to block hosts.

I am aware of the history of IRC. Before IRC I used to use talk on BSD systems, and before that we used to dial random PADs and talk to lonely sysops around the world. Back then we thought it was so amazing to just be randomly chatting with someone thousands of miles away!

But as I say in the post about whether an IP is personal data, it is not collection of IPs alone that makes this personal data. It is the collection of the data and using it to build a profile focussed on a living individual and not on the interface of a computer (or, more commonly, a NAT/PAT router).

Anyhow thank you for linking from your blog.

8 02 2011
Verina Resident

My security suite has a Parental Control Module—-I find it easy to use it to block the site.

9 02 2011
Florimel Enderfield

A very interesting post. And given what you’ve said about zFire’s lack of due diligence in his coding and much greater skill in just plain fibbing, it raises the interesting question of how about giving RedZone a lot more data to chew on? It’s utility as a spyware and alt correlation tool goes down dramatically if everyone in second life is considered an alt of everyone else. Could easily see making an tool that fires off formatted HTTP GET requests to zFire’s little server giving the identity of every single avatar ever encountered. And since all the requests will original from your own personal viewer, all the avatars get flagged as alts of yours and each other. And every intersection of an avatar with someone polluting zFire’s database results in yet more avatars being linked with other avatars. Could see creating a rather large haystack that way with the actual needles (true alt association) being nicely hidden. Heck, it may be rather humorous for the user’s of Redzone to suddenly find themselves labeled as alts and copybot users.

9 02 2011
no2redzone

Indeed, yes. I will have more to say on that in a forthcoming article. Regarding fibs, I witnessed some interesting ones in the RedZone format a few weeks ago.

There was a thread called “serious RedZone Screw Up” or something similar. It seems that someone was using a RedZone to autoban people, and for some reason, the sim owner and managers all suddenly got banned from their own sim.

Now zFire’s response was “re-rez your RedZone”, but one post I saw had someone complaining that his RedZone had been hacked somehow and he blamed a couple of people on his ban list for doing it. One can only suspect that something as you describe had indeed happened.

You will find no trace of it on the forum now though because zFire deleted the thread, as he deletes all messages that reveal the fundamental weakness of his software. Only today he was insisting RedZone does not make mistakes and is the best spyware on the market. He who controls the past controls the future, as they say.

(I should note that zFire does not call his software spyware. He calls it a security scanner. But then, he calls honest people “copybots” too, if they dare stand up to him by, oh, running clients with their media off! Bad people).

27 02 2011
Data scraping: update | Living in the Modem World

[…] blocking purposes – and in the case of m.sparkgap.info, added to your host file if you are technically-minded. Prior to the release of the media patch, there was speculation that it would probably uncover a […]




Follow

Get every new post delivered to your Inbox.

%d bloggers like this: