Approve the Cookies
This website uses cookies to improve your user experience. By using this site, you agree to our use of cookies and our Privacy Policy.
OK
Index  •   • New posts  •   • RTAT  •   • 'Best of'  •   • Gallery  •   • Gear  •   • Reviews
Guest
New posts  •   • RTAT  •   • 'Best of'  •   • Gallery  •   • Gear  •   • Reviews
Register to forums    Log in

 
FORUMS General Gear Talk Computers 
Thread started 26 Apr 2013 (Friday) 14:09
Search threadPrev/next
sponsored links
(this ad will go away when you log in as a registered member)

Maxsaver website

 
morph2_7
Goldmember
1,112 posts
Joined Sep 2012
Location: Los Angeles
     
Apr 26, 2013 14:09 |  #1

I'm troubleshooting my connection to maxsaver.net website. Someone mentioned this on another thread:

Bad Site
My computer security blocked access to that linked site, says it is malicious.


I understand that many have purchased camera gears from maxsaver but that does not mean their website is hack proof.

I'm seeing many dropped TCP port 82 outgoing packets on my firewall logs as soon as I visit maxsaver.net site. My firewall is configured to drop all in/outgoing packets that don't have policy in place, so it drops these outgoing TCP port 82 packets. The firewall won't stop dropping the packets unless I close Firefox browser.

The IP addresses that my Firefox attempts to access (on TCP port 82) are:
222.187.223.75, 222.187.221.13, 222.187.221.235, 222.89.188.140, 222.89.188.9, 222.187.223.114, 117.21.224.24, 117.21.226.122

Those are all assigned to China (Maxsaver is HK company, if I get that right). Google search on TCP port 82 takes me to sites that say TCP port 82 is used by XFER utility as well as trojan/remote code execution.

I'm not posting this to defame maxsaver. Just an FYI about my experience visiting maxsaver.net. I have never seen this before. Perhaps it (outgoing traffic requests on port 82) happens on many other sites too. I don't know. Feel free to comment on this.




  
  LOG IN TO REPLY
sponsored links
(this ad will go away when you log in as a registered member)
Kronie
Goldmember
Avatar
2,183 posts
Likes: 7
Joined Jun 2008
     
Apr 26, 2013 14:22 |  #2

I think you worry too much. I recommend a Mac then you dont have to deal with virus software that blocks sites its not supposed to.....Or maybe just get less paranoid virus software. Something that just scans and doesn't try and stop you from going to sites.

I just went there on my work PC...they run Symantec and Malwarebytes . I have been using them for years and I just bought a filter from them last week.




  
  LOG IN TO REPLY
ben_r_
-POTN's Three legged Support-
Avatar
15,894 posts
Likes: 13
Joined Nov 2007
Location: Sacramento, CA
     
Apr 26, 2013 14:49 |  #3

Meh, been buying from them for years, never had a problem. So what they have my credit card information? If I ever see any fraudulent charges its a simple, quick call to my credit card company and within hours I have my money back and a new credit card over nighted to me. No worries.


[Gear List | Flickr (external link) | My Reviews] /|\ Tripod Leg Protection (external link) /|\
GIVE a man a fish and he'll eat for a day. TEACH a man to fish and he'll eat for a lifetime.

  
  LOG IN TO REPLY
morph2_7
THREAD ­ STARTER
Goldmember
1,112 posts
Joined Sep 2012
Location: Los Angeles
     
Apr 26, 2013 15:45 |  #4

Kronie wrote in post #15870276 (external link)
I think you worry too much. I recommend a Mac then you dont have to deal with virus software that blocks sites its not supposed to.....Or maybe just get less paranoid virus software. Something that just scans and doesn't try and stop you from going to sites.

FYI nothing stops me from visiting their site. I didn't mention anything about software on my computer blocking my access (someone else did on a different thread). I just presented the fact that my hardware firewall discards unwanted outgoing packets on TCP port 82, something I find unusual.




  
  LOG IN TO REPLY
tim
Light Bringer
Avatar
50,987 posts
Likes: 361
Joined Nov 2004
Location: Wellington, New Zealand
     
Apr 26, 2013 16:30 |  #5

Using non-standard TCP ports is suspicious. There's no need for it.


Professional wedding photographer, solution architect and general technical guy with multiple Amazon Web Services certifications.
Read all my FAQs (wedding, printing, lighting, books, etc)

  
  LOG IN TO REPLY
morph2_7
THREAD ­ STARTER
Goldmember
1,112 posts
Joined Sep 2012
Location: Los Angeles
     
Apr 26, 2013 17:20 |  #6

That's exactly what I thought. I'll try a packet sniffer when I have time.




  
  LOG IN TO REPLY
Kronie
Goldmember
Avatar
2,183 posts
Likes: 7
Joined Jun 2008
     
Apr 26, 2013 18:25 |  #7

morph2_7 wrote in post #15870493 (external link)
I just presented the fact that my hardware firewall discards unwanted outgoing packets on TCP port 82, something I find unusual.

tim wrote in post #15870636 (external link)
Using non-standard TCP ports is suspicious. There's no need for it.

LOL! Seriously? What are you guys IT engineers? You go to the site and place an order. Just like anywhere else on the internet its not 100% safe. I wouldn't give them my SSN but I would buy a $85 filter and if my CC gets compromised in three weeks then my bank gets me a new one. Or use Paypal...we all know how safe that is....




  
  LOG IN TO REPLY
tim
Light Bringer
Avatar
50,987 posts
Likes: 361
Joined Nov 2004
Location: Wellington, New Zealand
     
Apr 26, 2013 20:10 |  #8

Kronie wrote in post #15870923 (external link)
LOL! Seriously? What are you guys IT engineers?

Yes, I'm a senior engineer working on the software side of performance, stability, and security of large scale computer systems.

I had a quick look, there's nothing on their home page explicitly using TCP port 82. It could be done from a script, or malware on sometimes computer.


Professional wedding photographer, solution architect and general technical guy with multiple Amazon Web Services certifications.
Read all my FAQs (wedding, printing, lighting, books, etc)

  
  LOG IN TO REPLY
ben_r_
-POTN's Three legged Support-
Avatar
15,894 posts
Likes: 13
Joined Nov 2007
Location: Sacramento, CA
     
Apr 26, 2013 21:10 |  #9

So are you thinking its running client side on the OPs computer?


[Gear List | Flickr (external link) | My Reviews] /|\ Tripod Leg Protection (external link) /|\
GIVE a man a fish and he'll eat for a day. TEACH a man to fish and he'll eat for a lifetime.

  
  LOG IN TO REPLY
tim
Light Bringer
Avatar
50,987 posts
Likes: 361
Joined Nov 2004
Location: Wellington, New Zealand
     
Apr 26, 2013 21:56 |  #10

No idea really. The main website has no port 82 connections obvious, but then malware on the website wouldn't be obvious. I'd have to spend an hour or so to look into it, and tbh I don't really care enough. It's suspicious, but not a real problem especially if a firewall drops the packets anyway.


Professional wedding photographer, solution architect and general technical guy with multiple Amazon Web Services certifications.
Read all my FAQs (wedding, printing, lighting, books, etc)

  
  LOG IN TO REPLY
morph2_7
THREAD ­ STARTER
Goldmember
1,112 posts
Joined Sep 2012
Location: Los Angeles
     
Apr 29, 2013 01:19 |  #11

tim wrote in post #15871441 (external link)
No idea really. The main website has no port 82 connections obvious, but then malware on the website wouldn't be obvious. I'd have to spend an hour or so to look into it, and tbh I don't really care enough. It's suspicious, but not a real problem especially if a firewall drops the packets anyway.

You didn't see a request to host web1.51.la on port 82? Google search on this host mostly talk about some sort of exploit at some point in the past.




  
  LOG IN TO REPLY
tim
Light Bringer
Avatar
50,987 posts
Likes: 361
Joined Nov 2004
Location: Wellington, New Zealand
     
Apr 29, 2013 03:26 |  #12

I don't have a firewall, I just looked at the source code of the web page.


Professional wedding photographer, solution architect and general technical guy with multiple Amazon Web Services certifications.
Read all my FAQs (wedding, printing, lighting, books, etc)

  
  LOG IN TO REPLY
morph2_7
THREAD ­ STARTER
Goldmember
1,112 posts
Joined Sep 2012
Location: Los Angeles
     
Apr 29, 2013 12:03 |  #13

Thanks for spending a bit of your time to look at it, Tim. FYI, you don't really need a firewall to see this connection. If you use Windows, launch your web browser and go to maxsaver.net. Wait for 5 seconds or so then type this on the command prompt:

netstat -n

You should get something like this (on port 82 and the foreign IP address isn't POTN's as shown below ):


Proto Local Address Foreign Address
TCP 192.168.10.18:2780 67.228.38.154:80
TCP 192.168.10.18:2781 67.228.38.154:80

I'm sure you will see some connections to foreign addresses on port 82.



  
  LOG IN TO REPLY
Kronie
Goldmember
Avatar
2,183 posts
Likes: 7
Joined Jun 2008
     
Apr 29, 2013 13:10 |  #14

How does this effect anyone in the real world?




  
  LOG IN TO REPLY
morph2_7
THREAD ­ STARTER
Goldmember
1,112 posts
Joined Sep 2012
Location: Los Angeles
     
Apr 29, 2013 13:52 |  #15

So far I found no threat other than unusual non standard port 82 connections.




  
  LOG IN TO REPLY
sponsored links
(this ad will go away when you log in as a registered member)

2,092 views & 0 likes for this thread
Maxsaver website
FORUMS General Gear Talk Computers 
AAA
x 1600
y 1600

Jump to forum...   •  Rules   •  Index   •  New posts   •  RTAT   •  'Best of'   •  Gallery   •  Gear   •  Reviews   •  Member list   •  Polls   •  Image rules   •  Search   •  Password reset

Not a member yet?
Register to forums
Registered members may log in to forums and access all the features: full search, image upload, follow forums, own gear list and ratings, likes, more forums, private messaging, thread follow, notifications, own gallery, all settings, view hosted photos, own reviews, see more and do more... and all is free. Don't be a stranger - register now and start posting!


COOKIES DISCLAIMER: This website uses cookies to improve your user experience. By using this site, you agree to our use of cookies and to our privacy policy.
Privacy policy and cookie usage info.


POWERED BY AMASS forum software 2.1forum software
version 2.1 /
code and design
by Pekka Saarinen ©
for photography-on-the.net

Latest registered member is rsturboguy
863 guests, 351 members online
Simultaneous users record so far is 15144, that happened on Nov 22, 2018

Photography-on-the.net Digital Photography Forums is the website for photographers and all who love great photos, camera and post processing techniques, gear talk, discussion and sharing. Professionals, hobbyists, newbies and those who don't even own a camera -- all are welcome regardless of skill, favourite brand, gear, gender or age. Registering and usage is free.