Author Topic: Blocking userplane.com  (Read 20950 times)

0 Members and 1 Guest are viewing this topic.

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #15 on: June 08, 2006, 10:38:10 PM »
mitch,
GIMP is GREAT (for re-sizing, changing jpg to png, minor color adjustments etc)... if you think you're having trouble NOW, try using their GIF animation module. VERY difficult, and there's no good HELP on it...
 :gwave:

Offline isotope

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: Blocking userplane.com
« Reply #16 on: June 10, 2006, 11:39:11 PM »
Hi, I joined this forum because I was just on myspace viewing a photo from a user's page and saw the 02.presence.userplane.com message in the status bar of my browser.

First I did a google search for userplane.com and found their website.

You may already know this: here's their marketing blurb.
----
Userplane is the premier provider of communication software for online communities. Five hosted web apps comprise the application suite – each adding core, must-have features to thriving websites. The apps are robust yet lightweight, cross-platform with no user installation, and customizable for a site’s specific needs.
---
Both Friendster, Date.Com, MySpace, Honda, and RedBull are listed as clients.

Here's what they have to say about Presence:
---
The concept of user “presence” is at the core of any live user community – from simply knowing who’s online, to launching IM windows and delivering custom messages. Without a reliable technology to actively monitor presence, your users are effectively invisible to you and to each other.
---

So it's an itegral part of the MySpace program. When you are viewing profiles and you see that "Online now" icon by someone's name, that's probably Presence at work.

I'm sure there are other integrated services, like instant messaging, etc...

Their website pretty much puts it all out there. All kinds of info. You can probably get some third party opinions by seaching google for userplane, or userplane.com (as opposed to the specific message you got in your status bar). There may be a lot of other opinions and info out there.


Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #17 on: June 11, 2006, 09:18:32 AM »
isotope,
hi. welcome to landzdown.
 * i blocked all userplane.com communication via my firewall, as well as deleted all userplane cookies. -- there have been NO changes that i've noticed AT ALL in MySpace -- and that ONLINE NOW status of other users is JUST the same as it always has been: kludgey, and working only about half the time.
 * the MySpace users i know, checked their drives, and all of us got hit between the may 17 and may 23 (at least, this was the CREATED BY date on the userplane.com file or cookie or whatever it was).
 * userplane may like to promote its services as "integral" or "core" to "the net community experience," but -- judging by the date this started -- "presence" most likely regards only the brand new INSTANT MESSAGING feature MySpace just recently announced.
 * i was told by a userplane rep that what i discovered was a cookie, in FLASH, and that may be true.
but i was ALSO told some things that WEREN'T accurate -- that "disabling FLASH" was the only way to neuter userplane, and that userplane hadn't downloaded anything on to my drive at all. (the tech back-tracked a little bit, when i told him i could tell it CAME from a userplane server.)
* the odds may be small that it's anything seriously evil, but i'd rather be safe than sorry. i've had some bad infections, and would rather live without MySpace IM.
  :exorcize:
* OH: MITCH -- i forgot to mention this...
when i was looking over the userplane file, before i deleted it, i got TWO TEA-TIMER warnings something was trying to change my registry. (i didn't allow either.)
...i thought it was probably related to me "SHOWING HIDDEN FILES" or something else, but here's the TT notes on it:
6/8/2006 6:53:02 AM Denied value "{C4EE31F3-4768-11D2-BESC-00A0C9A83DA1}" (new data: "") added in User-specific browser toolbar!
6/8/2006 11:12:42 AM Denied value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") deleted in Browser Heler Object!

 -- does everything look okay....?
  :thumbsup:
anyway, isotope, thanks for your info and welcome to LandZ.
i may be more paranoid than i need to be, but i also have ALOT less computer infections that i used to, also...
 :hammy:


Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #18 on: June 14, 2006, 10:03:53 AM »
just discovered NOTHING i do blocks USERPLANE from generating its "settings.sol" file...
 * i got rid of it ONCE, but it's B-B-B-B-A-C-K.
this DESPITE me having set up FLASH through mitch's macromedia / adobe link to alert me before saving info - AND blocking userplane.com in my firewall.
* i'm going to go through all of this again...
i know it's supposed to be "SAFE", but -- hey -- it's my computer, it's not the property of MySpace or USERPLANE.
 ...curious how they managed this, by the way.
(while userplane was OFF my drive, MySpace function properly, so i know it's something i don't NEED...)
i guess users have no control over it, for some reason.





Offline katiealice

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Blocking userplane.com
« Reply #19 on: June 16, 2006, 08:02:05 AM »
I had noticed the "presence" downloading before, but just tonight noticed that it continued to download whatever the hell it downloads long after the page had finished loading, while I was working on something else.

I checked out http://www.techcrunch.com/2005/07/01/profile-userplane/ and I don't know about the webchat or webrecorder, but the webmessenger looks damn familiar. Myspace may be touting their IM feature as new, but they've had IM functionality for years. No one I know uses it, including myself, but I did get a couple of messages over it a while back. (Why does noone use it? It blows.) Point is... it looked identical to this webmessenger.

That doesn't help in the quest to block this beast, but I'm throwin' it out there.

Katie

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #20 on: June 16, 2006, 07:04:38 PM »
hi, katie. welcome to landzdown.
 :thumbsup:
if you're running XP on a PC, i can give you alot more info on this "presence" userplane thing.
* MySpace's IM hasn't worked for MONTHS. either it died on its own, or was SHUT down, because it was buggy, or mis-used by people.
 :smash: * userplane tried convincing me their software is NECESSARY to the myspace experience, and that's just not so. (it MAY be for IM, and some other things i don't use.)
** userplane evidently stores its cookies on your computer in FLASH, and i think they may be doing tricks making it difficult or impossible to remove them. every time i'm sure mine are GONE, they just pop up again.
 -- there's something called persistent identification element, or PIE, that secretly makes backups copies of our cookies using FLASH, so we can't delete them. check out this link for more info:
http://www.post-gazette.com/pg/05168/523384.stm
 ** i'm not positive myspace / userplane uses PIE -- but it sure is EXTREMELY difficult to get rid of these cookies, which seem to magically re-appear.
* i THINK i've finally deleted and blocked userplane -- although each time i've done this before, it's always come back.
the only thing i notice now, is that youtube videos play without sound on MYSPACE -- the same exact code plays WITH sound everywhere else. could be related.
- fix is simple -- just click on the frame of any youtube video, and it launches a new window at yourtube, where the vid plays with sound.
  :shock: all others -- google vids, myspace vids, etc -- play FINE. i only have a problem with youtube.
 ** blocking userplane is a USER PAIN.
 - i'm not positive this works, like i said, but i've been free of userplane for a couple days. STRANGELY, i've noticed i sometimes still get the message DOWNLOADING DATA FROM 02.PRESENCE.UNDERPLANE.COM...
THIS IS WHAT I DID:
1) go to:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html
set GLOBAL STORAGE SETTING to ZERO. DO NOT check "NEVER ASK AGAIN."
(this means FLASH should ask you BEFORE downloading a cookie)
2) block userplane aggressively in your firewall. you can see my earlier posts on this. there are several different ways to block URLS in my firewall, and i blocked it everywhere i was able.
3) do a search for "userplane" on your drive - then, DELETE COOKIES. when you search for userplane again, it should be gone. (although it may leave behind an empty folder with userplane in the name.)

* it's supposed to be safe, but i like being able to delete cookies. it's been very aggresssive, so i'm a lttile suspicious of it of the thing.
hope this helps some...
 :gwave:





 :wasntme:

Offline katiealice

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Blocking userplane.com
« Reply #21 on: June 18, 2006, 03:37:59 PM »
Thanks for the help.

I only found one extra thing. When you search for and delete all userplane files, also search for "presence" and delete the userplane files. You'll probably just get one hit, I got presence[1].swf, from http://cache.static.userplane.com/presence/m/presence.swf.


I just went through a mess of attempts at fixing this, or at least figuring out how it's working. I've made some progress, but it only points to this being worse than I thought.

I deleted the presence file and all userplane files. I blocked all userplane domains in my router's firewall. I went to the macromedia site and changed the settings. I blocked the domain in Firefox's cookies setting, even though I already have it set to ask me for permission.

So then I logged into myspace. I got the usual couple of minutes of delay while the status bar said "done," then the transferring from 02.presence.userplane.com started. This time was different though - that message didn't change. Originally, it was flashing and alternating with another status message (which I didn't catch). I think that means that this time, it was still trying to create all of those files, but was unsuccessful. It remained constant in the status bar for at least 20 minutes while I was doing other things. It probably would have remained forever, but I don't have that much patience.

I did another search of my computer, and like you said, only one thing came up: the #static.userplane.com folder, here:

C:\Documents and Settings\Katie\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.userplane.com

That folder only contains settings.sol. That same filename is used in the other folders in sys, legit stuff like #tvguide.com. I opened userplane's settings file in notepad, and got this (incompatible characters denoted by %):

 ¿   TTCSO %     %static.userplane.com/settings     %allow%   %always%   %klimit         

Compared to other settings files:

 ¿   KTCSO %     %tvguide.com/settings     %allow%   %always%   %klimit @Y       
 ¿   PTCSO %     %chuckecheese.com/settings     %allow%   %always%   %klimit @Y       
 ¿   KTCSO %     %weather.com/settings     %allow%   %always%   %klimit @Y       


There isn't much difference. Of course, I tried changing "allow" to "deny" and saving it, but it was changed back with the first page load. I've no idea what the @Y means, but I'm not gonna mess with that part.

Nothing came up in my "presence" search.

So THEN I deleted the folder from my hard drive again. I went back to the macromedia settings page - website privacy settings - and deleted the userplane folder there. I deleted all of my myspace cookies. All defenses up - no known traces of userplane - back to myspace. That beast still recreated that folder.

Next attempt. I left the folder there, and I left the folder in macromedia settings. In the macromedia website privacy settings, all of the sites come up with the "always ask" default, but userplane (and only userplane) has no icon. So I changed that to "always deny," which changed the settings file to:

 ¿   BTCSO %     %static.userplane.com/settings     %allow%   %always%%

Then I logged into myspace, and it changed right back to the original TTCSO text. I opened the macromedia website privacy settings page -again- and oddly enough, it still showed that I have userplane blocked, although the settings file had changed. Now I am unable to get the file back to the "deny" text. Went to privacy, changed to "ask," file didn't change. Went to privacy, changed back to "deny," file didn't change. This is all without having myspace open in any window, by the way. I could delete it and start over, or copy and paste the deny text, but the same thing would just happen again.


I don't know what purpose this "userplane" has for invading our computers, and I don't see any damage being done to mine. But what I do know is this - USERPLANE is creating files on my hard drive not only without my consent, but against my will. It is breaking through my firewall. It is overriding my macromedia security settings to give itself permissions that it has been explicitly denied. It is misrepresenting my security settings to hide its underhanded manipulation of them. It is prohibiting me from changing my security settings. To say I feel violated would be an understatement.

Sorry that this is so long and overly detailed. Hopefully the excessive detail will help us figure this out, or maybe it contains enough good keywords to get more angry googlers to join us in our quest.

*****

On a completely different topic: only allowing cookies from specific domains. I don't know if you can do that in other browsers, but I use Firefox, and that's exactly what I do. If you have Firefox, select options from the tools menu, click privacy at the top, un-check the box next to allow sites to set cookies, click the exceptions button, and add the domains that you want to allow. If you want everything else session-only, you can check the box, select until I close Firefox in the drop-down box, and set your exceptions. That wouldn't have helped you in this case though - userplane has never been in my "allow" list, so those miscreants must have found a sly way to get in.

I can empathize with your paranoia; I'm currently running McAfee, AntiVir and Avast for antivirus, with Spybot S&D and Ad-Aware for spyware/adware. Sometimes when I get really paranoid, I also use Kaspersky's online scanner.

But with devious threats like this out there, how could I not be paranoid?!

Argh. I've been messing with this for hours. This all-nighter is officially over. Take care and tempt not the fates.

Katie

Offline babyoh

  • Hero Member
  • *****
  • Posts: 1036
    • View Profile
Re: Blocking userplane.com
« Reply #22 on: June 19, 2006, 05:24:46 PM »
katie,
thanks alot for all the detail - i actually went through virtually the same thing, i just didn't post all the details as thoroughly (like opening the settings.sol cookie in notepad, etc).
 - suggestion for new userplane icon =  :sinking:
* a couple things:
YOU WROTE: "When you search for and delete all userplane files, also search for "presence" and delete the userplane files. You'll probably just get one hit, I got presence[1].swf, from http://cache.static.userplane.com/presence/m/presence.swf."
 - that's a URL address, NOT a data path (as in "C:\Documents and Settings\Katie\...")
did you accidentally mis-type it?
i'm curious, because i don't have any occurences of "presence" -- i might HAVE, at one time, but i don't currently.
note: i checked my notes, and i ORIGINALLY had THREE occurences of USERPLANE, that mysteriously turned into ONE.
THESE TWO DISAPPEARED: C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\statirc.userplane.com\presence\m\presence.swf\presence.sol
AND:
static.userplane.com
inside this directory:
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6AAULA58\presence\m\presence.swf\presence.sol
 :exorcize:
* did you click my link about persistent identification element?
right now, i come up "clean" when i search for "userplane" - but, i went through such hell getting to this point, i'm a little concerned it's "HIDING" on my drive under another name (which is how PIE works, to stop us from being able to delete cookies).
 - also, i completely agree this thing is NOT GOOD.  :Win73:
i had this experience as well:
"USERPLANE is creating files on my hard drive not only without my consent, but against my will. It is breaking through my firewall. It is overriding my macromedia security settings to give itself permissions that it has been explicitly denied. It is misrepresenting my security settings to hide its underhanded manipulation of them. It is prohibiting me from changing my security settings."
* more:
userplane has a 24 hour phone number, which i called. (i'll have to find it, to post.)
the tech told me a few things that didn't sound right at all, but he did say that the only way to disengage userplane functionality was to UNINSTALL FLASH.
THAT'S why i wondered if userpain... UM... i mean, userPLANE, has devised some FLASH tricks to make it extremely difficult or impossible to delete the settings.sol cookie.
 ***
BTW: it took a long time, but "userplane" no longer shows when i search my drive.
it DID show, after i'd set FLASH to ALERT ME re cookies, and after i'd blocked it in norton firewall.
and, it STILL showed, after i'd blocked it in norton for:
userplane.com
www.userplance.com
presense.userplane.com
02.presence.userplane.com

 :gwave:
i kept deleting it, and it kept coming back.
i eventually blocked it every conceivable way i could find -- in my browsers, in the firewall under under NETWORKING -  RESTRICTED DOMAINS, PRIVACY CONTROL - ADVANCED (GLOBAL, USER, and AD BLOCKING), AD BLOCKING - CONFIGURE - ADVANCED (which may duplicate the advanced setting above, i don't recall)...
* anyway: SOMEWHERE along the line, ONE of these things helped, since i was in your position for quite a while, and eventually did one thing, or a series of things, that finally blocked it. (OR... it's re-named itself courtesy of PIE, as it LURKING somewhere on my drive, and i can't SEE it...)
(NOTE: UserPAIN tried downloading itself from MySpace ONE MORE TIME, after i successfully (HOPEFULLY) blocked it.)
* at any rate, due to my experience, i'd suggest you check to see if there are other ways to block userplane in your router.
- the only way for me to tell PRECISELY what stopped it, is to UN-BLOCK it setting by setting, to see when it re-installs. BUT I HATE THIS THING, and don't want to go through that.
this is obviously different than regular cookie-blocking, since we've had the same experience.
...something with FLASH cookies enables co's to do "tricks" of some sort.
i'm going to try and find out more about PIE. it's whole purpose is to make it impossible (or, extremely difficult) for us to delete FLASH cookies, so i'm curious how they work their tricks...
katie: check your mailbox here -- MY MESSAGES -- i'm going to write you a letter