Slow loading using W10 browsers on network with no internet access - cdn timeout

We recently moved student computers to a subnet on router that has no internet access. We immediately noticed delays loading Kolibri with W10 computers using either Firefox or Chrome - same delay.

Android devices or Ubuntu machines on this same subnet with no internet access load Kolibri quickly as normal.

We again tried subnet that has internet access on same router, same Kolibri server and the W10 machines load Kolibri quickly as normal.

This lead me to use Chrome console and it appears the problem is a timeout of the browsers looking to cdn.optic.com for a javascript.

Below is the log Chrome console on a W10 laptop while experiencing the delay in loading Kolibri on a network with no internet access.

jquery.min.js:1 Failed to load resource: net::ERR_CONNECTION_TIMED_OUT
pluginMediator.js:122 Kolibri Modules: kolibri.plugins.user.app registered

The jquery.min.js is being looked for at
https://cdn.optitc.com/jquery.min.js?u=default&f=2&s=500,400,50,50
which is causing the long delay and then after the timeout Kolibri loads

We are running Kolibri 0.13.0 on Ubuntu VM in Proxmox pve.

I am unsure how to properly word my question and search on Google for possible solution. And since this is what I am experiencing with Kolibri I thought I would try to ask my question here.

Anyone know of possible solution to avoid the CDN timeout in Firefox and Chrome in W10?

Hi there - we do not have any CDN hosted files loaded in Kolibri, so I am very sure that this is not being caused by Kolibri itself. I think the most likely explanation is that there is a malicious browser extension on these machines that is making this request.

A similar experience is described here, with one possible path to remedy: https://www.bleepingcomputer.com/forums/t/664315/cant-find-source-of-this-javascript-malware/

Thank you for the confirmation that this problem was not coming from Kolibri.

I investigated the link that was timing out at urlscan.io and the verdict was unknown.

I tried malwarebytes software in both regular and safe mode which did find a couple of problems that were removed – but the problem remained.

I then did a refresh of both Firefox and Chrome on several computers and the problem is gone.

Chrome refresh = Settings > Advanced > Reset and clean up > Restore settings to their original defaults

Firefox refresh = in address bar go to about:support then click on Refresh Firefox button

Thank you for the help and motivation to find a solution.

Have restarted the computers and also cycled power and problem is still gone.

Dear @mrdavidhaag

Glad that you found the solution, sorry to hear that it seems very likely to be spyware/malware in your browsers. And thanks for reaching out and sharing this valuable experience.

I wanted to ask, in case it’s helpful for you and others:

  1. Do you use antivirus or did you try to scan the computer with such?
  2. Was the same issue present for sure on both Chrome and Firefox?
  3. Were the browsers installed by you or shipped by the producer of the computer (OEM)?
  4. Does the issue come back after rebooting / using the computer for some time? In case you were seeing the same spyware on two browsers, it was likely placed there?

In case the issue comes back, make sure to get a list of active browser extensions.

Good luck!
Ben

Hello Benjamin,
Yes, spyware/malware seems to be the culprit. Below are answers.

  1. We do not use any antivirus software, as we have not found any antivirus programs that are capable of effectively capturing odd viruses that are predominant in SE Asia. Many of the antivirus programs that are written specifically for SE Asia are the source of more viruses than they actually block. The most effective solution we have found is to use a reboot-to-restore solution like Time Freeze, Reboot to Restore, Clean Slate, Steadier State and others. That way if a computer is infected a simple reboot and all is well again.

Another equally effective solution is to use Ubuntu or the Zorin flavor of Ubuntu. Unfortunately these computers were not protected with reboot-to-restore solution.

  1. Yes, the same issue existed for both Chrome and Firefox

  2. Browsers were installed by us.

  3. The issue did come back on one unit which then was put in “safe mode” boot and run Malwarebytes again which found a perhaps trickier Trojan.

The source of Malware is uncertain but one possible source may be Flashcards by w3schools.com. The same exact troublesome web address appears to be in their code. Image from quizlet.com returned in Google search for the bad link.

flashcards

We had installed the Flashcards program (app) on computers at one time and then deleted the app (extension) after poor performance. The app seemed to hang around a long time and kept appearing like it was installed in the browser showing errors, but in fact it was already uninstalled.

So far with rebooting and having the computers on the internet as well, the problem has not come back.

We will make sure to get all of the computers on a reboot-to-restore solution.

Since the introduction of Kolibri at the ObAnggen School, the number of computers has grown substantially. A lot of the students are preferring to load Zorin, as it makes their experience with Kolibri quicker in their opinion.

A big thanks to Learning Equality for job well done. The improvements in 0.13.0 are substantial time savers for administrators, especially the task manager for content management.

Looking forward to seeing what 2020 and beyond will bring.

Kind regards,
David