Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 09-21-2003, 08:20 AM   #1 (permalink)
Is mad at you.
 
Location: Bored in Sacramento
Evil redirect

I'm not sure what happened, but since yesterday when I try to go to google I get 1 of 2 things, I either get "Cannot find server" or it redirects me to www.google.com.org which is a domain registration site. I can't ping google, but I can ping other sites. I've run the latest version of Ad Aware and even a virus scanner. I'm wondering if anyone has any ideas. (running win 2000) This is on IE 6.
Harshaw is offline  
Old 09-21-2003, 12:52 PM   #2 (permalink)
Insane
 
Location: The Internet
Sounds like your upstream provider was hacked.

If someone were to change the local DNS server's parameters, it is possible for someone to redirect legit traffic to illegitimate sites.
__________________
rm -f /bin/laden
Sapper is offline  
Old 09-21-2003, 01:27 PM   #3 (permalink)
Crazy
 
Location: Pittsburgh, PA
Check your network settings to make sure that .org didn't get added to your domain search order as some kind of "always use" - or try going to the google site through its IP address - type http://216.239.51.99 in your browser (at least that's what my nameserver says its IP is) and see if that works. If so, then it is most likely a DNS problem.

Sapper might be right that your ISP or their provider is having DNS issues so maybe you should talk to them if that is the case.
__________________
We may lose, and we may win, but we will never be here again.
jfranco13 is offline  
Old 09-21-2003, 02:04 PM   #4 (permalink)
Is mad at you.
 
Location: Bored in Sacramento
Quote:
Originally posted by jfranco13
Check your network settings to make sure that .org didn't get added to your domain search order as some kind of "always use" - or try going to the google site through its IP address - type http://216.239.51.99 in your browser (at least that's what my nameserver says its IP is) and see if that works. If so, then it is most likely a DNS problem.

Sapper might be right that your ISP or their provider is having DNS issues so maybe you should talk to them if that is the case.

I tried going through the IP addy and was able to make it there. But I still can't get get out to any search engine. I get the same error when I try to search on Yahoo (because they use google) and when I try to go to Lycos, it sends me to lycos.com.org. I don't think it is anything server side, we have 5 other computers in my house and all of them can see Google.
Harshaw is offline  
Old 09-21-2003, 02:10 PM   #5 (permalink)
Crazy
 
Location: Pittsburgh, PA
Quote:
Originally posted by Harshaw
I tried going through the IP addy and was able to make it there. But I still can't get get out to any search engine. I get the same error when I try to search on Yahoo (because they use google) and when I try to go to Lycos, it sends me to lycos.com.org. I don't think it is anything server side, we have 5 other computers in my house and all of them can see Google.
That's one of the wierdest problems I've ever seen. I tried doing a search on both google and yahoo and neither of them had anything listed. I guess it is kind of ironic to try that but it's usually how I find solutions to wierd problems.

Maybe check your DNS servers on the affected machine and make sure they match up with the machines that are not affected? Does this happen in both IE and Netscape?
__________________
We may lose, and we may win, but we will never be here again.
jfranco13 is offline  
Old 09-21-2003, 02:14 PM   #6 (permalink)
Is mad at you.
 
Location: Bored in Sacramento
Quote:
Originally posted by jfranco13
Does this happen in both IE and Netscape?
Looks like it, when I try to go to Google from netscape, I get a can not connect to the server error.
How do I check my DNS server on this computer?
__________________
This too shall pass.
Harshaw is offline  
Old 09-21-2003, 02:34 PM   #7 (permalink)
Crazy
 
Location: Pittsburgh, PA
Quote:
Originally posted by Harshaw
Looks like it, when I try to go to Google from netscape, I get a can not connect to the server error.
How do I check my DNS server on this computer?
Depends on your OS.

In XP, go into Start, control panel, network connections (network and internet connections first, then network connections if you're not in classic mode)

then right-click your connection, go to properties, find TCP/IP in the list and double-click. DNS is listed in there (though it might say 'obtain automatically'

Then click advanced, go to the DNS tab and check again, also go to the WINS tab.

On any other Windows, you want to do the same thing, go into control panel, network, double click TCP/IP and look for the DNS and WINS tabs. Make sure this PC matches all your other ones.
__________________
We may lose, and we may win, but we will never be here again.
jfranco13 is offline  
Old 09-21-2003, 02:52 PM   #8 (permalink)
Is mad at you.
 
Location: Bored in Sacramento
Ok, I checked my DNS server numbers and everything matches up.


Its getting close to format the whole thing and start over time. But before I do that, any other ideas?
__________________
This too shall pass.
Harshaw is offline  
Old 09-21-2003, 03:01 PM   #9 (permalink)
Psycho
 
well you said you ran ad aware. I dunno if this will help, but since you're about to format i figure it's worth a try. try to scan your pc with Spybot: Search & Destroy, similar to ad aware but it sometimes finds things that ad aware doesnt. (I use both of them btw).

the link for spybot is: http://download.com.com/3000-2144-10...ml?tag=lst-0-1
Flesh is offline  
Old 09-21-2003, 03:45 PM   #10 (permalink)
Junkie
 
Location: Louisville, KY
Do you connect through a proxy? It could be something on their end.
__________________
You do not use a Macintosh, instead you use a Tandy
Kompressor break your glowstick, Kompressor eat your candy
Kompressor open jaws, Kompressor release ants
Kompressor watch you scream, Because Kompressor does not dance
Nefir is offline  
Old 09-21-2003, 03:56 PM   #11 (permalink)
Is mad at you.
 
Location: Bored in Sacramento
Ok, search and destory got me a little bit closer, it found some called SlawSelect (something close to that) it said it was redirecting me to 64.191.59.85 I have removed the spyware, but it is still happening.
__________________
This too shall pass.
Harshaw is offline  
Old 09-21-2003, 07:24 PM   #12 (permalink)
Psycho
 
Was google.com your homepage prior to the redirecting.

You can try two programs (CoolWebShredder and HijackThis) in the link below to possibly rid of your problem. Try CoolWebShredder first, then HijackThis)

http://www.spywareinfo.com/~merijn/

HijackThis

A general homepage hijackers detector and remover. Initially based on the article Hijacked!, but expanded with almost a dozen other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks (e.g. the forums) before deleting anything.

Currently at version 1.96

CoolWebShredder

A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D tends to forget essential parts of the hijack, so until it updates, you can just this to completely remove the hijack. Updated to remove the new variants once they come out.

Currently at version 1.12
HeyAgain is offline  
Old 09-21-2003, 11:43 PM   #13 (permalink)
Is mad at you.
 
Location: Bored in Sacramento
Ok, so my next step is to get a registy cleaner and clear the stuff out myself. Can anyone suggest a good registry cleaner for Win2000. If you could provide a link, that would be nice seeing as I can't search the internet anymore.
__________________
This too shall pass.
Harshaw is offline  
Old 09-22-2003, 01:47 AM   #14 (permalink)
Psycho
 
Location: Right here, right now.
HeyAgain, thanks heaps for the CoolWebShredder tip and link. I've been having problems with CoolWebSearch for a couple of weeks now. Hopefully no more!
__________________
Maybe you should put some shorts on or something, if you wanna keep fighting evil today.
OzOz is offline  
Old 09-22-2003, 03:42 PM   #15 (permalink)
Irresponsible
 
yotta's Avatar
 
Google, lycos, and yahoo are all hosted at akamai

[0]$ dig www.google.com

; <<>> DiG 9.2.1 <<>> www.google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8134
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 9, ADDITIONAL: 9

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 886 IN CNAME www.google.akadns.net.
www.google.akadns.net. 279 IN A 216.239.53.99

;; AUTHORITY SECTION:
akadns.net. 79766 IN NS zc.akadns.net.
akadns.net. 79766 IN NS zf.akadns.net.
akadns.net. 79766 IN NS zh.akadns.net.
akadns.net. 79766 IN NS ns1-93.akam.net.
akadns.net. 79766 IN NS ns1-159.akam.net.
akadns.net. 79766 IN NS use2.akam.net.
akadns.net. 79766 IN NS usw5.akam.net.
akadns.net. 79766 IN NS use4.akam.net.
akadns.net. 79766 IN NS asia3.akam.net.

;; ADDITIONAL SECTION:
zc.akadns.net. 79766 IN A 63.241.199.50
zf.akadns.net. 79766 IN A 63.215.198.79
zh.akadns.net. 79766 IN A 63.208.48.42
ns1-93.akam.net. 79766 IN A 193.108.91.93
ns1-159.akam.net. 79766 IN A 193.108.91.159
use2.akam.net. 79766 IN A 63.209.170.136
usw5.akam.net. 79766 IN A 63.241.73.214
use4.akam.net. 79766 IN A 80.67.67.182
asia3.akam.net. 79766 IN A 193.108.154.9

;; Query time: 37 msec
;; SERVER: 198.93.80.102#53(198.93.80.102)
;; WHEN: Mon Sep 22 16:40:49 2003
;; MSG SIZE rcvd: 403

[0]$ dig www.google.akadns.net @zc.akadns.net

; <<>> DiG 9.2.1 <<>> www.google.akadns.net @zc.akadns.net
;; global options: printcmd
;; connection timed out; no servers could be reached

zc.akadns.net is dead.

The problem is NOT yor computer. Your ISP's DNS server is not handeling the death of zc.akadns.net as it should
__________________
I am Jack's signature.
yotta is offline  
Old 09-23-2003, 09:33 AM   #16 (permalink)
Psycho
 
Hey Harshaw,

While searching through a computer forum for a solution to a video card problem I was encountering, I stumbled upon a question/problem similar to yours. The solution was using the CoolWebShredder program that I suggested early.

Give the program a try and see what happens.
HeyAgain is offline  
Old 09-23-2003, 11:34 AM   #17 (permalink)
Is mad at you.
 
Location: Bored in Sacramento
The end, I hope.

Ok, so this is a weird ending to a weird problem. Just for fun, I tried to go to Google again today. I got a third message this time. This one asked me if I was trying to get to google, told me I had software on my computer keeping me from google and told me to delete anything with the word google from my hosts list.
I did that and I can browse google again.

Thanks for the input from everyone one this board.
__________________
This too shall pass.
Harshaw is offline  
Old 09-23-2003, 03:18 PM   #18 (permalink)
Crazy
 
Location: Pittsburgh, PA
If you want to read more about this, with a few possible solutions, I finally found something on the web about it:

http://www.experts-exchange.com/Oper..._20722100.html
__________________
We may lose, and we may win, but we will never be here again.
jfranco13 is offline  
Old 09-23-2003, 06:38 PM   #19 (permalink)
Insane
 
Location: SLC, UT
check your hosts file...in winxp it will be in C:\WINDOWS\system32\drivers\etc

just throw the hosts file into notepad and check for anything odd. i had a problem like this and my hosts file was full of janky mappings for websites
__________________
<Arcane> so if you banged 2000 chicks then at least one had a pen0r?
arcane is offline  
Old 09-24-2003, 04:14 PM   #20 (permalink)
MSD
The sky calls to us ...
 
MSD's Avatar
 
Super Moderator
Location: CT
Quote:
Introduction: The Real Threat of Disinformation Campaigns
In any war, the dissemination of propaganda and the use of disinformation are just as effective as the destruction or disruption of an enemy's infrastructure.

Disinformation campaigns, such as spreading false rumors electronically that are picked up by the media as true, cracking into news servers to plant false or misleading stories, or entering false or misleading information in databases, are tactics that can be used by cyberterrorists to undermine the effectiveness of organizations relying on that information.

One effective method to accomplish this spread of disinformation is DNS poisoning (also called DNS spoofing). This tactic consists of convincing a name server that a domain has a different IP address. A close cousin is domain hijacking, which involves stealing a domain at the registrar level.
http://www.informit.com/content/inde...A562B8B96A5%7D

Basically, a piecse of malicious software can redirect your browser to an address different from the one that matches the url you typed. A more complicated method is to hack the DNS server itself and replace the IP address of the site you want to one of the hacker's choice. The result is that the hacker's IP address is returned as a match for the URL that you want.
MSD is offline  
 

Tags
evil, redirect


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 04:18 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360