Tilted Forum Project Discussion Community - Does VeriSign's Site Finder hijack IE?

- Tilted Technology (https://thetfp.com/tfp/tilted-technology/)

- - Does VeriSign's Site Finder hijack IE? (https://thetfp.com/tfp/tilted-technology/29064-does-verisigns-site-finder-hijack-ie.html)

Does VeriSign's Site Finder hijack IE?

I have IE6 configured to use Yahoo as a search engine. If I type in a search term into the IE address bar it will give me Yahoo results.

When I type in a misspelled domain name, IE is now displaying a page from VeriSign saying there is "no web site at that address" with suggestions for the correct URL.

Why and how am I being redirected to VeriSign during the name resolution process? It's not configured in my IE. If I type in a completely non-existent domain name it'll just give me the IE error page.

The site I'm trying to reach isn't even hosted with VeriSign.

Any thoughts?

http://slashdot.org/article.pl?sid=0...tid=187&tid=95

Quote:

<a href="mailto:harald@paulsen.no">Harald Paulsen</a> writes "In a recent article <a href="http://www.cbronline.com/">Computer Business Review</a> uncovers how <a href="http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b">VeriSign Inc is testing a service</a> that would return a webpage if a user mistypes an URL. Basically all nonexistant domain queries could return an IP address and if the user was trying to access a page with a webbrowser they could get redirected to a search-engine, or worse: a page asking them to buy a domain. This is most certainly breaking the DNS standard and could be compared to cybersquatting (Hey Ford, want to have a banner ad whenever someone mistypes Toyota?). This is interesting in relation to <a href="http://slashdot.org/article.pl?sid=03/09/10/0142259&tid=123">an earlier story</a> about register.com and holding-pages."

Some other appropriate links:

http://slashdot.org/article.pl?sid=0...&tid=98&tid=99
http://slashdot.org/article.pl?sid=0...tid=126&tid=95
http://slashdot.org/article.pl?sid=0...&tid=95&tid=99
http://slashdot.org/article.pl?sid=0...&tid=95&tid=99
http://yro.slashdot.org/article.pl?s...tid=126&tid=95
http://slashdot.org/article.pl?sid=0...&tid=95&tid=99
http://yro.slashdot.org/article.pl?s...&tid=98&tid=99

I thought when I installed some software it changed some settings to do that.

Their "service" as they call it pretty annoying. And I hope that the $100 Million lawsuit against them will get them to remove that "service."

And thank you for the links SecretMethod70

hmmm...what the hell. I'm at school so I don't know what our ISP is, but I never used to get the sitefinder thing when I got 404 errors and now today I have started. Anyone know of a way to get rid of this or at least figure out why it JUST started with me?

I read an article as well but didn't realize it was going to be so pervasive.

We're going to be bombarded everywhere by advertising! Man, I long for the old days... ;)

Yes, there is a way to circumvent site-finder. It requires that you run your own nameserver instead of using your ISP's.

Download the latest version of bind9 and install. Add this to your named.conf:

zone "com" { type delegation-only; };
zone "net" { type delegation-only; };

... If you do not have a UNIX machine on your network that can perform this function, I urge you to pressure your ISP to apply the wildcard-blocking patch to BIND. What VeriSign has done is irresponsible, greedy and damaging to the Internet community. It is only by applying pressure in the right places that we can make them reverse their decision. Don't wait for someone else to do it. :)

I hated this same problem. Istalled the new version of Tweak XP and found something lovely. They have a pop-up blocker and an ad-blocker that basically hides all third-party marketing on webpages. Not only is it nifty but it speeds up browsing...

Thanks for the suggestions about BIND - I'll check into it.

the company i buy my domain name through is currently sueing verisign about this.

got a email like a week ago, luckily i've never been affected by thier evil ways yet.

PHP Code:


		
			
Dear Valued Go Daddy Customer,



Have you ever needed to ask for directions while you were driving? 

Let's say you stopped to ask a trusted authority, like a police officer.

You'd expect that officer to be honest, right? Wouldn't you expect him or 

her to provide you a safe, direct route to where you needed to go? I sure would.



But what if that officer instead misdirected you to a shopping mall?

A shopping mall, it turns out, that actually paid the officer for every sale that resulted?



That would be an abuse of the police officer's authority. 

It would be capitalizing on your misfortune.



We believe that's what VeriSign is doing with its "Site Finder" marketing scheme. 

We believe that it is once again abusing the power to oversee all .com and .net domains 

it was granted by the U.S. government.



Go Daddy is now suing in federal court to stop them.



Here's how VeriSign's scheme can affect you: 

It will misdirect you from your intended destination and even mislead you about its status. 

If you type any .com or .net address into your browser that isn't already registered, 

VeriSign hijacks you — and sends you to an advertising page that they own. This can occur 

even when you type in a site that is registered, but is not displaying temporarily.



Used to be, if you made a mistake in typing an address – which is the usual reason for not

finding a site – you would see either a "404" error page, or a help page that your browser 

would generate. Now though, VeriSign has hijacked this entire process and puts up a paid-advertising 

page, the so-called Site Finder.



It will cost you money. Advertisers pay VeriSign to position links to their services 

that look similar to the misspelled address. And that means you may well find your way 

to a competitor, rather than to your intended destination. Simply navigating on the Internet 

will be more frustrating and more expensive for consumers. Companies will be forced to purchase 

every imaginable misspelling of their names to prevent their customers from being hijacked 

by Site Finder, and the cost will be passed on to you. To VeriSign, of course, these forced

domain registrations just mean more revenue.



It will mean more spam headed for your inbox. Internet Service Providers (ISPs) across 

the globe have committed valuable time and resources to developing systems that prevent 

spam from reaching your mailbox. One of the more successful methods checks to see whether 

the domain name of the inbound email resolves to an actual Web site. If it doesn't, that

means the domain is fake, so your ISP doesn't let it through. Now, though, spammers can 

use any phony domains they want, because all fake domains will "resolve" to the Site Finder page!



We're asking a Federal judge to issue a preliminary injunction that will halt this. 

If you feel, as we do, that VeriSign is once again inappropriately capitalizing on its 

position of authority, we urge you to email VeriSign and ICANN and let them know

Ignore the odd highlighting of words, i chosed to use PHP and not CODE, since they changed the way [ code ] looks , it takes up waaay much room. its also pretty hard to read.