Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Redirect/ or Hack


  • Please log in to reply
3 replies to this topic

#1 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:49 PM

Posted 03 November 2010 - 06:27 PM

I am not sure you would call this a hack or not. Here is what happened.
Yesterday morning while on the internet using Ubuntu, I clicked on the link for BC in my
bookmarks toolbar and I saw what you see in the link below. I did notice a severe slowing
of internet speed, too. I played around a bit more trying to reach BC thru Google and every
thing I clicked on took me to the same site.
I rebooted into Windows 7 to confirm my suspicion of BC being hacked. Sure enough, clicking
on my links for BC in both Firefox and IE took to the same site as the Ubuntu links did.
I also thought it possible that my ISP could be involved in the hack somehow due to the drop in
internet speed. But toss in the fact that only BC was being misdirected/ hacked I sort of dismissed
that.
This morning I was able to look at some cached pages of BC in Google and saw that BC was not hacked.
DNS. Yep, I remembered from some article or forum that you could flush Firefox's DNS by just selecting to
work offline and then going back to working online. IT WORKED! In both Ubuntu and Win7.

One reason for posting this is I am curious as to why ONLY BC was affected.
I haven't spoken to my ISP. Might do that as they are only 3 miles up the road and I know the boss. Just to
find out if they were aware of this happening to others or not. Probably should mention I am on cable and
wire connected to only a modem. No router. No wireless.

Here is a link to a partial screen shot of my desktop on Ubuntu before flushing the DNS.
http://i77.photobucket.com/albums/j71/buddy215/BCandinfocom.png

You can see where I was being misdirected to in the address bar....Searchportal.information.com
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

BC AdBot (Login to Remove)

 


#2 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:07:49 PM

Posted 04 November 2010 - 02:03 PM

I have observed BleepingComputer.com to be down sometime in past few days. If in that period you try to open it, then your DNS server nay redirect you to their custom page. I think that is what happened to you.
Try opening a non-existent domain like www.idonotexistyet.com

#3 buddy215

buddy215
  • Topic Starter

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:49 PM

Posted 04 November 2010 - 03:22 PM

Thanks for the reply.
I just tried that. Got: Server not found

Firefox can't find the server at www.idonotexistyet.com.

So I am not being redirected to that crap now.
The site I was taken to is loaded with malware links and probably "driveby" installs of malware.
NoScript likely blocked that. One of the servers it blocked is a well known malware purveyor.
I think I will just chalk this up as a one time event. At least I will know to clear the DNS
before attempting to contact the site again.

I'm also glad BC wasn't hacked. Just one other thought...what are the chances that the server or
new software BC is now using is the cause? I would guess very slim to none since it appears I am the only one
reporting this event.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:49 PM

Posted 04 November 2010 - 04:24 PM

The case of something happening like that on this site are very slim we have a great forum software and also have a wonderful admin that is administering the site to keep the site up to security snuf. We run our own malware removal training school and I doubt that all of the teachers will let this site be taken over. :thumbsup:
sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users