Web page redirect through Networks?
Results 1 to 9 of 9

Thread: Web page redirect through Networks?

  1. #1
    Junior Member
    Join Date
    Nov 2007
    Posts
    3

    Web page redirect through Networks?

    A web page/forum that I frequent numerous times at work gets redirected to an ad page that has links for other pet products.

    I've talked to others who frequent this page, and those who are on a network from school or work are also getting redirected.

    If we remove the 'www' from the url, occasionally we are able to get to the page, but not able to login.

    I've logged in on other machines on my work's network and get the same result. I also asked an IT person to login under their identity and the same thing happens.

    None of us have a problem when logging onto the site at home.

    Could our networks's DNS servers be affected?

    Please help by posting your opinions of what it could be. I'm worried that our network is compromised and that the IT folks aren't aware or don't have a clue of what to do.

    FB

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Sounds more like a b0rked hoster.. The hosting provider hosting that site that is..
    Maybe you can post the site here.. We'll have a look. If we get the same deal, you know enough..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Yes, it does sound rather like a problem at the hosting server, but it is strange that it doesn't happen from home. However just a few questions/things to try.

    1. Check your Hosts file to make sure that the redirect isn't there.
    2. Try connecting through a proxy.
    3. Does this happen with different browsers (IE, FF, Opera)?
    4. Is it time dependent? Like can someone connect from home OK during office/working hours?
    5. Try adding a redirect from the advert page to the page you want, in your Hosts file.

  4. #4
    Junior Member
    Join Date
    Nov 2007
    Posts
    3
    SirDice,
    The site is http://www.capitalcichlids.org. The link on the left, 'forum' is the only one affected. None of the other links take you to the ad.

    Nihil,
    I'll have to check your items when I get to work. (6am) Although, I have been home all day and have had no problems with interacting with the site whatsoever. no one else either.

    If you can't get the ad from the url provided, I'll post a screen shot of the ad and the source page for your review.

    Thanks,
    Franny

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by Franny
    SirDice,
    The site is http://www.capitalcichlids.org. The link on the left, 'forum' is the only one affected. None of the other links take you to the ad.
    The forum link is pointing to a webfolder on the same site so we can rule out any dns issues.

    Does the forum show (part of) the last postings if you login?
    Then it sounds like someone is injecting some XSS or a redirect on the board.
    Mods clean it, it goes away until it gets spammed again.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    It seems to work OK right now. It just took me to the Forum.

    I tried the direct forum link and the cached versions with the same results.......... no redirects.

    SirDice, they are using IPB 2.2.2 which does have XSS vulnerabilities if it hasn't been patched.

    EDIT: I got the same results with FF and IE7
    Last edited by nihil; November 13th, 2007 at 12:15 AM.

  7. #7
    Junior Member
    Join Date
    Nov 2007
    Posts
    3
    To me, it looks like the there's a sub-domain entry in our DNS record that's wonky. I have to figure some way to specify that all sub-domains (i.e. *.capitalcichlids.org) all refer to the same server, and thus website.

    It's also probable that our hosting company serves multiple websites on a single server, and uses some mechanism to determine which domains serves up which webpages on their server. I'll contact the hosting company and make sure that both capitalcichlids.org and www.capitalcichlids.org all point to the same webpage/account on their end. Google should pickup those changes.

    AND take care of those XSS vunerabilities.

    Thank you guys so much!

    Franny

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    You could use wireshark to grab the session on the computers that have this problem. You should then be able to see exactly what or who is causing the redirect. If it is DNS, it'll tell you which servers, etc. If it's XSS, you'll see the code.

    If you suspect your DNS servers, change from your internal DNS servers to your ISPs, or better yet, some DNS server that isn't on your company or ISP's network.

    I'm with sirdice on this though. I don't think it's dns either. Both the site and the forum are on the same server.
    Last edited by phishphreek; November 13th, 2007 at 06:47 PM.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by Franny
    To me, it looks like the there's a sub-domain entry in our DNS record that's wonky. I have to figure some way to specify that all sub-domains (i.e. *.capitalcichlids.org) all refer to the same server, and thus website.
    Forget DNS as it isn't the problem. The site is on http://www.capitalcichlids.org and the forum is on http://www.capitalcichlids.org/forum/. Both use www.capitalcichlids.org and doing so point to the same IP address. No DNS funny business possible. If it was DNS the front would have the same effect.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Similar Threads

  1. Customizing Back|Track....Need Some Help
    By earthrocker in forum Newbie Security Questions
    Replies: 7
    Last Post: August 5th, 2006, 04:43 PM
  2. Secure Spreadsheets
    By IcSilk in forum Newbie Security Questions
    Replies: 7
    Last Post: July 5th, 2004, 09:23 PM
  3. Create a web page with VB
    By \/IP3R in forum Other Tutorials Forum
    Replies: 10
    Last Post: March 18th, 2003, 07:54 AM
  4. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 09:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •