Web sites getting redirected...wtf??


  #1  
Old 06-05-03, 09:14 AM
J
Member
Thread Starter
Join Date: Jul 2002
Location: corona Ca.
Posts: 471
Likes: 0
Received 0 Likes on 0 Posts
Web sites getting redirected...wtf??

I work for major telco long distance, we have a small lan inside this building, which connects to the bigger company Wan intranet.

Last week my co worker tried to go to his college web page, and it when he typed in the address, you here a click, and suddenly it was redirected to some porn or bs site, which arised in a FORBIDDEN RATING check from our firewall CRAP!

Well, today I was trying to go to ticketmaster.com on my computer and it redirected to ameteurvideos.com and I got firewall dung. What the hell is going on?? I detected no spyware on my computer, no rogue programs, I deleted all cookies and history. Is this happening corporate, or is someone hacking sites or into our network??
 
  #2  
Old 06-05-03, 01:21 PM
mudder
Visiting Guest
Posts: n/a
Web sites getting redirected

you have a homepage hijacker no biggy.If you dont have a program called spybot search and destroy then download it and run it. Caution though its a fairly encompassing tool. It will search out spyware diallers and highjackers and prompt you for action - fixing deletes them, although the program makes a backup of the files you delete you ,ay find that some less than above board programs that rely on these spyware components wont function without them.
 
  #3  
Old 06-05-03, 01:23 PM
MichaelJP
Visiting Guest
Posts: n/a
I would think you either have some software on the computer, or your network has been compromised.

It is possible to redirect traffic from one domain to another but I would think it would effect all traffic and not just you.

I would talk to you company's network administrator and see what he/she says.

Michael
 
  #4  
Old 06-05-03, 01:41 PM
magister
Visiting Guest
Posts: n/a
Micheal is right that your network admin probably would be the best source of info, but something I find curious is that neither of the addresses you mention could be considered work-related; So, if you aren't having a problem getting to sites which are obviously connected to your job, you may want to take this into consideration, especially if there is a written policy on the subject. Theoretically, your admin could be resolving addresses to a subset as a workaround; But, if you are also having trouble getting to work-related sites this would not be the case...

Peace Out;
R
 
  #5  
Old 06-05-03, 02:35 PM
S
Banned. Rule And/Or Policy Violation
Join Date: Nov 2002
Location: Atlanta, Ga
Posts: 2,691
Likes: 0
Received 0 Likes on 0 Posts
Sounds like it could also be a HOST file issue. You might want to take a look at your HOSTS file (found in windows\system32\drivers\etc) - depending on your network setup. If it's just affecting your computer, I would guess this is your problem. Something similar to a virus has hijacked this file. You can try running the S&D, but I'm not sure it will catch it. Can't hurt.

Good luck!
 
  #6  
Old 06-05-03, 06:42 PM
C
Member
Join Date: Nov 2001
Location: Taylors, SC
Posts: 9,483
Likes: 0
Received 0 Likes on 0 Posts
Sometimes you get hijacked when you misspell the name of a popular site.
 
  #7  
Old 06-05-03, 07:20 PM
marturo's Avatar
Member
Join Date: Jun 2001
Posts: 1,447
Likes: 0
Received 0 Likes on 0 Posts
Spyware that changes my personal PC settings.

Our #s of Browser Hijack attempts has increased from 0 to 3 or 4 a week. A Google search worth the read, don't be put off by how some people, have gotten very mad at these Companies.

http://www.google.com/search?q=lop.%2Bcom&num=100
 
  #8  
Old 06-06-03, 08:29 AM
J
Member
Thread Starter
Join Date: Jul 2002
Location: corona Ca.
Posts: 471
Likes: 0
Received 0 Likes on 0 Posts
Thanks for the info guys, This morning it seemed to work, interesting. WHile our internet policy is fairly loose, It isn't a work site, so I won't be contacting the network admin.

I am gonna try the spybot thing as well.
 
  #9  
Old 06-06-03, 09:58 AM
MichaelJP
Visiting Guest
Posts: n/a
Try http://www.parkswc.com

Near the bottom of the page is a parasite scanner.
It only works for IE though.

A parasite not a virus, it is a program that secretly installs
when you install other software. Most are for tracking and pop up ads but I suppose some could have that effect.

Michael
 
  #10  
Old 06-06-03, 10:11 AM
S
Banned. Rule And/Or Policy Violation
Join Date: Nov 2002
Location: Atlanta, Ga
Posts: 2,691
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by jthompson
Thanks for the info guys, This morning it seemed to work, interesting. WHile our internet policy is fairly loose, It isn't a work site, so I won't be contacting the network admin.

I am gonna try the spybot thing as well.
Well, work site or not, it's a network thing, your computer is on that network, technically the admin should know about it. What if you do have a hijacker of some sort? You don't want to spread it to other computers. It could also be a server issue, it may have nothing to do with your computer, just your network connections. I still think you should at least let the Admin know, so they know to be on the lookout for this kind of thing.
 
  #11  
Old 06-06-03, 10:32 AM
MichaelJP
Visiting Guest
Posts: n/a
SafeWatch is right.
If it is network then what effects you can effect others.
 
  #12  
Old 06-06-03, 02:42 PM
magister
Visiting Guest
Posts: n/a
Not trying to be contrary and of course, if it is a network thing or some kind of plague that is affecting your computer, you should tell somebody. One would assume that a major telco would have state-of-the-art technology and a link in this chain would certainly be the end-user, but...

What I see is that one day last week, a buddy had a problem getting to one specific site and on June 5th, the originator had a problem getting to another specific and individual site. And because it was apparently a one-day problem, I personally would lean back towards Chris' contribution and double-check the spelling of the url.

A quick search of whois.net specifying that the domain name should start with "ticketmas" revealed about a dozen squatters or hijackers who are appropriating traffic. True, a couple of misspellings along with some similar starts, minus the "c" are registered to USAI in an effort to thwart the villains, but several of the listed domains are registered to obvious bad-guys and others to a couple of companies in the far east.

For the sake of safety, you probably should report it because I would hate for someone to have left open a back door to get in and mess with the routing of telephone traffic, my phone bill, or the like. But, if it was truly a one-day phenomenon that seemed to affect only a single attempt at viewing an individual site; I'd check my spelling...

Peace Out;
R
 
 

Thread Tools
Search this Thread
 
Ask a Question
Question Title:
Description:
Your question will be posted in: