Incidents
Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition Jan 22 2008 09:00PM
Stephen John Smoogen (smooge gmail com) (2 replies)
On Jan 22, 2008 1:19 PM, Alfonso Valdes Carrales <ponchovaldes (at) gmail (dot) com [email concealed]> wrote:
>
>
> 2008/1/22, Stephen John Smoogen <smooge (at) gmail (dot) com [email concealed]>:
> > On 22 Jan 2008 00:55:30 -0000, <ponchovaldes (at) gmail (dot) com [email concealed]> wrote:
> > > Hello guys, we have a social network that is getting stronger, but we
> are having an issue.
> > >
> > >
> > > And the issue is that Sometimes... our page redirects to another Portal,
> actually the page that redirects is our first competition,here in Latino
> America, i know that they are causing that kind of mess.. so we thought in
> this.
> > >
> > >
> > > - We know that our DNS server is ok, and havent been compromised,
> > >
> > > - DNS cache poisoning
> > >
> > > - Malware ?
> > >
> > > - some kind of virus that the guys(bad) made. ( the other portal -
> social network-)
> > >
> >
> > You have provided too little information for anyone to really help.
> > 1) What is your website's architecture?
> > A) What kind of OS on the servers
> > B) What kind of software on the servers
> > C) Is it hosted on dedicated hardware or on a third party software
> > D) Do you use some sort of 3rd party software to get to your page (eg
> > you rely on a company to send customers to your page.)
>
> One box virtualized with XEN that has centos, the website virtualized
> (apache), db(mysql) and the mailserver have DEBIAN also virtualized .
> (dedicated hardware that each sservice is separated in one virtual server
> but consolidated)
>
> The DNS server is out side, another dedicated server using BIND9 - not
> using any kind of third party software
>
>
>
> > 2) What do you mean by redirect. In small steps explain how a user
> > normally gets to and sees your site and what happens when it doesnt
> > work
>
>
> User wants to access: www.unibicate.com AND sometimes... maybe the 10%
> of the times if you type www.unibicate.com and hit ENTER, it redirects or
> goes to the page of sonico.com (this is another social network). Of
> course sonico.com is causing this mess.
> If the page works fine, it just displays the page of unibicate and just log
> in.. as a normal Social network.
>

One thing I have learned is that in 99% of the cases the other company
is not the cause.. or "Do not blame to malice of your competitor when
there are 4 billion teenagers who think doing this sort of prank is
fun, interesting, cool, etc."

I can't get it to happen at this time from my area.. so I really don't
know what is going on.

--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

[ reply ]
Re: DNS CACHE POISONING? - Our Portal is redirecting to our firstcompetition Jan 22 2008 10:37PM
Graeme Fowler (G E Fowler lboro ac uk)


 

Privacy Statement
Copyright 2010, SecurityFocus