dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
1527
share rss forum feed

js339

join:2007-03-10
Vancouver, WA

[CenturyTel] https hijack and redirect to webhelper.centurylink.

I was trying to find out why my browser was being hijacked and redirected to webhelper.centurylink.com, and I came across an old topic from last year. The situation appears to be the same for me in that I cannot disable the redirection. In particular this very forum appears to be blocked by CenturyLink, and the redirection takes place even when I point my browser to https://secure.dslreports.com/ and I can validate the certificate successfully.

It appears that dslreports.com (like many sites) is not configured in such a way that it can be used solely over a secure connection, (because of internal links and redirects that happen to be referenced absolutely as http only.) I know there are ways to work around this on the client side, such as the EFF's "https-everywhere", but it would be nice if the admins could fix the forum so it is accessible via a secure connection without depending on content that is served insecurely.

This does not appear to me to be a DNS hijack, either, but a transparent interception and redirection of the actual tcp stream. Any other general advice to work around this, other than tor? (which I am already using, although it is a little slow for general browsing.)

Thank you.

js339

join:2007-03-10
Vancouver, WA

Re: [CenturyTel] https hijack and redirect to webhelper.centuryl

Let me add that I am also being hijacked and redirected from alibris.com to a webhelper.centurylink.com search page that lists Amazon.com as the first result. This is getting downright annoying. It is definitely not a DNS hijack, but a transparent web proxy hijack. Has anyone else been experiencing this, and what are the solutions?


billaustin
they call me Mr. Bill
Premium,MVM
join:2001-10-13
North Las Vegas, NV
kudos:5
Did either of you install software from CL? Check for add-ons in IE to disable.

Have you tried changing DNS to confirm that is not part of the issue?

I don't have issues with any of the links posted. I need to add that I use my own DNS servers, and have a static-IP Business account.

wvcaver
Premium
join:2005-04-17
Millersburg, OH
reply to js339
alibris.com is working here and I am using open dns

js339

join:2007-03-10
Vancouver, WA
reply to js339
Thanks for the replies, folks. I think I found out what the problem was, and I wanted to post it here mainly so I don't leave behind any false impressions.

I found out that /etc/resolv.conf on my PC had been configured to search some.domain.on.my.lan, so queries for some.domain.on.my.lan were leaking out on the internet, and there was still a bogus record for alibris.com.some.domain.on.my.lan cached on a DNS server on our LAN from before I opted out of the domain-not-found redirect to webhelper.centurylink.com.

I'm guessing that a lookup for https purposes may have skipped the domain search so that connection would have gone to the right place, but then I was immediately redirected to plaintext http, which fell for the bogus cached record.

So two lessons:

1.) It's probably best for security and other reasons not to let queries for some.domain.on.your.lan leak out on the internet.

2.) It's rather annoying not to be able to depend on a proper NXDOMAIN response from a nameserver. I shouldn't have to opt out of an advertising redirect in order for DNS to work correctly, (which as it turns out is my only real gripe against CenturyLink regarding this matter.)

Edit: @Bill Austin: I'm the same person. Sorry about the wording of the second post.