dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
8517

catahoula7
Catahoula
join:2002-12-30

catahoula7

Member

More on VeriSign

On Monday, VeriSign began to redirect domain lookups for misspelled or nonexistent names to its own site, a process that has confused Internet e-mail utilities and drawn angry denunciations of the company's business practices from frustrated network administrators.
[..]

the Internet Research Task Force, said some spam blockers are being thrown for a loop, because the computer that VeriSign uses to respond to misspelled or nonexistent domains is misconfigured.
[..]
In an unusual kind of grassroots movement, some network administrators have begun to invent and launch technical countermeasures against VeriSign.

full article@ »news.com.com/2100-1032-5 ··· 530.html
kpatz
MY HEAD A SPLODE
Premium Member
join:2003-06-13
Manchester, NH

kpatz

Premium Member

I blocked the offending IP, incoming and outgoing, on my firewall. Now mistyped domains get a "page cannot be displayed" message, just like they're supposed to.

Next step will be a patched BIND, when it's ready.
LowWaterMark
Premium Member
join:2002-05-16
Wallingford, CT

LowWaterMark to catahoula7

Premium Member

to catahoula7
Well, it's easy enough to block their site finder using the Hosts file in order to get back to more or less normal browser functionality.

127.0.0.1 sitefinder.verisign.com # Block Verisign SiteFinder

hpguru
Curb Your Dogma
Premium Member
join:2002-04-12

hpguru to catahoula7

Premium Member

to catahoula7
Since DNS is returning the sitefinder IP for misspelled and unassigned hostsnames then hosts blocking won't be effective. You'll have to block it at the firewall.

MrChuckles8
Say What?
Premium Member
join:2000-11-19
Westminster, MD

MrChuckles8

Premium Member

said by hpguru:
Since DNS is returning the sitefinder IP for misspelled and unassigned hostsnames then hosts blocking won't be effective. You'll have to block it at the firewall.

It's working for me in hosts file... exactly as LowWaterMark See Profile posted it.

When a bad address is typed in, I see a "No website configured at this address"

hpguru
Curb Your Dogma
Premium Member
join:2002-04-12

hpguru to catahoula7

Premium Member

to catahoula7
It isn't working here. What hostname did you type?

MrChuckles8
Say What?
Premium Member
join:2000-11-19
Westminster, MD

MrChuckles8

Premium Member

Exactly as LowWaterMark See Profile posted:

127.0.0.1 sitefinder.verisign.com # Block Verisign SiteFinder

I actually copied/pasted it directly from here in to my hosts file.

hpguru
Curb Your Dogma
Premium Member
join:2002-04-12

hpguru to catahoula7

Premium Member

to catahoula7
Sorry. I meant which misspelled host. If a meta refresh or 302 redirect is being used then hosts blocking will work but so far none of the misspelled or non-existant hosts I've typed have taken me to verisign.
LowWaterMark
Premium Member
join:2002-05-16
Wallingford, CT

LowWaterMark to catahoula7

Premium Member

to catahoula7
Host file entry works fine on this one: »www.hsdjsckjsjktgdfw.com/

Edit: I understand what you are saying regarding the DNS entry resolution, but it does work for me as far as IE seeing an error page instead of the Versign page at that named location.
[text was edited by author 2003-09-16 20:47:14]

catahoula7
Catahoula
join:2002-12-30

catahoula7

Member


Is anyone having trouble with spam blockers?

hpguru
Curb Your Dogma
Premium Member
join:2002-04-12

hpguru to catahoula7

Premium Member

to catahoula7
Here's what I get with that. Btw I'm not doing any blocking yet.

+++GET 326+++
GET / HTTP/1.1
Accept: */*
Referer: »/forum ··· ((snip))
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0((snip))
Host: www.hsdjsckjsjktgdfw.com
Pragma: no-cache
Connection: keep-alive
** 326 Socket Error 10060 for connect() **
+++CLOSE 326+++

Do you suppose my ISP has already blocked it?

phriday613
Your Avatar Is Nice... For Me To Poop On
Premium Member
join:2002-02-06
Eastchester, NY

phriday613 to catahoula7

Premium Member

to catahoula7
any way to add it to MS DNS??

hpguru
Curb Your Dogma
Premium Member
join:2002-04-12

1 recommendation

hpguru to catahoula7

Premium Member

to catahoula7
I hadn't intended to but I just updated the hosts file and added sitefinder.verisign.com in the hope it will benefit others. Still not working for me though.

It can be downloaded here without having to register or login.
Reverend Ike
Premium Member
join:2001-08-24
Sacramento, CA

Reverend Ike to catahoula7

Premium Member

to catahoula7

Same result as LowWaterMark here.

Typing in the nonsense URL hxxp://www.qwertasdfgzxcvb.com initially redirects the page to:

hxxp://sitefinder.verisign.com/lpc?url=www.qwertasdfgzxcvb.com&host=www.qwertasdfgzxcvb.com

After adding sitefinder.verisign.com to my Hosts file, the same nonsense URL returns a "The page cannot be displayed" standard error page.
BlitzenZeus
Burnt Out Cynic
Premium Member
join:2000-01-13

BlitzenZeus to catahoula7

Premium Member

to catahoula7
I hope all companies will not renew any certificates with Verisign, this is a horrible business practice to say the least.

R2
R Not
MVM
join:2000-09-18
Long Beach, CA

R2 to catahoula7

MVM

to catahoula7
For some reason, I enter www.fjdosioeriekejkre.com in my address bar and I am taken to my usual Google Search page.

Is this still a Hijack, or has it already been 'fixed'???

hpguru
Curb Your Dogma
Premium Member
join:2002-04-12

hpguru to catahoula7

Premium Member

to catahoula7
You may be correct. Rev Ike's url took me to Google. Even so, I intend to leave Verisign's spammy looking site in the hosts file for a while.
LowWaterMark
Premium Member
join:2002-05-16
Wallingford, CT

LowWaterMark to catahoula7

Premium Member

to catahoula7
Hey R2, did ya ever think that www.fjdosioeriekejkre.com is a legitimate website? Hmm? (You don't speak Finnish?)

(Well, no, it's not a real website, but, didn't you ever think it might be? )
OZO
Premium Member
join:2003-01-17

OZO to catahoula7

Premium Member

to catahoula7
Guys, try "ping hostname". Here is mine result after adding recommended lines into "hosts" file:
C:\>ping www.fjdosioeriekejkre.com

Pinging www.fjdosioeriekejkre.com [64.94.110.11] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 64.94.110.11:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
BlitzenZeus
Burnt Out Cynic
Premium Member
join:2000-01-13


1 recommendation

BlitzenZeus

Premium Member

Good point, even with sitefinder.verisign.com [12.158.80.10] prevented, sites which don't have a dns registry will appear as 64.94.110.11 which really is sitefinder-idn.verisign.com [64.94.110.11].

This is illegal, pure, and simple.

Now two entries for the hosts file:
127.0.0.1 sitefinder.verisign.com #Block Verisign SiteFinder
127.0.0.1 sitefinder-idn.verisign.com #Block Verisgn SiteFinder

I have also blocked 12.158.80.10, and 64.94.110.11 from any inbound or outbound connections in my firewall. Its so nice to see the normal response of the site doesn't exist.

TheGiant
Sup
join:2001-03-28
Tipp City, OH

TheGiant to catahoula7

Member

to catahoula7
I have do not search from the address bar on and get "page cannot be displayed" with or without the host file settings.
OZO
Premium Member
join:2003-01-17

OZO to BlitzenZeus

Premium Member

to BlitzenZeus
said by BlitzenZeus:
This is illegal, pure, and simple.
I totally share your feeling here - they act like they own the major part of the Internet (com & net). It's unbelievable...

With modified "hosts" file we still send all e-mails to verisign by default. All your name resolution requests (when you'll try to check for existence) will end up with this cloaca - "sitefinder.verisign.com", that will collect all the data...
Reverend Ike
Premium Member
join:2001-08-24
Sacramento, CA

Reverend Ike to TheGiant

Premium Member

to TheGiant
said by TheGiant:
I have do not search from the address bar on and get "page cannot be displayed" with or without the host file settings.
I don't think the Verisign DNS hijack would affect everyone's searches from the Address Bar - those searches should depend partly on the browser settings, and whether prefixes (www) and suffixes (com, net) are automatically tried if only a keyword is entered.

In my case, if I enter qweqweasdfgzxcvb in my Address Bar, I am directed to MSN Search (who has apparently stolen my autosearch setting from Google again).

But if I enter www.qweqweasdfgzxcvb.com in my Address Bar, I am directed to the Verisign webpage, unless I have it blocked in my Hosts files ...

Khaine
join:2003-03-03
Australia

Khaine to catahoula7

Member

to catahoula7
I hope somebody will do something about this, this practice is just so wrong. I don't even understand how this helps verisign at all.

Sigh whats the net coming to

I wonder how many people it would take, asking for websites that don't exist, at the same time to take down their server ???
Reverend Ike
Premium Member
join:2001-08-24
Sacramento, CA

Reverend Ike

Premium Member

said by Khaine:
I wonder how many people it would take, asking for websites that don't exist, at the same time to take down their server ???
That website already seems to load very slowly. It would be humorous if Verisign's brainless marketing idea DoS-ed their own server ...
BlitzenZeus
Burnt Out Cynic
Premium Member
join:2000-01-13

BlitzenZeus

Premium Member

I wonder how many times in a 24-hour period one computer can use a script to access random sites which would bog down the server, and then run that script on many more computers? Its not a dos attack as its their fault they want to redirect traffic to their server...

If they want to redirect traffic like this, lets give them all the traffic their servers can handle.

Edit: Seems someone beat me to this idea

Nam Vet4
Premium Member
join:2001-12-03
Allentown, PA

Nam Vet4 to TheGiant

Premium Member

to TheGiant
at this time (618 am) when i type "dsireports.com"
I am being redirected to
ht tp://is.netster.com/Index.asp?

when I type dslreporta.com
I get sitefinder

poiwv
join:2002-06-07
Belington, WV

poiwv to catahoula7

Member

to catahoula7
NamVet.....

Doing a little lookup on dsireports.com leads to it being a registered name and parked at 208.38.61.25, which looks to be a main netster "hive"....btw there are 70181 websites hosted on that server.

Where as doing a lookup for dslreporta.com shows it as being inactive or not assigned.

Now for a little weirdness of my own.

For these sites that aren't assigned (like dslreporta.com) I get an "THIS OPERATION HAS TIMED OUT" error in Firebird & Mozilla, Sitefinder in Opera and Amaya, Google in IE (yes I changed the addressbar search to Google). Before adding the HOSTS entries and blocking at the firewall.....

And afterward they all return the normal not found......except IE which still goes to Google (like it should with the way I have it set up --autosearch on).

Nam Vet4
Premium Member
join:2001-12-03
Allentown, PA

Nam Vet4

Premium Member

yea I noticed that (see the edit in my last post)
just my luck to misspell "dslreports"
and pick something thats registered.
Bobcat79
Premium Member
join:2001-02-04

1 recommendation

Bobcat79 to catahoula7

Premium Member

to catahoula7
Be sure to visit the poll at »www.forbes.com/2003/05/0 ··· oll.html and tell them what you think of Verisign's CEO!