[154139] in North American Network Operators' Group
Re: DNS poisoning at Google?
daemon@ATHENA.MIT.EDU (Ishmael Rufus)
Wed Jun 27 00:13:05 2012
In-Reply-To: <CABgOHgv0xZpot5oHG7RtfCJRBfMCj15GxYHR_kdJtL_PDua9YQ@mail.gmail.com>
From: Ishmael Rufus <sakamura@gmail.com>
Date: Tue, 26 Jun 2012 23:12:07 -0500
To: Landon Stewart <lstewart@superb.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I am also getting the same issue when accessing his website.
On Tue, Jun 26, 2012 at 11:07 PM, Landon Stewart <lstewart@superb.net>wrote:
> Is it possible that some malicious software is listening and injecting a
> redirect on the wire? We've seen this before with a Windows machine being
> infected.
>
> On 26 June 2012 20:53, Matthew Black <Matthew.Black@csulb.edu> wrote:
>
> > Google Safe Browsing and Firefox have marked our website as containing
> > malware. They claim our home page returns no results, but redirects users
> > to another compromised website couchtarts.com.
> >
> > We have thoroughly examined our root .htaccess and httpd.conf files and
> > are not redirecting to the problem target site. No recent changes either.
> >
> > We ran some NSLOOKUPs against various public DNS servers and
> > intermittently get results that are NOT our servers.
> >
> > We believe the DNS servers used by Google's crawler have been poisoned.
> >
> > Can anyone shed some light on this?
> >
> > matthew black
> > information technology services
> > california state university, long beach
> > www.csulb.edu<http://www.csulb.edu>
> >
> >
>
>
> --
> Landon Stewart <LStewart@Superb.Net>
> Sr. Administrator
> Systems Engineering
> Superb Internet Corp - 888-354-6128 x 4199
> Web hosting and more "Ahead of the Rest": http://www.superbhosting.net
>
