[86742] in North American Network Operators' Group
RE: paypal down!
daemon@ATHENA.MIT.EDU (Scott Morris)
Tue Nov 15 23:29:49 2005
Reply-To: <swm@emanon.com>
From: "Scott Morris" <swm@emanon.com>
To: "'Kevin Day'" <toasty@dragondata.com>,
"'Hannigan, Martin'" <hannigan@verisign.com>
Cc: <nanog@merit.edu>
Date: Tue, 15 Nov 2005 23:26:49 -0500
In-Reply-To: <1F80080E-9EC6-4C87-AB05-5843F1B4BDDF@dragondata.com>
Errors-To: owner-nanog@merit.edu
It appears they're really down. I just tried 'em, and the IP address that
comes back really does resolve to Ebay's holdings....
Or someone scammed a whole /19 to make the whole thing up, in which case I
have to hand it to 'em! Compromising one host is dandy, but a whole
netblock is pretty damned festive! (AS11643 is reporting it, which again
appears to be correct)
Perhaps it is what it is and they're having karma problems.
Scott
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Kevin Day
Sent: Tuesday, November 15, 2005 10:58 PM
To: Hannigan, Martin
Cc: nanog@merit.edu
Subject: Re: paypal down!
On Nov 15, 2005, at 9:45 PM, Hannigan, Martin wrote:
>>> www.paypal.com
>>>
>>> Internal Server Error
>>>
>>> The server encountered an internal error or misconfiguration and was
>>> unable to complete your request.
>>>
>>> Please contact the server administrator,
>> webmaster@paypal.com and inform
>>> them of the time the error occurred, and anything you might
>> have done
>>> that may have caused the error.
>>>
>>> More information about this error may be available in the
>> server error
>>> log.
>>
>> Works for me. Same BS splash advertising that always comes up. Damn
>> that is annoying.
>>
>
> Yes, but it *is* up. Same here. Probably one of the rotation web
> servers had
> an issue or something minor.
>
Or there's a chance that you've got a trojan/malware install on the
computer.
I had someone contact me the other day with a nearly identical
complaint, "Why have PayPal and eBay been down all day?" They were
alternately getting a 404 or 503 for those sites, but everything else
worked. Their hosts file had entries for ebay, google, a number of
banks, common phishing targets. Even more fun was when I deleted the
hosts file, after his next reboot it pulled an updated hosts file
with new working IPs from somewhere.
I'm guessing the malware phishers don't have a five-nines array of
redundant proxies yet. :)
