DNS poisoning at Google?
Chris Griffin
cgriffin at ufl.edu
Wed Jun 27 05:20:46 UTC 2012
Also shows a redirect if you use bing.com or yahoo.com (and probably others) but not, for instance, blah.com...
Tnx
Chris
On Jun 27, 2012, at 1:13 AM, David Hubbard wrote:
> Well as Jeremy pointed out, your site is issuing
> redirects, he gave you the command to show it:
>
> curl -e 'http://google.com' csulb.edu
>
> So if you're sure your server(s) haven't been hacked,
> your application appears to have been hacked. It only
> issues the redirect if the visitor comes in from a
> google search.
>
>
>
>
>> -----Original Message-----
>> From: Matthew Black [mailto:Matthew.Black at csulb.edu]
>> Sent: Wednesday, June 27, 2012 1:03 AM
>> To: Michael J Wise
>> Cc: nanog at nanog.org
>> Subject: RE: DNS poisoning at Google?
>>
>> Q:have you consulted the logs?
>>
>> Seriously? Our servers have multiple log files due to
>> multiple virtual hosts. Our primary domain log file on just
>> one server has over 600,000 records x 3 servers.
>>
>> Probably over 100,000 304 redirects in our logs.
>>
>> couchtarts.com does not appear in our log files.
>>
>>
>> matthew black
>> information technology services
>> california state university, long beach
>>
>> -----Original Message-----
>> From: Michael J Wise [mailto:mjwise at kapu.net]
>> Sent: Tuesday, June 26, 2012 9:56 PM
>> To: Matthew Black
>> Cc: nanog at nanog.org
>> Subject: Re: DNS poisoning at Google?
>>
>>
>> On Jun 26, 2012, at 9:35 PM, Matthew Black wrote:
>>
>>> Yes, we've used the Google Webmaster Tools a lot today.
>> Submitted multiple requests and they keep insisting that our
>> site issues a redirect. Unable to duplicate the problem here.
>>
>> ... have you consulted the logs?
>> If the redirect is there, it ... 1) might not be from the
>> home page, and 2) could be in ... user content?
>>
>> awk '{if ($9 ~ /304/) { print $0 }}' access_log.
>> ... or some such.
>> Granted, might be a storm of " " -> index.html redirects, but
>> they should be grep -v 'able in short order.
>> You might also look for the rDNS of the Google spider to see
>> exactly where it is looking, and what it sees.
>>
>> Aloha,
>> Michael.
>> --
>> "Please have your Internet License
>> and Usenet Registration handy..."
>>
>>
>>
>>
>>
>>
>
---
Chris Griffin cgriffin at ufl.edu
Sr. Network Engineer - CCNP Phone: (352) 273-1051
CNS - Network Services Fax: (352) 392-9440
University of Florida/FLR Gainesville, FL 32611
More information about the NANOG
mailing list