RE: DNS poisoning at Google?
Well as Jeremy pointed out, your site is issuing redirects, he gave you the command to show it: curl -e 'http://google.com' csulb.edu So if you're sure your server(s) haven't been hacked, your application appears to have been hacked. It only issues the redirect if the visitor comes in from a google search.
-----Original Message----- From: Matthew Black [mailto:Matthew.Black@csulb.edu] Sent: Wednesday, June 27, 2012 1:03 AM To: Michael J Wise Cc: nanog@nanog.org Subject: RE: DNS poisoning at Google?
Q:have you consulted the logs?
Seriously? Our servers have multiple log files due to multiple virtual hosts. Our primary domain log file on just one server has over 600,000 records x 3 servers.
Probably over 100,000 304 redirects in our logs.
couchtarts.com does not appear in our log files.
matthew black information technology services california state university, long beach
-----Original Message----- From: Michael J Wise [mailto:mjwise@kapu.net] Sent: Tuesday, June 26, 2012 9:56 PM To: Matthew Black Cc: nanog@nanog.org Subject: Re: DNS poisoning at Google?
On Jun 26, 2012, at 9:35 PM, Matthew Black wrote:
Yes, we've used the Google Webmaster Tools a lot today. Submitted multiple requests and they keep insisting that our site issues a redirect. Unable to duplicate the problem here.
... have you consulted the logs? If the redirect is there, it ... 1) might not be from the home page, and 2) could be in ... user content?
awk '{if ($9 ~ /304/) { print $0 }}' access_log. ... or some such. Granted, might be a storm of " " -> index.html redirects, but they should be grep -v 'able in short order. You might also look for the rDNS of the Google spider to see exactly where it is looking, and what it sees.
Aloha, Michael. -- "Please have your Internet License and Usenet Registration handy..."
Also shows a redirect if you use bing.com or yahoo.com (and probably others) but not, for instance, blah.com... Tnx Chris On Jun 27, 2012, at 1:13 AM, David Hubbard wrote:
Well as Jeremy pointed out, your site is issuing redirects, he gave you the command to show it:
curl -e 'http://google.com' csulb.edu
So if you're sure your server(s) haven't been hacked, your application appears to have been hacked. It only issues the redirect if the visitor comes in from a google search.
-----Original Message----- From: Matthew Black [mailto:Matthew.Black@csulb.edu] Sent: Wednesday, June 27, 2012 1:03 AM To: Michael J Wise Cc: nanog@nanog.org Subject: RE: DNS poisoning at Google?
Q:have you consulted the logs?
Seriously? Our servers have multiple log files due to multiple virtual hosts. Our primary domain log file on just one server has over 600,000 records x 3 servers.
Probably over 100,000 304 redirects in our logs.
couchtarts.com does not appear in our log files.
matthew black information technology services california state university, long beach
-----Original Message----- From: Michael J Wise [mailto:mjwise@kapu.net] Sent: Tuesday, June 26, 2012 9:56 PM To: Matthew Black Cc: nanog@nanog.org Subject: Re: DNS poisoning at Google?
On Jun 26, 2012, at 9:35 PM, Matthew Black wrote:
Yes, we've used the Google Webmaster Tools a lot today. Submitted multiple requests and they keep insisting that our site issues a redirect. Unable to duplicate the problem here.
... have you consulted the logs? If the redirect is there, it ... 1) might not be from the home page, and 2) could be in ... user content?
awk '{if ($9 ~ /304/) { print $0 }}' access_log. ... or some such. Granted, might be a storm of " " -> index.html redirects, but they should be grep -v 'able in short order. You might also look for the rDNS of the Google spider to see exactly where it is looking, and what it sees.
Aloha, Michael. -- "Please have your Internet License and Usenet Registration handy..."
--- Chris Griffin cgriffin@ufl.edu Sr. Network Engineer - CCNP Phone: (352) 273-1051 CNS - Network Services Fax: (352) 392-9440 University of Florida/FLR Gainesville, FL 32611
participants (2)
-
Chris Griffin
-
David Hubbard