Austin Godber said:
> Hold on ... I don't think that setting up your own DNS is going to
> really resolve your problem. It might speed up your DNS requests but
> its not going to solve your problem ....
>
> lets look at the output of your cat /etc/resolv.conf
>
> why does it say "search pmi.com" at the begining? If you go to pmi.com
> do you see the under construction page ... and if you type "google" into
> your URL bar (without the .com on the end) do you see the same page?
>
> This is because anytime you enter a bad hostname (without the domain
> part) the search line in resolv.conf tells it to try google.pmi.com ....
>
> so, remove that search line and you won't see that craziness anymore.
> How it got there is another matter ... do you use static IPs or DHCP ...
> if DHCP then that may have been given to you. If not ... somehow it
> got typed in there. Who owns the file, what are the permissions and
> when was it edited last? ls -l /etc/resolv.conf
>
> Anyway, take your favorite editor and remove that search line and you
> should be set ... or just type the whole name of the host.
Interesting.
Let's suppose that we assume DHCP from the ISP in this case. Someone
compromises the servers along the way such that this "search whatever.com"
gets put into the /etc/resolv.conf (or Windows equivalent file) for the
ISP's clients.
Bang, the targeted website now gets lots and lots of hits every time the
user types an incomplete or misspelled URL! An unethical web site owner
that could compromise a large ISP in such a way could drive hits to his
site way up!
Not saying that this is definately what is happening here but it is a
dasteredly thought.
Alan
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)