Browser redirects from each host on a corporate network?
November 20, 2004 9:18 AM Subscribe
I'm on a foreign network (traveling for work) and more than half the websites I try to load (any browser) end up at a dodgy looking place called 'Med Network' (viagra, etc). [little MI]
The address reads right but the site is always the same. I've heard of this sort of URL masking before, but this is the first time I've seen it in action. Is there a quick fix? I have run Spybot S&D, to no avail. Many thanks!
The address reads right but the site is always the same. I've heard of this sort of URL masking before, but this is the first time I've seen it in action. Is there a quick fix? I have run Spybot S&D, to no avail. Many thanks!
Spybot's a good tool, but redundancy can help. I'd also run Ad-Aware to make sure that you're not infected. (The "personal edition" is free.)
posted by Zonker at 9:35 AM on November 20, 2004
posted by Zonker at 9:35 AM on November 20, 2004
What type of network are you on? Hotel? Front desk should be able to tell you if the problem is yours of if they have had other complaints.
posted by stp123 at 9:41 AM on November 20, 2004
posted by stp123 at 9:41 AM on November 20, 2004
If it's on your computer, running some combination of SpybotSD, AdAware, and (especially) CWShredder should do the trick.
If it's on the network, man, I don't know.
Could you do something sneaky like using Google as a proxy? I've fortunately never had the opportunity to try that for a browser hijacking, but if you enter the URL you want to go to in Google Translate, and have The Goog translate it from German to English, it should be showing you a page from Google, not from the original URL. This handy little trick works for a lot of other things, not necessarily this though.
If Google is one of the blocked sites, try babelfish.altavista.com. If both are blocked, perhaps buy yourself a drink at the bar.
posted by Hildago at 9:48 AM on November 20, 2004
If it's on the network, man, I don't know.
Could you do something sneaky like using Google as a proxy? I've fortunately never had the opportunity to try that for a browser hijacking, but if you enter the URL you want to go to in Google Translate, and have The Goog translate it from German to English, it should be showing you a page from Google, not from the original URL. This handy little trick works for a lot of other things, not necessarily this though.
If Google is one of the blocked sites, try babelfish.altavista.com. If both are blocked, perhaps buy yourself a drink at the bar.
posted by Hildago at 9:48 AM on November 20, 2004
Sounds like you might have a nasty virus/worm/spamware that hacked your hosts file. I've seen it before, where going to google.com loaded up make-money-fast-through-search.com or some other such nonsense.
posted by mathowie at 9:55 AM on November 20, 2004
posted by mathowie at 9:55 AM on November 20, 2004
If the problem is something in the network rather than something on your machine, you might want to use anonymizer as a proxy.
http://anon.free.anonymizer.com/http://www.metafilter.com/
posted by rajbot at 9:57 AM on November 20, 2004
http://anon.free.anonymizer.com/http://www.metafilter.com/
posted by rajbot at 9:57 AM on November 20, 2004
Response by poster: Thanks peoples. I'm at the clients office and I'm pretty sure it's embedded in their network somwhere, since it happens on all the machines.
Google (and the translate page) and Lavasoft (and, on preview, the anonymizer) are all blocked. It seems to be learning, too... sites I could get to last night are now inaccessible. Mefi is still there, though!
I'll keep plugging away, and then, perhaps I will go to the bar. Cheers all!
posted by erebora at 10:03 AM on November 20, 2004
Google (and the translate page) and Lavasoft (and, on preview, the anonymizer) are all blocked. It seems to be learning, too... sites I could get to last night are now inaccessible. Mefi is still there, though!
I'll keep plugging away, and then, perhaps I will go to the bar. Cheers all!
posted by erebora at 10:03 AM on November 20, 2004
if it's what I think it is, proxies are not going to help, either. your best bet is the bar and its sweet, sweet alcohol.
if you are feeling especially ambitious (and bgp-savvy) you could try to get their rooter to roote around the captive bit, but even that is fairly unlikely.
posted by dorian at 10:32 AM on November 20, 2004
if you are feeling especially ambitious (and bgp-savvy) you could try to get their rooter to roote around the captive bit, but even that is fairly unlikely.
posted by dorian at 10:32 AM on November 20, 2004
Response by poster: Thanks for the suggestions, dorian. I think the problem has moved out of my area of expertise and into the realm of Someone Else's Problem.
posted by erebora at 11:06 AM on November 20, 2004
posted by erebora at 11:06 AM on November 20, 2004
Sounds like the networks router or proxy server has been hacked by someone to point people to this new URL. A network that "works" like that is worthless and someone should bitch out the system admin and get it fixed.
pwb.
posted by pwb503 at 12:18 PM on November 20, 2004
pwb.
posted by pwb503 at 12:18 PM on November 20, 2004
You/they are not alone. Here's a discussion on the same problem. Seems to be some sort of DNS hack at the ISP level. More here
posted by grahamwell at 7:45 PM on November 20, 2004
posted by grahamwell at 7:45 PM on November 20, 2004
This thread is closed to new comments.
posted by dorian at 9:31 AM on November 20, 2004