You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by shi <to...@126.com> on 2015/09/09 16:46:56 UTC
DNS is hijacked and some filty AD is added at the bottom of our
webpage
Hi gurus,
We have a website running at a tomcat. Its web pages looks good.
Recently, we, however, find some of web pages contain the filthy AD at the bottom of the page.
We really could not understand why there are these filthy AD at the web page. We make sure the web page doesn't contain any ADs at tomcat.
But when we access these webpage via internet, we find these filthy AD added..
We search related knowledge and find it looks like some DNS is hijacked. It causes when the client is accessing the website, the hijacked DNS will be used to translate the webname to its IP. During this process, the hijacked DNS adds the filthy AD at the web page.
So my current question is:
how to avoid/resolve this issue at java server side? Are there many good solutions to resolve it?
Thanks,
Shi
Re: DNS is hijacked and some filty AD is added at the bottom of our
webpage
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Shi,
On 9/9/15 10:46 AM, shi wrote:
> Hi gurus,
>
> We have a website running at a tomcat. Its web pages looks good.
>
> Recently, we, however, find some of web pages contain the filthy AD
> at the bottom of the page.
>
> We really could not understand why there are these filthy AD at the
> web page. We make sure the web page doesn't contain any ADs at
> tomcat. But when we access these webpage via internet, we find
> these filthy AD added..
>
> We search related knowledge and find it looks like some DNS is
> hijacked. It causes when the client is accessing the website, the
> hijacked DNS will be used to translate the webname to its IP.
> During this process, the hijacked DNS adds the filthy AD at the web
> page.
>
> So my current question is: how to avoid/resolve this issue at java
> server side? Are there many good solutions to resolve it?
So, the *client's* DNS has been hijacked? The only thing you can
really do about that is require your users to use DNSSec or something
like that... not sure if that's even possible.
You could require HTTPS for everything and request certificate
pinning, but again there are ways around that.
You may not be able to do anything other than contact some authority
and try to get the rogue site shut down.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJV8E4vAAoJEBzwKT+lPKRY5lkP/j6nfHoEydxcqbKeZxM7jVHG
/jxFbTdbt4qATsRj50IyEaZF2wTfhq17O1pfUQWa1zqXPxehJobl0otNmOTjoOwB
R5y3C5EUQPS8Umox1Tw+3liEDPDrOesqSPBm7XrvbS5u3kukOqBLC61KJgzsgDAu
YTqrMjODNffa7qIHOFSn6Wjy0R0dVVGa5RcxJ9f+Et7DPbHdtVa4Y7zXiltrVFBg
BHwTVSxCv8QrfTmSZgEJ819v+UZrh8lmytHnXsF4tkBvxubEEiKS3lDwTucrR/jl
mTbQDgEjra88heRl1cAU8xDVoy7y29TEZXlZcLzXG84BoAH82fOhFfo3PcMx0YI1
1W0zqCyuu7BYfgbkbtqRL76h2Nj7XPBL0qS3FmxctjZNLPAvs+2KUadkU6ecK0/6
ELnXJDZz6VzAm+cEr4Wynah42EGXBEq6y32t1Iv/s5WGv0CYmM7+TByE/s24ozzr
2BucnH1kH/3v8m5Dn6/MGpCkzaCT5+mJCR7da6nyzDN/Rupu+JAjjkj1jXjLkVgf
2EnKhN52t+Rdl+0UwV/e9qoPJgWQfBcpLQ6SkyD5h/L+SI6OPVMvHtT9w7py0EJf
LOdSAqSYt8a5CcICJFOKjip0O5icMqIwr4kwwFS0oKuUk1g8EfuiDjMlxylbLYvL
sU7+8Aa6cdyB1N+p38z7
=J+8s
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: DNS is hijacked and some filty AD is added at the bottom of our
webpage
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Willem,
On 9/9/15 12:54 PM, Willem van Zyl wrote:
> Use dnssec.
Is it possible for a server to force the use of DNSSEC? Just like
X.509, you need to have a chain of trust between the client and the
server, and if your ISP or OS doesn't support DNSSEC, then you can't
benefit.
- -chris
> On Wed, Sep 9, 2015 at 8:13 AM -0700, "shi"
> <to...@126.com>> wrote:
>
> Hi gurus,
>
> We have a website running at a tomcat. Its web pages looks good.
>
> Recently, we, however, find some of web pages contain the filthy AD
> at the bottom of the page.
>
> We really could not understand why there are these filthy AD at the
> web page. We make sure the web page doesn't contain any ADs at
> tomcat. But when we access these webpage via internet, we find
> these filthy AD added..
>
> We search related knowledge and find it looks like some DNS is
> hijacked. It causes when the client is accessing the website, the
> hijacked DNS will be used to translate the webname to its IP.
> During this process, the hijacked DNS adds the filthy AD at the web
> page.
>
> So my current question is: how to avoid/resolve this issue at java
> server side? Are there many good solutions to resolve it?
>
>
> Thanks, Shi
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJV8JO5AAoJEBzwKT+lPKRYIEwP/i9aMbfCeS+YSXi6CBVpvtXi
Qr93tff50GHXsFFaI4jgqSM75/9O2Z2LmZy2OqmwaDK/scVL2ogQmUiubsNDymUI
xzU3d0zEzcjHZBhkF0XtlwqTqsJp/sx+x08Lk8Ye487EYvr1WTgQj7No22oAUtFK
ucwT697SH9YD4CB2q1PcyOwW88eOr+zjsgymyr7qDmEKXWPRW2oi0/BqAAFBtkZk
w+VTfhf8vOrRZHFDiG9Fl+rPLbepFzQbXsmVD/l4uzNJmCp/ndVISZZ2K9p29Hhu
EkbBNCyZHPv7uUl2ncyOl/FI7G1G3O+S4Q+piZ+clLXA0KB3Epe1wRXuXxUO8yGC
ub3BnMuuV9zqkzzYs0CCX1UU38EtY6AOXZRiSH8kBJz5HMi6RRJFNMl7zeFrajMC
bWJUbUDPiqC9q4slrZ/kAYX5DD5SEoP0GsEA64mFBgV04mGDtny19LX/4ahpN/A4
DJIf9Mqy83yA4e3/NxBwwdNmscyU4DfD8MxA3tt9cNOWmvkBCreyCCPiWlEL/VBL
OUwqO4+EtWE6dkAkobrkrn8KTWeF/obM0FTBZKFqVqYcRlgagDV4MFZwgfQPjRTh
gxpjQJtfnC3br9eEOMe0LBuFeTTAu57RsM8nkYWay75hHuo2f7BATopjjJ+Wd0Ia
GwO8/9QGJnDwGyM9vKR6
=QOAa
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: DNS is hijacked and some filty AD is added at the bottom of our
webpage
Posted by Willem van Zyl <wi...@adept.co.za>.
Use dnssec.
Sent by Outlook<http://taps.io/outlookmobile> for Android
On Wed, Sep 9, 2015 at 8:13 AM -0700, "shi" <to...@126.com>> wrote:
Hi gurus,
We have a website running at a tomcat. Its web pages looks good.
Recently, we, however, find some of web pages contain the filthy AD at the bottom of the page.
We really could not understand why there are these filthy AD at the web page. We make sure the web page doesn't contain any ADs at tomcat.
But when we access these webpage via internet, we find these filthy AD added..
We search related knowledge and find it looks like some DNS is hijacked. It causes when the client is accessing the website, the hijacked DNS will be used to translate the webname to its IP. During this process, the hijacked DNS adds the filthy AD at the web page.
So my current question is:
how to avoid/resolve this issue at java server side? Are there many good solutions to resolve it?
Thanks,
Shi
Re: DNS is hijacked and some filty AD is added at the bottom of our
webpage
Posted by George Sexton <ge...@mhsoftware.com>.
On 9/9/2015 8:46 AM, shi wrote:
> Hi gurus,
>
> We have a website running at a tomcat. Its web pages looks good.
>
> Recently, we, however, find some of web pages contain the filthy AD at the bottom of the page.
Here are the ways this could be happening:
1. Your server is compromised and it's your server that's inserting the
ads.
2. Your client is compromised by a virus and it's inserting the ad.
3. Your internet service provider is evil and inserting ads.
4. You are suffering from hijacked DNS on your network. I've seen this
where the router at the site had been hacked and was passing out DNS
entries for a server in Russia.
5. Someone's actually compromised your DNS records at the registrar.
The 1st step to figuring out what's going wrong is to get a known clean
client on a known clean network and see what the page looks like. If
it's good, then you eliminate 1,2,3, and 4.
to test number 5 use any of the DNS lookup tools on the internet and
check your domain.
To check number 4, look at the IP addresses of the DNS servers being
handed out by your DHCP server.
>
> We really could not understand why there are these filthy AD at the web page. We make sure the web page doesn't contain any ADs at tomcat.
> But when we access these webpage via internet, we find these filthy AD added..
>
> We search related knowledge and find it looks like some DNS is hijacked. It causes when the client is accessing the website, the hijacked DNS will be used to translate the webname to its IP. During this process, the hijacked DNS adds the filthy AD at the web page.
>
> So my current question is:
> how to avoid/resolve this issue at java server side? Are there many good solutions to resolve it?
>
>
> Thanks,
> Shi
--
George Sexton
*MH Software, Inc.*
Voice: 303 438 9585
http://www.mhsoftware.com
Re:DNS is hijacked and some filty AD is added at the bottom of our
webpage
Posted by shi <to...@126.com>.
Hi gurus,
Do you have some good suggestions/solutions for my issues?
Thanks,
At 2015-09-09 22:46:56, "shi" <to...@126.com> wrote:
Hi gurus,
We have a website running at a tomcat. Its web pages looks good.
Recently, we, however, find some of web pages contain the filthy AD at the bottom of the page.
We really could not understand why there are these filthy AD at the web page. We make sure the web page doesn't contain any ADs at tomcat.
But when we access these webpage via internet, we find these filthy AD added..
We search related knowledge and find it looks like some DNS is hijacked. It causes when the client is accessing the website, the hijacked DNS will be used to translate the webname to its IP. During this process, the hijacked DNS adds the filthy AD at the web page.
So my current question is:
how to avoid/resolve this issue at java server side? Are there many good solutions to resolve it?
Thanks,
Shi