LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-07-2012, 09:54 AM   #1
Midhato
LQ Newbie
 
Registered: Dec 2011
Posts: 13

Rep: Reputation: Disabled
url in browser redirecting to another adress


when i type in browser url that does not exist i get redirecting to some chines sites , isp say that they did not set anything to do that.Is my linux infected with virus .

some of the sites are
127.0.0.1 www5.1616.net
127.0.0.1 cache.soso.com
127.0.0.1 r.61658.com
127.0.0.1 st.5258.net
127.0.0.1 st.61658.com
127.0.0.1 static.5258.net
127.0.0.1 a.5258.net.cdn20.com
127.0.0.1 wsall.5258.net.wsdns.com
127.0.0.1 dr.soso.com

i blocked them in hosts but today i get to this site

http://www.2345.com/?k99031933


i am runing ubuntu 12.04,firefox,chrome,chromium and konq.. have same problem.
 
Old 12-07-2012, 10:25 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,485
Blog Entries: 54

Rep: Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902
Select one "wrong" host name and tell us what it returns:
Code:
host [wrongaddress]
dig +trace [wrongaddress]
 
1 members found this post helpful.
Old 12-07-2012, 10:34 AM   #3
Midhato
LQ Newbie
 
Registered: Dec 2011
Posts: 13

Original Poster
Rep: Reputation: Disabled
midhat@midhat:~$ host www.sdfsdf.ba
www.sdfsdf.ba has address 218.93.250.18
;; Warning: Message parser reports malformed message packet.
ba has SOA record bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2012120704 14400 3600 604800 86400
midhat@midhat:~$ dig +trace www.dsfsdfsd.ba

; <<>> DiG 9.8.1-P1 <<>> +trace www.dsfsdfsd.ba
;; global options: +cmd
. 153738 IN NS m.root-servers.net.
. 153738 IN NS b.root-servers.net.
. 153738 IN NS g.root-servers.net.
. 153738 IN NS d.root-servers.net.
. 153738 IN NS i.root-servers.net.
. 153738 IN NS j.root-servers.net.
. 153738 IN NS l.root-servers.net.
. 153738 IN NS f.root-servers.net.
. 153738 IN NS e.root-servers.net.
. 153738 IN NS k.root-servers.net.
. 153738 IN NS h.root-servers.net.
. 153738 IN NS c.root-servers.net.
. 153738 IN NS a.root-servers.net.
;; Received 244 bytes from 192.168.254.253#53(192.168.254.253) in 1567 ms

ba. 172800 IN NS auth03.ns.uu.net.
ba. 172800 IN NS ba.cctld.authdns.ripe.net.
ba. 172800 IN NS ns.ba.
ba. 172800 IN NS sava.utic.net.ba.
ba. 172800 IN NS munnari.oz.au.
;; Received 335 bytes from 192.203.230.10#53(192.203.230.10) in 923 ms

ba. 86400 IN SOA bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2012120705 14400 3600 604800 86400
;; Received 95 bytes from 195.130.35.3#53(195.130.35.3) in 44 ms

midhat@midhat:~$ host sdfsdf.ba
sdfsdf.ba has address 218.93.250.18
;; Warning: Message parser reports malformed message packet.
ba has SOA record bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2012120705 14400 3600 604800 86400
midhat@midhat:~$ host sdfsdf.ba



in 1st post i get redirected to www5.1616.net, but wireshark is reporting other adress

Last edited by Midhato; 12-07-2012 at 10:45 AM.
 
Old 12-07-2012, 11:09 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,485
Blog Entries: 54

Rep: Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902
I bet 'host sdfsdf.ba 8.8.8.8' returns NXDOMAIN (or check here or here). Are you by any chance using a router with Mikrotik RouterOS?

Last edited by unSpawn; 12-07-2012 at 11:13 AM. Reason: //More *is* more.
 
Old 12-07-2012, 11:16 AM   #5
Midhato
LQ Newbie
 
Registered: Dec 2011
Posts: 13

Original Poster
Rep: Reputation: Disabled
Yes i have mikrotik os and i am directly connected to him,for others it is hotspot wireless
 
Old 12-07-2012, 11:21 AM   #6
Midhato
LQ Newbie
 
Registered: Dec 2011
Posts: 13

Original Poster
Rep: Reputation: Disabled
It can be any adress www.blablablalololif jdjfdancf.com or any other that is not registered
 
Old 12-07-2012, 11:33 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,485
Blog Entries: 54

Rep: Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902
Quote:
Originally Posted by Midhato View Post
Yes i have mikrotik os
Did you recently update your RouterOS?
From a non-Mikrotik source perhaps?
 
1 members found this post helpful.
Old 12-07-2012, 11:38 AM   #8
Midhato
LQ Newbie
 
Registered: Dec 2011
Posts: 13

Original Poster
Rep: Reputation: Disabled
I will ask my isp, router is only in my house and i dont have nothing with software he use.
I will mark this as solved because it is not my system problem.
 
Old 12-07-2012, 11:44 AM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,485
Blog Entries: 54

Rep: Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902
Before you go please post output of
Code:
host sdfsdf.ba 8.8.8.8
 
Old 12-07-2012, 12:22 PM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,485
Blog Entries: 54

Rep: Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902
So he didn't. Anyway. What the output of the last command should prove is that if there's redirection it's either in the router (in case of Mikrotik there's illegal firmware around that points to .cn TLD 218.93.250.18 specifically, also see the .mx/.br incident) or inside the Providers realm (some Wireless providers seem to be notorious for such practices) or inside TLDs authoritative Name Servers (there's a quite recent incident in another TLD where all authoritative Name Servers got redirected temporarily).
 
Old 12-07-2012, 01:03 PM   #11
Midhato
LQ Newbie
 
Registered: Dec 2011
Posts: 13

Original Poster
Rep: Reputation: Disabled
host sdfsdf.ba 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

sdfsdf.ba has address 218.93.250.18
;; Warning: Message parser reports malformed message packet.
ba has SOA record bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2012120705 14400 3600 604800 86400
 
Old 05-19-2013, 10:25 AM   #12
topr
LQ Newbie
 
Registered: May 2013
Posts: 1

Rep: Reputation: Disabled
This topic is marked as sloved. I see no solution though (?)
I have the exact same case here. When I put some unexistent or incorrect URL in the browser's address bar (firefox), then I'm reaching the asian site with porn adds: www5.1616.net
I don't really like to going there.

Code:
$ host sdasda.ba
sdasda.ba has address 218.93.250.18
;; Warning: Message parser reports malformed message packet.
ba has SOA record bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2013051710 14400 3600 604800 86400
Code:
$ dig +trace sdasda.ba

; <<>> DiG 9.8.1-P1 <<>> +trace sdasda.ba
;; global options: +cmd
.			21446	IN	NS	i.root-servers.net.
.			21446	IN	NS	f.root-servers.net.
.			21446	IN	NS	b.root-servers.net.
.			21446	IN	NS	g.root-servers.net.
.			21446	IN	NS	c.root-servers.net.
.			21446	IN	NS	d.root-servers.net.
.			21446	IN	NS	a.root-servers.net.
.			21446	IN	NS	k.root-servers.net.
.			21446	IN	NS	h.root-servers.net.
.			21446	IN	NS	m.root-servers.net.
.			21446	IN	NS	l.root-servers.net.
.			21446	IN	NS	j.root-servers.net.
.			21446	IN	NS	e.root-servers.net.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 381 ms

ba.			172800	IN	NS	ba.cctld.authdns.ripe.net.
ba.			172800	IN	NS	ns.ba.
ba.			172800	IN	NS	sava.utic.net.ba.
ba.			172800	IN	NS	auth03.ns.uu.net.
ba.			172800	IN	NS	munnari.oz.au.
;; Received 329 bytes from 192.203.230.10#53(192.203.230.10) in 177 ms

ba.			86400	IN	SOA	bosna.utic.net.ba. hostmaster.bosna.utic.net.ba. 2013051710 14400 3600 604800 86400
;; Received 89 bytes from 193.0.9.60#53(193.0.9.60) in 30 ms
My router is TP-Link TL-WR841N. I haven't been updating firmware recently.
DNS settings are:
primary 8.8.8.8
secondary 194.187.52.5 (ISP's)

How can I get this asian crap redirection go away?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Map url adress to localhost (edit hosts file in windows, Linux eq) Geert86 Linux - Networking 1 02-03-2010 07:11 AM
redirecting to multiple hosts based on url wolfipa Linux - Server 4 08-11-2008 09:24 AM
redirecting the output of pwd into konqueror as a url. using bash fiery_ice Linux - Newbie 5 04-05-2006 03:13 PM
URL redirecting in Apache Marq Linux - Software 4 01-03-2006 12:41 PM
Redirecting URL to another server wilcoNL Linux - Software 3 04-05-2004 07:00 AM


All times are GMT -5. The time now is 07:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration