LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 03-18-2017, 01:52 AM   #1
deleted23
Member
 
Registered: Nov 2015
Distribution: Arch, Ubuntu Studio
Posts: 43

Rep: Reputation: 1
Exclamation Very strange browser behaviour (firefox) -- probably security related


Hello
I just noticed a very strange behaviour in my browser (Firefox).
It's probably not the correct forum to put this post in so Admin can feel free to put it somewhere else.

I tried to call a site (actually an invalid domainname so it seems) in Firefox and get linked to my localhost. I actually have a local LAMP-Sever to work on my website etcetera.
The site I tried to call was/is hmamail.com.
I supposed it to be the domainname of a disposible Email-Inbox but it is not.
I whether have this domain in Apache sites-enabled nor any clue how this can happen.
It's probably a security related affair so I post it here even if I usually try to avoid that.

If someone has an idea how that can happen I'd appreciate any help.
I have no history enabled in my browser.
I exclusively browse 'private'.

Greets
Gee

Last edited by deleted23; 03-18-2017 at 01:54 AM.
 
Old 03-18-2017, 03:05 AM   #2
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 14,593
Blog Entries: 9

Rep: Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092
Quote:
Originally Posted by bluntroller View Post
If someone has an idea how that can happen I'd appreciate any help.
i still do not understand what actually happened.
it seems you missed the most important bit in your explanation.
 
Old 03-18-2017, 04:04 AM   #3
deleted23
Member
 
Registered: Nov 2015
Distribution: Arch, Ubuntu Studio
Posts: 43

Original Poster
Rep: Reputation: 1
simply spoken...
I call the website hmamail.com (which is invalid, no DNS-Entry) and get returned the localhost hosted website.
Apologies if my English is ambiguous.
 
Old 03-18-2017, 04:26 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,700

Rep: Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823
Quote:
Originally Posted by bluntroller View Post
simply spoken...
I call the website hmamail.com (which is invalid, no DNS-Entry) and get returned the localhost hosted website.
Apologies if my English is ambiguous.
That's because hmamail.com resolves to localhost:
Code:
dig +short hmamail.com
127.0.0.1
Regards
 
Old 03-18-2017, 04:55 AM   #5
deleted23
Member
 
Registered: Nov 2015
Distribution: Arch, Ubuntu Studio
Posts: 43

Original Poster
Rep: Reputation: 1
Thumbs up Solved

Quote:
Originally Posted by bathory View Post
That's because hmamail.com resolves to localhost:
Code:
dig +short hmamail.com
127.0.0.1
Regards
Got it!
Will mark as solved.
Thanks for your elaboration.
 
Old 03-18-2017, 06:28 AM   #6
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 14,593
Blog Entries: 9

Rep: Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092
Quote:
Originally Posted by bathory View Post
That's because hmamail.com resolves to localhost:
Code:
dig +short hmamail.com
127.0.0.1
Regards
i get the same.
but why?
this is so weird.
'whois hmamail.com' gives very elaborate output about it being some godaddy site in arizona...
 
Old 03-18-2017, 07:37 AM   #7
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by bluntroller View Post
simply spoken...
I call the website hmamail.com (which is invalid, no DNS-Entry
Untrue. See below.


Quote:
Originally Posted by ondoho View Post
i get the same.
but why?
this is so weird.
'whois hmamail.com' gives very elaborate output about it being some godaddy site in arizona...
"some GoDaddy site in Arizona" is the Domain Registry.

It makes sense that if you run a proxy anonymizer and want to send email from that same service,
that you as a network and system administrator, set hmamail.com to only resolve to a working
email host from a known host. Not resolvable from the outside. I think it's easily done too, eg:
Set A Records to 127.0.0.1 on the name servers, (theirs are in Amazon's Route 53) DNS service:
Code:
dig A +short hmamail.com @ns-1016.awsdns-63.net
feel free to try a couple more.


Code:
host -t ns hmamail.com
hmamail.com name server ns-1016.awsdns-63.net.
hmamail.com name server ns-1072.awsdns-06.org.
hmamail.com name server ns-166.awsdns-20.com.
hmamail.com name server ns-1839.awsdns-37.co.uk
Short version:
On their page/service, the site can resolve hmamail.com and likely authenticates to another email service
to process for delivery as (example) inbound@hmamail.com

Some DNS detective work can be used to make the same conclusion.
Code:
dig MX +short hmamail.com
0 inbound.hmamail.com.
shows us the mail server identifying host(s)
Code:
host inbound.hmamail.com
inbound.hmamail.com has address 96.44.163.218
and that turns out to be on QuadraNet, Inc

It is conceivable that inbound.hmamail.com will only receive mail from hidemyass.com and that via "Trusted Hosts".

Good stuff on a Saturday.

Last edited by Habitual; 03-18-2017 at 07:42 AM.
 
Old 03-18-2017, 07:44 AM   #8
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
What this has to do with Firefox I have no idea.

DNS.fu
 
Old 03-18-2017, 01:18 PM   #9
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 14,593
Blog Entries: 9

Rep: Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092Reputation: 4092
thanks for the clarification!
still somewhat hazy, but that is entirely my own fault...
 
Old 03-19-2017, 05:44 AM   #10
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Go TeamLQ!
 
Old 03-24-2017, 07:16 AM   #11
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 17,779

Rep: Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537Reputation: 2537
Well, I admit I don't understand; I get
Code:
 Buy this domain.
hnamail.com
2017 Copyright. All Rights Reserved.
..... I don't see how it resolves to 127.0.0.1 for others ...
 
Old 03-24-2017, 07:37 AM   #12
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,700

Rep: Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823Reputation: 1823
Quote:
Originally Posted by chrism01 View Post
Well, I admit I don't understand; I get
Code:
 Buy this domain.
hnamail.com
2017 Copyright. All Rights Reserved.
..... I don't see how it resolves to 127.0.0.1 for others ...
Apparently it's fixed by now and points to a parking domains page:
Code:
dig hmamail.com +short
54.72.9.51
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Very strange browser behaviour (firefox) deleted23 Linux - General 1 03-18-2017 02:31 AM
Firefox, Could not initialize the browser's security component? suse2166 Linux - Newbie 4 05-25-2012 12:54 PM
Strange message and can only acess a site using firefox browser? M$ISBS General 2 09-24-2009 08:08 PM
Strange Firefox 3 behaviour with javascript search engine Gagarin Gambit Linux - Software 0 06-26-2008 06:43 PM
Printer problem - strange behaviour and browser crashes under Etch boomklever Linux - Hardware 1 04-01-2007 05:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 10:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration