nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS poisoning at Google?

From: Kevin Day <toasty () dragondata com>
Date: Tue, 26 Jun 2012 23:21:21 -0500

On Jun 26, 2012, at 10:53 PM, Matthew Black wrote:


Google Safe Browsing and Firefox have marked our website as containing malware. They claim our home page returns no 
results, but redirects users to another compromised website couchtarts.com.

We have thoroughly examined our root .htaccess and httpd.conf files and are not redirecting to the problem target 
site. No recent changes either.

We ran some NSLOOKUPs against various public DNS servers and intermittently get results that are NOT our servers.

We believe the DNS servers used by Google's crawler have been poisoned.

Can anyone shed some light on this?


Not sure if it's related, but yesterday one of my clients (a top 500 alexa site) suddenly had most search results (when 
googling for things like the site's name) suddenly change to some other shady looking domain that's just sending 302 
redirects to the real site. All the same search results are there, but they're now sending everyone to the wrong domain 
that's just redirecting to the correct place. No idea how Google thought this is correct and I'm totally failing at 
getting anyone's attention at Google to look into this.

This coincided with this message from @google on twitter yesterday:

Heads up: we're pushing a new Panda data refresh that noticeably affects only ~1% of queries worldwide.
http://twitter.com/google/status/217366321879453696

But i'm not sure that's related either.

-- Kevin
Previous By Date Next
Previous By Thread Next

Current thread: