RE: DNS poisoning at Google?

[David Hubbard <dhubbard () dino hostasaurus com>]

Well as Jeremy pointed out, your site is issuing
redirects, he gave you the command to show it:

curl -e 'http://google.com' csulb.edu

So if you're sure your server(s) haven't been hacked,
your application appears to have been hacked.  It only
issues the redirect if the visitor comes in from a
google search.




> -----Original Message-----
> From: Matthew Black [mailto:Matthew.Black () csulb edu] 
> Sent: Wednesday, June 27, 2012 1:03 AM
> To: Michael J Wise
> Cc: nanog () nanog org
> Subject: RE: DNS poisoning at Google?
>
> Q:have you consulted the logs?
>
> Seriously? Our servers have multiple log files due to 
> multiple virtual hosts. Our primary domain log file on just 
> one server has over 600,000 records x 3 servers.
>
> Probably over 100,000 304 redirects in our logs.
>
> couchtarts.com does not appear in our log files.
>
>
> matthew black
> information technology services
> california state university, long beach
>
> -----Original Message-----
> From: Michael J Wise [mailto:mjwise () kapu net] 
> Sent: Tuesday, June 26, 2012 9:56 PM
> To: Matthew Black
> Cc: nanog () nanog org
> Subject: Re: DNS poisoning at Google?
>
>
> On Jun 26, 2012, at 9:35 PM, Matthew Black wrote:
>
> > Yes, we've used the Google Webmaster Tools a lot today. 
> Submitted multiple requests and they keep insisting that our 
> site issues a redirect. Unable to duplicate the problem here.
>
> ... have you consulted the logs?
> If the redirect is there, it ... 1) might not be from the 
> home page, and 2) could be in ... user content?
>
> awk '{if ($9 ~ /304/) { print $0 }}' access_log.
> ... or some such.
> Granted, might be a storm of " " -> index.html redirects, but 
> they should be grep -v 'able in short order.
> You might also look for the rDNS of the Google spider to see 
> exactly where it is looking, and what it sees.
>
> Aloha,
> Michael.
> -- 
> "Please have your Internet License             
>  and Usenet Registration handy..."