Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^4: How to identify if URL is mod_perl handler

by afoken (Parson)
on Nov 07, 2012 at 20:35 UTC ( #1002735=note: print w/ replies, xml ) Need Help??


in reply to Re^3: How to identify if URL is mod_perl handler
in thread How to identify if URL is mod_perl handler

If instead someone "helpfully" redirects me to something else, then I can't reliably detect the condition. (My home ISP does that to me, and it gripes me to no end.)

Most times I've seen this malicious behaviour, it was "just" a DNS manipulation, i.e. it happend only for domain names not currently found in the DNS. Instead of returning NXDOMAIN, the provider's DNS server happily returned the IP address of a provider-supplied web server that offered some unhelpful search form. Verisign started this malicious behaviour in September 2003, and several providers happily copied it. Bypassing this malicious behaviour is quite easy, just don't use the DNS server(s) of your provider, but some free ones. Google offers 8.8.8.8 and 8.8.4.4, I use them in my DSL router (that acts as name server for my LAN), because my provider "accidentally forgets" my opt-out every few weeks, and I'm quite happy with that setup.

If you see the unhelpful page instead of a 404 page also for URLs with well-known servers, like http://www.google.com/google/does/not/have/this/page, there are essentially two methods left: Either your provider infected your PC with that malware when you installed software for access to your providers dial-up network, or your provider uses a transparent proxy. Booting from a live linux cdrom easily shows what really happens. In the first case, the unhelpful page is gone as soon as you don't use the malware-infected operating system. The second case can be identified by the fact that any web server you connect to sees your request coming from a different address than the one your provider issued to your system. Pages like http://ix.de/ip show you from what IP address your request comes from.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)


Comment on Re^4: How to identify if URL is mod_perl handler
Re^5: How to identify if URL is mod_perl handler
by roboticus (Canon) on Nov 08, 2012 at 02:19 UTC

    afoken:

    I hadn't thought of using an alternate DNS server, I'll put them into my router. While I'm not a WWW guy, you'd think I would've thought of that. But I've been grousing about it for a couple years and never did. I guess everything's obvious in hindsight...

    I'm running Linux at home, and it's pretty tightly locked down, so I don't think there's any malware on this box. But our ISP doeas all sorts of "magic", so I don't doubt that a transparent proxy might be in the loop. I'll check out your ideas to see if my ISP has transparent proxies, or just annoying redirects.

    I wish I could give you a couple more ++!

    ...roboticus

    When your only tool is a hammer, all problems look like your thumb.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1002735]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (4)
As of 2014-09-18 07:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (109 votes), past polls