RandomUser
2007-09-23, 03:33
This write-up is split into three parts.
1. Problem
2. Resolution
3. Things that I can't explain
There are 2 PCs in my house, my PC has both Windows and Linux. I barely use Windows ever since I installed Linux several weeks ago. I use Trend Micro as my Windows AV but it makes things extremely slow and I suspect it might be compromised, but I'm not sure. But that's beside the point, because I now use Linux almost exclusively.
I normally frequently visit sites A, B, C, D, E using Opera. Today, I visited some other sites and then, I visited site A ( amigaworld.net ). I got served one of those dumb link pages that you see when you visit sites that have gone away. It was strange to me, because I know site A is unlikely to go out like this anytime soon, so I chalked it up to their ISP and moved on to visit some other sites.
Then, I visited site B, and I got redirected to foxmovies.com instead, which is strange because I never visited this site (it's been way long since I stopped watching movies).
So when I visited C, D, E; I got redirected to foxmovies.com as well. I booted into Windows... and got the same behavior on all 5 sites with both Opera and Internet Explorer. At this point I contacted three friends, one of which uses the same ISP as me (and probably the same local ISP point), and they all said they see the sites normally. I tried the sites on the 2nd computer. I didn't try site A. Site B would work normally but sites C, D, E would get redirected to foxmovies.com as well.
Why would site B exhibit different behavior across computers? I conjectured malware that was infected across the network after I tried B but before I tried the others.
Then I had the idea to reset the router and the cache of the browsers... and it all worked fine. However... I can't answer the following:
1. I can understand a router glitch where I type an URL and receive the content of another. But, why would the address bar get updated with the replacement URL? Is this part of the HTTP spec?
2. Why would visiting amigaworld.net yield a dumb links page with the text "amigaworld.net" within it? Not a router glitch for sure. Please note that I had cleared the cache of Windows on both machines... but I had not cleared the cache on Linux yet. So I activated Opera's off-line mode, and retrieved the HTML and I also made a screenshot. They're attached. Please note that I was being served this until I reset the router and cleared the caches... I did both together. I did not think of clearing the cache alone, not even as I retrieved the cache on Linux (too bad), but why would this happen in the first place anyway?
3. Why would site B exhibit different behavior across computers?
Feedback is welcome.
P.S. Sites are:
B= boardgamegeek.com
C= boardgamenews.com
D= jayisgames.com
E= osnews.com
I'm just trying to avoid retyping these over and over.
1. Problem
2. Resolution
3. Things that I can't explain
There are 2 PCs in my house, my PC has both Windows and Linux. I barely use Windows ever since I installed Linux several weeks ago. I use Trend Micro as my Windows AV but it makes things extremely slow and I suspect it might be compromised, but I'm not sure. But that's beside the point, because I now use Linux almost exclusively.
I normally frequently visit sites A, B, C, D, E using Opera. Today, I visited some other sites and then, I visited site A ( amigaworld.net ). I got served one of those dumb link pages that you see when you visit sites that have gone away. It was strange to me, because I know site A is unlikely to go out like this anytime soon, so I chalked it up to their ISP and moved on to visit some other sites.
Then, I visited site B, and I got redirected to foxmovies.com instead, which is strange because I never visited this site (it's been way long since I stopped watching movies).
So when I visited C, D, E; I got redirected to foxmovies.com as well. I booted into Windows... and got the same behavior on all 5 sites with both Opera and Internet Explorer. At this point I contacted three friends, one of which uses the same ISP as me (and probably the same local ISP point), and they all said they see the sites normally. I tried the sites on the 2nd computer. I didn't try site A. Site B would work normally but sites C, D, E would get redirected to foxmovies.com as well.
Why would site B exhibit different behavior across computers? I conjectured malware that was infected across the network after I tried B but before I tried the others.
Then I had the idea to reset the router and the cache of the browsers... and it all worked fine. However... I can't answer the following:
1. I can understand a router glitch where I type an URL and receive the content of another. But, why would the address bar get updated with the replacement URL? Is this part of the HTTP spec?
2. Why would visiting amigaworld.net yield a dumb links page with the text "amigaworld.net" within it? Not a router glitch for sure. Please note that I had cleared the cache of Windows on both machines... but I had not cleared the cache on Linux yet. So I activated Opera's off-line mode, and retrieved the HTML and I also made a screenshot. They're attached. Please note that I was being served this until I reset the router and cleared the caches... I did both together. I did not think of clearing the cache alone, not even as I retrieved the cache on Linux (too bad), but why would this happen in the first place anyway?
3. Why would site B exhibit different behavior across computers?
Feedback is welcome.
P.S. Sites are:
B= boardgamegeek.com
C= boardgamenews.com
D= jayisgames.com
E= osnews.com
I'm just trying to avoid retyping these over and over.