Fiddler .... Thanks for that. Looks like I will have to try and explain DNS poisoning to a user that believes my sites has been hijacked and all his personnel financial information is being leaked all over the Internet. I don't have the heart to tell him that my site has not been jacked but his personnel financial information is most likely being leaked all over the Internet, but by his PC not my website.
-----Original Message----- From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 1:04 PM To: NT System Admin Issues Subject: RE: Odd Redirects Here is what I see from Fiddler on the url stream getting to that site. All http /1.1 with 200 Error codes except for http://www.imcu.org/includes/images/1p.gif which popped a 404 not found. NO redirects seen to the malicious site, which seems to look like dns poisoning on your end. Check dns, and check ya host files, and check another from another computer than doesn't have BHO's in IE. Z http://www.fiddler2.com/fiddler2/updatecheck.asp?isBeta=False http://www.imcu.org/css/imcu_text_link_styles.css http://www.imcu.org/SpryAssets/SpryTabbedPanels.js http://www.imcu.org/SpryAssets/SpryTabbedPanels.css http://www.imcu.org/images/bg_leftside.jpg http://www.imcu.org/images/1p.gif http://www.imcu.org/images/header-a.jpg http://www.imcu.org/images/small_promo_homeloans.jpg http://www.imcu.org/images/small_promo_auto_center.jpg http://www.netit.financial-net.com:443 http://www.imcu.org/images/BG-logon2.jpg http://www.imcu.org/ContentImageHandler.ashx?imageId=7144 http://www.imcu.org/images/title_latest_news.gif http://www.imcu.org/images/title_rate_check.gif http://www.imcu.org/ContentImageHandler.ashx?imageId=3571 http://www.imcu.org/ContentImageHandler.ashx?imageId=3787 http://www.imcu.org/images/small_promo_deposit_services.jpg http://www.imcu.org/includes/images/1p.gif http://www.netit.financial-net.com:443 http://www.netit.financial-net.com:443 http://www.imcu.org/images/logo-ncua.jpg http://www.imcu.org/images/logo-eq-housing.jpg http://www.imcu.org/images/bg_rightside.jpg http://www.imcu.org/images/red_texture.gif http://www.imcu.org/images/nav.jpg Edward E. Ziots Network Engineer Lifespan Organization Email: [EMAIL PROTECTED] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + -----Original Message----- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 1:00 PM To: NT System Admin Issues Subject: Re: Odd Redirects A walk-through? -- ME2 On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]> wrote: > How do I explain that to joe user? > > > > ________________________________ > > From: Sean Rector [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 04, 2008 12:40 PM > To: NT System Admin Issues > Subject: RE: Odd Redirects > > > > Check 4 hosts file? DNS poisoning... > > > > Sean Rector, MCSE > > > > From: David McSpadden [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 04, 2008 12:27 PM > To: NT System Admin Issues > Subject: Odd Redirects > > > > I have a customer that is trying to get to www.imcu.org. They are getting > redirected to www.manta.com. > > If the go to www.imcu.com they are fine. I can get to both .org and .com > with no issues. > > What is redirecting them to manta.com? What can I tell them to do to stop > this behavior? > > So far I have told them to delete temporary files and cookies as well as > ipconfig /flushdns but what > > is the real problem with their pc??? > > > > > > > > > > Data Security is everyone's responsibility. > > > > > > > > > > Information Technology Manager > Virginia Opera Association > > E-Mail: [EMAIL PROTECTED] > Phone: (757) 213-4548 (direct line) > {*} > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~