PDA

View Full Version : "What you need when you need it" --who says?



Stephen Tashiro
12-08-2009, 3:06 PM
Often when I want my browser to visit a site that is temporarily off line, I get some kind of default web page. For example, if were trying to reach "Fredd Hoddy's Rust Barn", a page might come up that says:

Fredd Hoddy's Rust Barn
What you need when you need it

I think some server is programmed to grab the title of the website I want and put it on the "What you need when you need it page". The page also has links that look like bland advertising.

I wonder what server is doing this? I'd rather just be notified that the site that I wanted is off line.

I've read that it's possible to ignore the Domain Name Service (DNS) settings that your ISP wants you to use and to substitute OpenDNS servers or servers run by Google. Would that change this behavior?

Stephen Tashiro
12-22-2009, 2:06 PM
I looked at the source for some of the webpages that say "what you need when you need it". They mention "searchportal", which happens also to be the name of a spyware program. (This is somewhat surprising since I'm using Linux, not Windows.)

The reference begins "src=....//searchportal.information.com?epl = ...".

I wonder if this searchportal and the spyware searchportal are connected.

Dave Johnson29
12-22-2009, 3:31 PM
Fredd Hoddy's Rust Barn
What you need when you need it


It is a search portal that makes money from you clicking links that are displayed.

They are most usually launched as a result of a spelling typo in the URL address typed in or the target URL server is overloaded or at their bandwidth limit for the month.

They bulk register misspelled names of common website and then point their DNS servers to their search page. Nothing sinister, just annoying.

It also annoys the domain name registrars as these search people bulk register and they get between 7 and 10 days to pay. At the end of that time they do not pay, they just start the process over again so they can have thousands of misspelled URLs that cost them nothing.

Often your ISP will program their modem DNS default to point to one of those search portal URLs, but usually they point it at their own website search portal.

Eric DeSilva
12-22-2009, 4:57 PM
They don't have to register all this stuff, most ISPs use a DNS service that includes redirects to innocuous advertising (better than a redirect to a driveby virus site) for unresolved DNS errors. In other words, if the DNS (directory name server) throws an error for almost any reason (site mistyped, etc) it will do a redirect to (usually) a search page of some kind.

Google OpenDNS. Google, actually, just set up its own, but I can't remember the name.

Stephen Tashiro
12-22-2009, 10:27 PM
I encounter the redirection no matter what nameservers I use. I can use the DSL modem as nameserver, my third party ISP's nameserver, or Google's 8.8.8.8 and 8.8.4.4. The DSL service is from Qwest, but my modem is not QWest supplied product. I run Linux, so I haven't run any Qwest supplied configuration programs.

The redirection happens regularly when I mispell a website name. But it also happens when I use the bookmarks in Firefox that point to the correct site. These bookmarks work correctly most of the time.

Stephen Tashiro
12-25-2009, 4:09 PM
For those curious about the problem, I discussed it in more detail on fedoraforum.org in the "security" section. The thread has a similiar title to this one.

I'm curious about which other people get redirected a "what you need when you need it" page (apparently from searchportal.information) when they direct their browser to go to a mistyped URL. In particular, I'm trying to determine if this is common to Qwest DSL users.

paul cottingham
12-25-2009, 6:12 PM
It may be a hijacked hosts file. That will redirect you to a site of the "files" choosing when you misdirect something. ( a GROSS oversimplification, but what the hey.)

Stephen Tashiro
12-25-2009, 6:36 PM
Does "hijacked" mean that it would be altered on my machine? My /etc/hosts file looks OK.

Stephen Tashiro
01-01-2010, 1:45 AM
The explanation of my redirection problem has to do with how the Firefox browser (and certain commands such as ping, wget, and traceroute) look up the IP address of a given name.

For example if the given name is "fedoraf.org", the browser makes a DNS request for that name. If it doesn't get an IP address back, it forms a new name by appending the name of the local domain to the given name. I had named my local domain "myhouse.org" since this is a name often used in documentation to illustrate an arbitrary name. Hence my browser will also look up "fedoraf.org.myhouse.org". Apparently the "searchportal" advertiser owns the "myhouse.org" domain. So I get the advertising page.

It wouldn't surprise me if advertisers own other domains with names that are commonly used in documentation, such as "foo".

Commands such as nslookup and dig do not append the local domain name, so you get the expected reply from them. The response is an "AUTHORITY" record if the DNS server can't find the IP.

paul cottingham
01-01-2010, 2:51 AM
Does IE do it too?

Stephen Tashiro
01-01-2010, 5:20 AM
I don't have any Windows machines plugged in. All I use is Linux these days.

paul cottingham
01-01-2010, 12:38 PM
Good man.

:-)