1
DonCurioso
DNS ISSUE - Xoops.org & dev.xoops.org has been redirected

Hi,

i´ve found than xoops.org & dev.xoops.org has been redirected to a brazilian politic webpage

A DNS issue shows a redirect to a brazilian politic website, at least to me
HispaXoops | Xoops España

That's the way i like it! | Nada mejor que una Alhambra bien helada con aceitunas...

2
ghia
Re: DNS ISSUE - Xoops.org & dev.xoops.org has been redirected
  • 2009/5/27 4:10

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


That was here also the case for a while. I sent some data to Mamba by mail about it.

3
Mamba
Re: DNS ISSUE - Xoops.org & dev.xoops.org has been redirected
  • 2009/5/27 4:15

  • Mamba

  • Moderator

  • Posts: 11366

  • Since: 2004/4/23


Ghia, I forwarded your email to Surpass.

This is what I got from them:

Quote:
Your domain is pointing to the correct nameservers which are pointing to the correct A record. You can verify this for yourself:

http://www.intodns.com/xoops.org

If it is a DNS problem, it lies somewhere at the resolution end. I assure you, your DNS settings are correct. If this truly were a DNS issue at the nameserver or registrar level, then none of your users would be able to view the site.

If there are any server side issues, this would have to be a malicious redirect or iframe insertion, something which I can find no evidence of on the server.

I am happy to continue working with you on this issue, but until we can reproduce this somehow, we just won't be able to get to the bottom of this. Have your users contacted their local ISPs regarding this issue? I would be interested to see what their local ISPs have to say about this issue.

So, can some of the affected users contact your local ISP and ask what is going on on their end?
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

4
ghia
Re: DNS ISSUE - Xoops.org & dev.xoops.org has been redirected
  • 2009/5/27 5:08

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Quote:
I assure you, your DNS settings are correct.
But, there were some reservations:
Quote:
Warn Same Glue Looks like the A records (the GLUE) got from the parent zone check are different than the ones got from your nameservers. You have to make sure your parent server has the same NS records for your zone as you do.I detected some problems as follows:
For ns1.xoopsproject.org the parent reported: ['66.7.217.147'] and your nameservers reported: ['66.7.217.148']
For ns2.xoopsproject.org the parent reported: ['66.7.217.147'] and your nameservers reported: ['66.7.217.149']

Quote:
Different subnets WARNING: Not all of your nameservers are in different subnets
Quote:
SOA EXPIRE Your SOA EXPIRE number is: 3600000. That is NOT OK
Today I have different data:
Quote:
; <<>> DiG 9.3.4-P1 <<>> xoops.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47685
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;xoops.org. IN A

;; ANSWER SECTION:
xoops.org. 298 IN A 66.7.217.147

;; AUTHORITY SECTION:
xoops.org. 85024 IN NS ns1.xoopsproject.org.
xoops.org. 85024 IN NS ns2.xoopsproject.org.

;; Query time: 1 msec
;; SERVER: 83.149.105.188#53(83.149.105.188)
;; WHEN: Wed May 27 06:38:45 2009
;; MSG SIZE rcvd: 92

and yesterday with the failure:
Quote:
; <<>> DiG 9.3.4-P1 <<>> xoops.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28820
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;xoops.org. IN A

;; ANSWER SECTION:
xoops.org. 5033 IN A 66.7.212.213

;; AUTHORITY SECTION:
xoops.org. 5028 IN NS ns1.xoopsproject.org.
xoops.org. 5028 IN NS ns2.xoopsproject.org.

;; ADDITIONAL SECTION:
ns1.xoopsproject.org. 539 IN A 66.7.212.213
ns2.xoopsproject.org. 539 IN A 220.194.46.144

;; Query time: 1 msec
;; SERVER: 85.12.15.250#53(85.12.15.250)
;; WHEN: Tue May 26 20:51:58 2009
;; MSG SIZE rcvd: 124

The IP was then shifted to the Brazilian site:
Quote:
; <<>> DiG 9.3.4-P1 <<>> paulohenriqueamorim.com.br
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31727
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;paulohenriqueamorim.com.br. IN A

;; ANSWER SECTION:
paulohenriqueamorim.com.br. 3598 IN A 66.7.212.213

;; AUTHORITY SECTION:
paulohenriqueamorim.com.br. 86398 IN NS ns3.paulohenriqueamorim.com.br.
paulohenriqueamorim.com.br. 86398 IN NS ns1.paulohenriqueamorim.com.br.

;; Query time: 1 msec
;; SERVER: 83.149.105.188#53(83.149.105.188)
;; WHEN: Tue May 26 21:00:34 2009
;; MSG SIZE rcvd: 96


Somewhere in between a DNS server got mixed up, but I can't tell which and how. Mosttimes these servers adapt the settings from the originating servers. But these are not in real time updated, there is a delay after which the records are checked for changes.
Probably it is an European issue, as I and DonCurioso noted the problem. Last weekend the problem was also there (I didn't notice), but people complained on both occasions on XOOPS France also.

5
sailjapan
Re: DNS ISSUE - Xoops.org & dev.xoops.org has been redirected

I experienced this too from Japan. Maybe not just an EU issue.
Never let a man who does not believe something can be done, talk to a man that is doing it.

6
zyspec
Re: DNS ISSUE - Xoops.org & dev.xoops.org has been redirected
  • 2009/5/27 19:40

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


I also experienced this from USA

7
ghia
Re: DNS ISSUE - Xoops.org & dev.xoops.org has been redirected
  • 2009/5/27 19:53

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Then I think it is not anymore a local flipping DNS server and the XOOPS master DNS servers come again in the picture.
At Surpass, they may double check some things again.
Quote:
If there are any server side issues, this would have to be a malicious redirect or iframe insertion, something which I can find no evidence of on the server.
When DNS lookup queries come up with the wrong address, then it is no matter of HTTP redirection.

8
Yurdal
Re: DNS ISSUE - Xoops.org & dev.xoops.org has been redirected
  • 2009/5/27 20:08

  • Yurdal

  • Friend of XOOPS

  • Posts: 386

  • Since: 2005/3/27


also opendns.org users pointed to the brazilian website

9
DonCurioso
Re: DNS ISSUE - Xoops.org & dev.xoops.org has been redirected

Hi,

i think this isn´t a DNS issue. In a first time, we were speak (Runeher&me) about this and i told maybe somebody could hack our XOOPS site. Runeher consider this like a dns issue, but look suspicious, at least for me.

Today i had same results, around 6 pm GMT+2, during 1:30 hs approx
HispaXoops | Xoops España

That's the way i like it! | Nada mejor que una Alhambra bien helada con aceitunas...

10
zzzzsg
Re: DNS ISSUE - Xoops.org & dev.xoops.org has been redirected
  • 2009/5/27 21:19

  • zzzzsg

  • Just popping in

  • Posts: 86

  • Since: 2005/12/22



got the same problem here in usa too.
now okay.

www.xoops.org got redirected to a site called ConversaAfiada

I think it is an DNS issue.
When www.xoops.org was down, I did a ping to www.xoops.org and got an IP address 66.7.212.214 but no reply.
After www.xoops.org came up, I did a ping again and got a different IP 66.7.217.147 with successful replies.

A reverse dns lookup shows:
66.7.212.214 resolves to
"ns1.paulohenriqueamorim.com.br"
Top Level Domain: "com.br"
Country IP Address: UNITED STATES

Interesting. Somebody made a boo boo... well it happens to almost all sys admins. Don't feel too bad. Be careful next time.



Login

Who's Online

157 user(s) are online (79 user(s) are browsing Support Forums)


Members: 0


Guests: 157


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits