1. Dismiss Notice
  2. Picture Of The Week (POW) Information and Submissions
    CLICK HERE!
    (if you are logged in, this notice can be dismissed using the "x" to the top right of the notice)

    Dismiss Notice
  3. Official PK Poll: Is there any future in refilling?
    CLICK HERE!
    (if you are logged in, this notice can be dismissed using the "x" to the top right of the notice)

    Dismiss Notice
  4. PK Featured Thread: IP4000 ink level never moves
    CLICK HERE!
    (if you are logged in, this notice can be dismissed using the "x" to the top right of the notice)

    Dismiss Notice

DNS URL Redirect Attack

Discussion in 'Printer Forum Announcements & Feedback' started by Nifty, Feb 21, 2016.

  1. Feb 21, 2016
    Nifty

    Nifty Printer Master Administrator

    Joined:
    Nov 3, 2004
    Messages:
    1,852
    Likes Received:
    239
    Trophy Points:
    247
    Location:
    Bay Area CA
    Printer Model:
    Canon i560 & Brother MFC-7440N
    Over the past day or two the site has been attacked by spammers. They were able to redirect our URL to various spam sites.

    I've been working tirelessly with the tech team to find the cause and then a solution to the problem. The internet routing of the site's domain name (the DNS) and the URL routing got hijacked.We've since fixed the problem on our end, but it sometimes takes hours and even days for "propagation" of the fix to all the servers around the world to get the info that the change has been made.

    It sucks that there are so many people around the world doing all they can to maliciously attack sites and servers. We've been lucky over the years that we've been able to keep most spammers and hackers at bay (even the big companies with all their money and experts have a hard time fighting the scourge), but we're working hard to ensure it doesn't happen again!
     
  2. Feb 21, 2016
    stratman

    stratman Printer VIP Platinum Printer Member

    Joined:
    Apr 19, 2007
    Messages:
    3,831
    Likes Received:
    2,114
    Trophy Points:
    323
    Location:
    USA
    Printer Model:
    Canon MP830, Pencil
    Thank you for the explanation, Nifty!
     
    Nifty, sony53, Roy Sletcher and 2 others like this.
  3. Feb 21, 2016
    Ink stained Fingers

    Ink stained Fingers Printer Master

    Joined:
    Dec 27, 2014
    Messages:
    1,443
    Likes Received:
    1,419
    Trophy Points:
    213
    Location:
    Germany
    Printer Model:
    R265, L300, L800, Pro 7600
    thanks for taking action !!
     
    Nifty, sony53, The Hat and 1 other person like this.
  4. Feb 22, 2016
    ThrillaMozilla

    ThrillaMozilla Printer Master

    Joined:
    Jan 18, 2011
    Messages:
    1,148
    Likes Received:
    309
    Trophy Points:
    213
    Possibly something to do with this?
    https://nakedsecurity.sophos.com/2016/02/22/worlds-biggest-linux-distro-infected-with-malware/
    http://blog.linuxmint.com/?p=3001
    Maybe coincidence, but something was going around.

    http://arstechnica.com/security/201...cks-silently-delivers-ransomware-to-visitors/

    It may not have anything to do with either, actually. As Nifty said, this appears to be the fault of DNS. Still, the attack looks rather similar. I tried to visit this site, and got redirected to some other site that presented what looked like search results. I don't understand this stuff, but NO WAY would I click on any of those links.
     
    Last edited: Feb 22, 2016
    Nifty likes this.
  5. Feb 22, 2016
    The Hat

    The Hat Printer VIP Moderator

    Joined:
    Jan 18, 2010
    Messages:
    8,447
    Likes Received:
    3,161
    Trophy Points:
    363
    Location:
    Wicklow Ireland
    Printer Model:
    Canon Rule in My House
    All I know is, that this bug is a new kid on the block and that’s why it’s been more successful that others, most of the Anti-virus company’s had no idea it was there till yesterday, we check with 58 different anti-malware companies and none of them had no record of it, they do now.

    It managed got past my Symantec into a temp folder without detection but was then blocked when it tried to launch, it got quarantined..;)
     
    Nifty likes this.
  6. Feb 22, 2016
    turbguy

    turbguy Printer Master Platinum Printer Member

    Joined:
    Sep 10, 2007
    Messages:
    1,284
    Likes Received:
    882
    Trophy Points:
    263
    Location:
    Laramie, Wyoming
    Printer Model:
    Canon i960, Canon i9900
    I am still getting redirected at home using windows 7, Google chome, even after clearing the cache. But, if I use an android tablet from home (same DNS server?), no problems getting to the site.

    Go figure...
     
    Nifty likes this.
  7. Feb 22, 2016
    Nifty

    Nifty Printer Master Administrator

    Joined:
    Nov 3, 2004
    Messages:
    1,852
    Likes Received:
    239
    Trophy Points:
    247
    Location:
    Bay Area CA
    Printer Model:
    Canon i560 & Brother MFC-7440N
    Ya, DNS propagation is a weird thing. Throughout the whole experience I was having very inconsistent results using my phone (cell network) desktop, etc. Some people didn't have any problems and others are still having problems even today.

    It's so frustrating that there are so many people out there trying to do harm. We've updated all the software, beefed up security, and increased our daily backup procedures. Nothing guarantees 100% safety from this junk, but we're doing all we can!

    Thanks to all you guys for your patience and understanding!
     
    PeterBJ and The Hat like this.
  8. Feb 24, 2016
    ThrillaMozilla

    ThrillaMozilla Printer Master

    Joined:
    Jan 18, 2011
    Messages:
    1,148
    Likes Received:
    309
    Trophy Points:
    213
    For what it's worth, I changed my DNS server right away to Google (8.8.8.8), and I've had no trouble since. I have no idea whether that's what fixed it, however.
     
    Nifty likes this.
  9. Feb 26, 2016
    websnail

    websnail Printer VIP Platinum Printer Member

    Joined:
    Oct 27, 2005
    Messages:
    3,219
    Likes Received:
    642
    Trophy Points:
    317
    Location:
    South Yorks, UK
    Printer Model:
    Epson, Canon, HP... A "few"
    The joys of DNS propogation are just endless... As a rule you're looking at 24 hours for any changes to propogate but some DNS servers have TTL (Time to Live) settings that wait closer to a week which just makes this sort of thing all the more "interesting".

    Good catch though Rob...
     
    Nifty likes this.

Share This Page