Jump to content

cant access forum on pc but can on phone?


Recommended Posts

Any ideas why this could be? I can access malwarebytes.org and downloaded my 2.0 upgrade but cant access the forum from my PC but i can from phone.

Ive also gotten a couple other interesting anomalies like a bing landing page when attempting to go to microsoft.com intermittently.

Think this is an ISP or DNS issue? Some kind of MITM attempts spoofing pages?

Link to post
Share on other sites

Hello and Welcome to Malwarebytes

Being that you are having anomalies and if you want to make sure your not infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

That's not the DNS server's problem.  That's a problem of the Registrar if something goes awry and false information is sent to root DNS servers and is subsequently propagated throughout the DNS system.  It isn't Google or CenturyLink's problem if they receive faulty data on a system's address.

 

The real concerns are either with privacy or if the Public DNS Server does malicious site poisoning.

 

More or less all DNS Servers are equally secure.  Some servers like from OpenDNS provide a possible increased level of security by poisoning malicious sites.  However a False Positive (in this sense) could mean being unable to access a favourite site because it was falsely poisoned.  And yes, I have seen it happen with OpenDNS and is why I stopped using them years ago.

 

Using DNS Servers is like using a PhoneBook.  If you want Person_X's Phone number you go to the PhoneBook. 

If you want Site_X's IP address you go to a DNS Server.

 

If you want to keep your kids safe and not call 900 sex lines you use a PhoneBook that excludes 900 numbers.

If you want an increase in security you may choose to use a DNS Server that poisons malicious sites.

 

It is kind of like using the HpHosts or MVP Hosts file but at the DNS Server level instead of a Hosts table in the /etc folder.

 

The problem is that some ISP DNS Servers get overly taxed and fail to provide a resolution reply in a timely fashion.  This can seem like you can't access the web site or the web site takes a long time to start loading.  By supplementing the DNS Table with known, fast, Public DNS Servers that kind of resolution "problem" is mitigated.

 

The other security concern with DNS was the situation created by the DNSChanger family of Trojans which changed the DNS Server table on a computer (and some SOHO Routers) to point to "deliberately malicious" DNS servers.

Link to post
Share on other sites

The DNSChanger trojan family is now history ( thank G-d! ) but it is good to understand what has happened in the past 'cause you know history repeats itself and it may be used again in the future.  Understanding what happened is important so discussing the DNSChanger is a "good thing" and I know you are hungry for information and just starting to put the pieces of the malware arena puzzle together.

 

If the DNS table was altered on a PC then you would know by running one of the logging programs, using HiJack This! or using the command line IPCONFIG /ALL.  The IP addresses of the malicious DNS Servers were fixed so once you knew the list they were easily spotted.

 

The Router is a little more complicated.  Before I get into that let me say how EASY it is to mitigate this situation.  That is by two things set on the Router.

 

1.  Disable Remote Management.  That is you disable the ability to manage the Router from the POV of the Internet.  Management of the Router must be done from the POV of the LAN side.

 

2.  Change the default Admin Router password to a Strong Password.  The default password is well published for the vast majority of Routers so if one keeps the default it is an easy exercise to compromise it.

 

There are two situations that one may see when they use DHCP and get an IP address from the Router as well as DNS.

 

The first in getting the actual DNS Servers.  The other is getting the IP address of the Router and the Router forwards the DNS Requests to the DNS Servers.

 

In the first case, if you ran IPCONFIG /ALL you may get a response such as below...

post-14644-0-31978800-1395875929_thumb.j

 

In the second case, if you ran IPCONFIG /ALL you may get a response such as below...

 

post-14644-0-32229400-1395876075_thumb.j

 

So in the case of the latter, the DNS servers actually being used is obfuscated by the forwarding of DNS requests to the Router which then forwards the requests to the DNS servers it has in its table.

 

In that case you would have to login to the SOHO Router and physically examine the DNS table.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.