DNS Hijacking by BT

Similar Messages

• Wireless router dns hijacked

  Wireless network with multiple wired and wireless computers all working fine. add 1 laptop and the network stops working for all computers except that laptop. the status page in the router also changes to dns of 192.168.0.1 rather than the dns server info provided by isp. turning off that laptop and reseting router ( soft reset) everything works till that laptop is turned on again. Tried looking for virus or malware useing avg, ad-aware, spybot snd, hijackthis. all negative. even did rootkit revealer. nothin

  BrickWall wrote:
  I'm setting up my first home server; is this what I  should do as well?  I want to be able to access files and a web site from anywhere there's internet access.
  What you set for DNS on your router has no bearing on setting up a home server. You need to learn about Port Forwarding. Please take a look here:
  http://forums.xfinity.com/t5/Home-Networking-Router-WiFi/Port-Forwarding-Primer/td-p/1662603/
  You should also learn as much as you can about security when exposing a device on your home network to the Internet.

• BT DNS hijack for mistyped or invalid URLs

  I have just seen that BT have implemented this :-
  http://bt.custhelp.com/app/answers/detail/a_id/14244/c/346,402,405
  *without* customer knowledge or setting it as initially opted out.
  Why are you doing this ? Do you realise this can affect a wide range of applications expecting a certain browser response ?, and providing paid adverts ?
  You did a similar thing with the Business community a few months back when you added an "advert".
  Turn this off now.
  http://www.andyweb.co.uk/shortcuts
  http://www.andyweb.co.uk/pictures

  Ectophile wrote:
  I've just tried typing some bogus URLs into IE8 and Firefox, and both give the errors I would have expected.
  Hi.
  Many I suggest that you are not using the BT DNS servers allocated to you and have perhaps set specific ones ?
  I suppose it may differ based on the allocated DNS servers ......
  I usually set the Google ones, but occasionally change to allow them to be allocated by BT in order to test stuff. E.g. the posts of a few weeks ago when various users couldn't access some sites. In these cases, it's likely that BT will supply the "advert" page indicating that the initial website has gone - and hence offer others.
  This is advertising by the backdoor.
  http://www.andyweb.co.uk/shortcuts
  http://www.andyweb.co.uk/pictures

• DNS lookups to VPN hijacked by WRVS4400N (fw v1.1.13)?

  I have a WRVS4400N on the latest firmware offered by Cisco.  After a whole run of problems with previous firmware, this one seems to be almost perfect except for this odd issue I've been encountering now (that I hadn't encountered on previous firmware).
  It seems as though DNS lookups through the WRVS4400N are being redirected through a different DNS from the one set on the client (presumably, the router is taking all outbound UDP DNS queries and 'fixing' them to direct at the WAN DNS).
  I've verified this by using the 'host' command in UNIX (where 192.168.2.140 is the DNS server on the remote VPN network):
  1) Using a standard UDP DNS lookup from the LAN (192.168.1.0) to the VPN
  $ host test.intranetdomain.com 192.168.2.140
  Using domain server:
  Name: 192.168.2.140
  Address: 192.168.2.140#53
  Aliases:
  Host test.intranetdomain.com not found: 3(NXDOMAIN)
  2) Using a TCP DNS lookup from the LAN to the VPN
  $ host -T test.intranetdomain.com 192.168.2.140
  Using domain server:
  Name: 192.168.2.140
  Address: 192.168.2.140#53
  Aliases:
  test.intranetdomain.com has address 192.168.2.5
  3) Using a standard DNS lookup to an unassigned IP on the local LAN
  $ host test.intranetdomain.com 192.168.1.250
  ;; connection timed out; no servers could be reached
  4) Using a standard DNS lookup to a nonsense internet IP
  $ host test.intranetdomain.com 254.254.254.254
  Using domain server:
  Name: 254.254.254.254
  Address: 254.254.254.254#53
  Aliases:
  Host test.intranetdomain.com not found: 3(NXDOMAIN)
  These tests are pretty revealing:
  Test #1 shows a standard DNS query as a client system would typically perform it.  It's querying the server and the server is returning that the address I've asked it for is not known.  This is unexpected behaviour as the server at that IP address definitely knows test.intranetdomain.com exists.
  Test #2 shows that if queried using TCP instead of UDP, the DNS does know test.intranet.domain.com exists.  So, is the host command in Test #1 actually talking to my server?  It doesn't seem so.
  Test #3 is a demonstration of the expected response when host cannot talk to a remote DNS or that server doesn't exist. In this case, I'm using host to query an IP on my LAN that doesn't have anything on it.  This should be the response I get when I try to query a nonexistent server on the internet as well.
  Test #4 shows that in spite of the expected responses in Test #3, the WRVS4400N doesn't act as expected.  It shows the same type of response we saw in Test #1 even when querying non-existent IPs.
  In summary, the tests show that the WRVS4400N in firmware 1.1.13 is capturing all standard UDP DNS queries regardless of the IP they're directed to, and forwarding them to another DNS (I assume the WAN DNS).
  This seems like it may have been thrown in as an unmentioned 'feature' and is behaviour I might expect from a 'home' routing solution but not a small office solution such as this.  My company VPN requires DNS to be resolved by our servers inside the office network so this is not acceptible.
  Configuration Details:
  WAN: DHCP, dynamic IP, dyndns
  LAN: defaults for everything, static DNS set to use servers across the VPN
  VPN: IPSec tunnel to remote network 192.168.2.x
  IPS: Disabled
  Firewall: Defaults
  Any assistance or commentary from someone in-the-know would be appreciated.  Also, any comments from those also experiencing variations on this issue.
  Message Edited by litui on 03-10-2009 06:25 PM

  I've experienced the same DNS hijacking unable to use OpenDNS features unless I set the outside interface to static which is really DHCP by my cable provider. Of course, this is only a temporary work-around. Linksys/Cisco could allow for selectable DNS on the outside interface to resolve this problem, but they won't even look at a code change... unless EVERYONE complains. I requested this almost a year ago via a TAC case & their reaction was development almost never update unless they get many requests.

• Comcast & OpenDNS hijack Browse By Name

  This thread has more details about Google's Browse By Name
  https://support.mozilla.com/en-US/questions/790755
  Every now and then I support friends/family/clients that are on Comcast or were Geek Squadded into OpenDNS. I try to keep my clients on Firefox for it's robustness and security.
  There is a growing problem with both services, they hijack Firefox's Browse By Name integration and insert the query into their own search engines. Its more of a hassle/nuisance, but it just doesn't sit right with me.
  I found an OpenDNS thread on this issue- http://forums.opendns.com/comments.php?DiscussionID=158
  Any thoughts on how to bypass the evilness when having to work on both networks?

  It's technically not a lookup failure, I used the word hijack because it's Comcast and Opendns stealing the Google BBN searches. I've witnessed DNS hijacking of hacked websites, it's not pretty.
  Depending on where I am, it may take some time to modify DNS settings on a computer, whether it be because of admin lockdown, virus, user error, or some strange unknown bug...
  Sometimes I am talking to people over the phone without visual aid from Teamviewer. So it's much easier to tell them where to go in Firefox to fix the search rather than explain in detail how to change their DNS settings.
  So, how do I configure the Fox to force BBN? (no matter what DNS server I'm connected to)

• Java.Openconnection FOUND by ClamXav

  Hi,
  I have been having trouble with my credit card information being stolen. It was suggested that it might be because my computer is infected with a virus. So I downloaded ClamXav to see if I could find any viruses that might be making my information vulnerable. I scanned my whole hard drive, and apart from a bunch of phishing emails, the only thing that it found was the following.
  /Users/erpilgrim/Library/Caches/Java/cache/javapi/v1.0/jar/ms03011.jar-3847f8dc- 39f62109.zip: Java.Openconnection FOUND
  Does anyone know what Java.Openconnection is? Could it cause a problem with the security of my information such as my credit card numbers? What would be the proper way to deal with it? Would it be okay to remove it from the java cache? Or is it needed there?
  Any help with this would be greatly appreciated. Any suggestions about security precautions with Tiger would also be appreciated.
  Thanks,
  erpilgrim

  You could remove that file, since it appears to not be a standard one for Java in Tiger 10.4.11.
  And I checked into my most active Tiger system, via the path you found yours (in User/ acct)
  and did not see any jar file with ms- {though did a search and found the java.Openconnection
  item to be a Windows-targeted malware often sent via infected email to other computers.)
  While I have no experience in finding or removing malware (have ClamXAV, but it found nothing)
  I did see a reference from a few years ago, as well as some newer ones, just by google search
  of the name java.Openconnection to see what if anything came up. Reference to a Trojan item
  did come up, under varying names; mostly related to Windows and spread by email.
  An old virus report from about two years ago, came up; it has more than one named item with
  variant java.Openconnection listed, along with other names, etc. +This may not be helpful+ but
  usually with ClamXAV, you can find and remove possibly infected files from found locations.
  And you could remove that item from the cache, probably. Perhaps someone else with more
  experience in using the anti-virus/malware tool ClamXAV (or contact the developer via email
  or a form on the site support, if one is available) could be more helpful in the overall situation.
  +The following report on the virus that Symantec.com dubbed+ Trojan.ByteVerify
  File ms03011.jar-3847f8dc-50961bb6.zip
  • re: Hacked Nation: VirusTotal Report: Trojan.ByteVerify:
  http://hackednation.blogspot.com/2008/09/virustotal-report-trojanbyteverify.html
  This has been said to only affect computers running a Windows operating system; so in
  the case of a dual-boot computer capable of running a Windows partition or with a virtual
  system running a layered virtual machine in another system, such malware could be in
  a Mac and if that computer runs (or connects, sends, shares) files that can get into a
  non-Mac OS X system, that other computer or OS version (windows via BootCamp, etc)
  could be infected.
  You can see if any outside connections are attempted by something running in your computer
  by getting Little Snitch (licensed shareware with fee) and it will keep track of such effects.
  If you have visited web sites posing as authentic other places (fake banks, fake vendors where
  you entered a credit card number to buy something; etc) someone other than an intended site
  may have gotten that personal information. Also, if you have been using old compromised web
  browsers and have not updated or upgraded them, and also updated Adobe Flash & Shockwave
  plugins, you'd have to get the newest applicable player plugins and use their Uninstaller to delete
  the old installed Flash player and Shockwave player, and quit all browsers, to install replacement
  players. Each has their own uninstaller for these Adobe items. They are security risks, btw.
  There may also be a DNS hijack situation going on in your computer, too; where it would be
  re-directed to fake sites by having substituted the correct web DNS numbers with corrupted
  ones, and you may be taken to places where they'd be harvesting your personal data from
  their own on-site keystroke and other spyware logger software. This would not have to be
  installed into your computer for them to get your information.
  You can change the DNS numbers (and not pay a fee) if those in your Networks settings;
  and that may help stop any redirects that way; but there is another way to search for a
  common redirect using a free scan feature to find and help remove DNS Changer redirects.
  • Open DNS for Mac (cnet downloads)
  http://download.cnet.com/OpenDNS/3000-2381_4-169629.html
  These kinds of topics have been discussed, so in Apple Discussions, there are referenced
  questions and some replies that seemed to work in general topics; not specific to this one
  item you noticed in the java folder/files. But that one item is known, per the link above.
  The DNS Changer/DNS hijacker (redirect trojan) is another direction to look into; this also
  has been spelled out in the Apple Discussions a few times; details about this item read:
  +*Trojan DNSChanger* also known as rootrkit TDSS and redirect virus is name of a group of trojans+
  +(zlob dns changer, Troj/Rustok-N, W32/Tidserv. gaopdxserv.sys trojan, UACd.sys trojan, …) that+
  +once installed, redirects you to malicious websites and stealing personal identities.+
  You should not have to buy anything to find and get rid of this; and the same, when deciding
  to use the checked and tested Open DNS alternative numbers in your network settings.
  • DNS Changer Trojan removal tool, free:
  http://macscan.securemac.com/files/DNSChangerRemovalTool.dmg
  +{I've had at least 10 interruptions in the course of attempting to write a coherent reply to this issue+
  +and I have a situation in real time that does not compute to anything, for me anywhere!. Sorry for a+
  +long, broken yet partial reply. Part of the job of parent-sitting: when they get old & flaky.}+
  Good luck in this matter!

• Avast 2015

  Looks like avast! has just released avast! 2015 .   They are continuing to use the year for the "version" number (rather than calling it "avast 10" [although internally, it's 10.0.2206]).
  I have NOT yet tested this product... we'll see when I get around to it.   Even though this is an "official" release [i.e., no longer in beta], I would suggest people wait a few weeks, until this new product is fully tested (unless you're intentionally "playing with it" on a non-essential "test box", just to see what happens).
  Here is the list of major changes/improvements (copied/pasted from https://forum.avast.com/index.php?topic=157515.0 )
  • HTTPS scanning
  Ability to detect and decrypt TLS/SSL protected traffic in the Web-content filtering component. This feature will protect you against viruses coming through HTTPs traffic as well as adding compatibility for SPDY+HTTPS/ HTTP 2.0 traffic. You can tune/disable this feature in the settings section.
  • AVAST NG (Next Generation technology)
  A hardware based virtualization solution capable of running each Windows process in standalone safe virtualized environment (VM) and fully integrated to your desktop. Each process is executed in its own instance of VM, which means totally isolated from your other applications. This feature is now powering the Avast DeepScreen, resulting in better detection. Avast NG requires HaredWare virtualization enabled.
  • SecureDNS (this feature is active in the paid versions only)
  A new provider which guards against unprotected DNS/DNS hijack on a router/client (including unsecured networks, public ones, etc.).
  • Home Network Security
  Scan your home network for vulnerabilities (wifi status, connected devices, router settings, factory passwords, etc.). It helps to discover potential problems not isolated on the particular device only, but in the entire network of devices you use or connect to the Internet from.
  • Smart Scan
  Integrated all on demand scans into one (Antivirus, Software updates, Home Network, GrimeFighter). One scan, different results and recommendations.
  • GrimeFighter Free
  GrimeFighter will offer free cleaning of junk files and tuning of system settings. These tasks are performed by our Zilch and Torque minions. Other minion functions remain as paid-for features.
  • New Support System
  Easy contact for paid users to submit a ticket with all info included automatically. Improved knowledge base for free users. Help is completely online and is more up to date.
  • General bugfixing
  This covers a lot of stability & performance changes in all components (but the main focus was traditionally on the network & engine components).
  It should be possible to install this version on top of your existing avast! installation (all settings should be preserved). Or you can use in-product updater.
  But to play it absolutely safe, you should BACKUP your existing settings before installing the new version, so that you'll be able to IMPORT them if needed/desired.

  I've finally decided to give avast 2015 a chance, on my secondary (WinXP) system.
  First, I backed-up all my customized settings by opening the Avast User Interface / Settings / General / Settings Backup / Back up settings.
  I downloaded Avast 2015 build 2208 from MajorGeeks... I felt more comfortable using their download, than going through Avast itself... which redirects you to CNet [which has a bad reputation for "questionable" installers including extra PUPs] :-(
  I then went offline, to run the installer... I didn't want to be online, as I'm not sure how protected I'd be during the installation process.
  I made sure to DE-select the two Google/Chrome pre-checked options, and go for a CUSTOM installation.
  I DE-selected Secure Line (which, to the best of my understanding, is a PAID service), and Grime Fighter (which I believe is just a bunch of garbage I don't want on my system).   Since this was an XP system, Avast recognized that:  it automatically removed mention/choice of the Avast "Gadget", as well as NG, the "Next-Generation" which requires hardware virtualization that's not part of my ancient XP system.   I  allowed the new Home Network Security... I'm curious to see what, if anything, that will find.
  I noted the EULA, and continued with the installation.   An Avast icon appeared on my desktop... and a reboot was required to complete Avast's installation.
  I opened avast's User Interface, to RESTORE the customized settings I had previously backed-up.   (I did NOT take time to investigate... it's possible they might have been properly transferred/imported... I just didn't want to risk things).   I rebooted the system to make sure these would be fully acknowledged.
  Looking at the tabs on the left, the STATUS tab (from 2014) has been renamed as OVERVIEW (in 2015).   Several other tabs/functions on the left --- as well as under SETTINGS --- were renamed/combined.  
  Observation:   The Overview screen contains a "mysterious" new karma link toward the upper-right.   According to a poster in the avast forum:   "This is new in Avast 2015, you collect Karma [rewards] points [and badges] by using features of Avast, [like] installing Mobile security on your Android devices, posting on the forum, &etc.   It's planned that you can get 'swag' with these points, like free licenses maybe, or other stuff". 
  I checked out most of the SETTINGS to make sure they were as I wished... including importing all the customized settings from the previous version.   My registration was successfully carried-over as well.
  At this point, I allowed the system back online, updated the definitions, and performed a FULL system SCAN.   Surprisingly, this took only 10 1/3 minutes (including [an optional] scan for PUPs):  17.4 Gig of data, consisting of 77,510 files in 4523 directories.   [As expected, no problems were found.]
  I then tried the new HOME NETWORK SECURITY scan.   This scanned my Network and Router... very quickly (about half a minute), and pronounced everything secure:   Wireless secure (=encrypted), Router configured correctly, and my devices are NOT visible from the Internet
  By the way, a SMART SCAN (available from the SCAN tab) is a simple way to have avast run all the types of installed scans:   a virus scan, a software-updater scan, AND a home network scan [and Grime Fighter, if that module was installed]; which again showed no problems.
  Internet access is working, in IE, FF, PaleMoon & OutLook Express, including access to secure httpS:// sites.
  All-in-all, a good experience so far (with the exception of the "karma" nonsense).
  Finally, stress again that I have NOT tested avast's NG (Next Generation) hardware virtualization technology, since this feature is not available on XP.   This component seems to be one of the more problematic added to the new 2015 version, so anyone installing/testing it is still on their own.   I intend to wait a while longer before installing avast 2015 on my primary Win7 system.

• BT and trying to get a VPN to work

  Having seen the messages about VPN dropping and this has affected me for weeks, I have finally found the solution
  due to a forum memebr so thank you very much. This is what they pointed me to and I works - immediate access:
  1. Go to http://preferences.webaddresshelp.bt.com/selfcare/
  2. Click "BT Web Address Help Preferences" link
  3. Disable it & select "Save Settings"
  4. Select "Close"
  5. Exit browser
  6. Disconnect VPN connection
  7. Give it a few minutes for changes to take effect on BT equipment
  One thing to note is that I had to go to a non-wireless computer in the house to set the preferences as wouldn't do it from the laptop (my work IT guy said that this was something do do with changing settings to the router wireless process)....
  Hope this helps others

  Deborah wrote:
  Having seen the messages about VPN dropping and this has affected me for weeks, I have finally found the solution
  due to a forum memebr so thank you very much. This is what they pointed me to and I works - immediate access:
  1. Go to http://preferences.webaddresshelp.bt.com/selfcare/
  2. Click "BT Web Address Help Preferences" link
  3. Disable it & select "Save Settings"
  4. Select "Close"
  5. Exit browser
  6. Disconnect VPN connection
  7. Give it a few minutes for changes to take effect on BT equipment
  One thing to note is that I had to go to a non-wireless computer in the house to set the preferences as wouldn't do it from the laptop (my work IT guy said that this was something do do with changing settings to the router wireless process)....
  Hope this helps others
  Hi Deborah.
  Indeed this has been known for a while, and yet I'm afraid that BT have ignored complaints and requests to turn if off by default and make it "opt-in".
  I've had it on my shortcuts option 17 for weeks, in fact I even posted first about it in these forums :-
  http://community.bt.com/t5/BB-in-Home/BT-DNS-hijack-for-mistyped-or-invalid-URLs/m-p/45082#M27424
  http://www.andyweb.co.uk/shortcuts
  http://www.andyweb.co.uk/pictures

• How does one 'see' open tcpip connections

  Hi all,
  I am a neophyte w.r.t. mac's and mac os. So bear with me.
  In windows - you can go to a 'command line' and enter a 'netstat' command and list all the 'open' IP connections that your computer has. You can look at ports and the processes that have them open, etc...
  Is/are there something similar in/on the mac os??? if so - what are they/where? a reference to them?? anything would be a help..
  I am pretty good in the windows world or at a command prompt - someone point me in the right direction.
  Am trying to troubleshoot where the bottleneck is in slow browser performance.
  Thanx,
  Steve

  I seem to recall reading in these forums somewhere that some instances of slow browser performance had been attributed to a DNS hijacking trojan that had been installed on the victim computer.
  You may want to review these articles just to make sure that you don't have it: www.macworld.com/article/60823/2007/10/trojanhorse.html and www.dnschanger.com

• Trying to clone a bootcamp drive

  My Bootcamp partition woks well enough on my Early 2008 MacPro Tower....Windows XP pro runs whatever I try, running big programs is the only slow part, loading takes awhile...so I want to clone this partition to a new SSD drive...I've replaced all my other SATA drives with SSDs, and loading times drop precipitously......so, how to do it? Disk Utility wont format my new SSD to NTFS, only FAT...and when I run carbonCopyCloner, it says this wont be bootable. Bootcamp will do it, but it wants me to create a USB drive with all the bootcamp software installed first, and a windows install disk I may not be able to find anymore. I suppose I can create a USB drive with Bootcamp software, stop it just after it reformats to NTFS, then run CarbonCopyCloner, but this seems a pretty cumbersome solution. Anyone know a better way? just a good free program to reformat a drive to NTFS would work, I just havent found one...
  I will raise a Toast to the writer of the best solution.....
  (Actually, I thought of the program "Toast" but it only formats DVDs....)
  Jim
  ps, running the must recent Mountain Lion.

  Go Organic XP,
  Lifted from a 2009 article on lifehacker lifehacker.com/5195783/format-a-usb-drive-as-ntfs-in-windows-xp
  "Windows XP does have the ability to format drives with the NTFS file system, but you wouldn't know it by looking at the format dialog—normally the option is disabled.
  To enable it, open up Device Manager and find your USB drive, go to the Properties -> Policies tab and then choose "Optimize for performance". Once you've done this, you'll see the NTFS option in the format dialog.
  Readers should be warned, however, that once you've enabled write caching you will need to use the Safely Remove Hardware dialog to avoid losing data—though once you format the drive as NTFS you can switch the write caching back off."
  Remember to use the Then try the carbon copy cloner method
  If carboncopy cloner gives you the same message, follow this link to the Microsoft resolution section on running sys to move the core boot files to the new drive
  http://support.microsoft.com/kb/314057
  The article has some good relevant reminders on the XP command specifics.
  XP was fun, but (I bet you heard this before) Remember to keep the XP machine away from the internet, away from email, away from documents, image content, audio codec's, you only have about 50,000,000 threats your totally vulnerable to and for which no way exists to not be impacted.
  If you partake in un-trustable user space content in XP and don’t isolate yourself, your safe behaviors won’t save your machine from exploit. If it connects to XP thumb drives, CD's, well, everything is exploitable
  Not a judgment call on windows XP, just a fact based reflection of the territory in which you indicate the machine will have to live in.
  If you get it working, you may be able to run "Microsoft EMET", system requirements are only that you be able to run the dot net 4.0 framework. If you get it to run, please report back. It should offer substantial mitigation against a plethora of threats for which no patch is available. to find it, use duckduckgo.com to search for  "Microsoft EMET"
  The latest EMET even does certificate pinning mitigation realtime for apps system wide. Impressive.
  Not being a fan boy, noting that the DNS hijack vulnerability is 26 years old and OS/X, iOS and Android fail to implement in the OS certificate pinning of user installed apps. In iOS & Android the app developer coders should do this, but it would be nice if the OS/X got on board with a supported friendly user method.

• All secure websites ask for login twice

  I have banking, paypal, google, yahoo, Amazon, Netflix all say the first time I login that the user name or password is wrong and when I enter the same user name and same password the second time it logs on. Sounds like a key logger. Win 7 64, most current Firefox, fairly new win 7 install, new computer, New router Netgear 6300, Vipre Internet Security. This all just started on Wednesday.

  A client-side keylogger isn't going to make you type everything twice. But a DNS hijacker might. Have you already changed those passwords?
  Please check your connection setting here:
  "3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button
  The default of "Use system proxy settings" will piggyback on your Windows/IE "LAN" settings. You could try "No proxy" to see whether that makes any difference.
  Your system-level DNS servers can be discovered using a command prompt.
  Start menu > search box, type '''cmd.exe''' and press Enter
  At the prompt, type '''nslookup mozilla''.''org''' and press Enter
  Windows should report your current DNS server by name and address, as well the info for mozilla.org. For example:
  Server: cdns01.comcast.net
  Address: 75.75.75.75
  Non-authoritative answer:
  Name: mozilla.org
  Addresses: 2620:101:8008:5::2:1
  63.245.215.20
  If the server is not the one you normally associate with your internet service provider, or one you set up manually (e.g., for OpenDNS or Google Public DNS), then that would be suspicious. Note that DNS can be set in Windows and/or in your router.

• Why won't Firefox let me access Google when it is in the tool bar anyway?

  I set the browser to open at Google and at first, I had no problem, but now Firefox is blocking me accessing the site, saying it is unsafe and will cause harm to my computer. I have used this site for years and had no problem, so why is this happening, please. Chris Keys

  Hi Chris, if you have never seen that error before, the issuer chain is what connects the site's SSL certificate with a globally trusted certificate. Typically one or more "intermediate" certificates are involved and the server needs to send those to the browser. Novice webmasters sometimes forget, but with Google, that seems unlikely. We should consider other possibilities.
  (1) Cache mismatch
  You can clear Firefox's cache of previously retrieved pages (not history but the files themselves) using:
  orange Firefox button (or Tools menu) > Options > Advanced
  On the Network mini-tab > Cached Web Content : "Clear Now"
  If you have a large hard drive, this might take a few minutes. When you revisit Google, Firefox should retrieve all the files fresh and hopefully this will clear up the issue.
  (2) DNS hijack
  Firefox usually relies on Windows to look up the true internet addresses of servers, but this can be overridden by a proxy setting or by an extension, and you might do this if you have signed up with a private VPN service (for anonymous browsing) or are using a TOR add-on.
  (A) Proxy setting
  You can review/modify your setting here:
  orange Firefox button (or Tools menu) > Options > Advanced > Network mini-tab > Settings button
  The default setting is "Use system proxy settings" which should cause Firefox to use the same connection settings as IE.
  (B) Extensions
  You can review, configure, disable, and often remove extensions here:
  orange Firefox button (or Tools menu) > Add-ons > ''in the left column click'' Extensions
  Any that specifically target Google, such as privacy-related extensions, would be worth checking and possibly disabling.
  Usually a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.
  (C) External software
  Other software on your computer can change how Windows finds site, including malware. If you are inclined to run a few supplemental scans, this support article recommends some free tools for that: [[Troubleshoot Firefox issues caused by malware]].
  (D) Router settings
  Often your DNS servers are actually set in your router, either one supplied by your internet service provider or one you've added on yourself to share your connection locally. If you find that you have the same problem in IE, then this definitely is worth checking.

• Does BT use a proxy server?

  I am trying to use OpenDNS with Btinternet. I get a message saying that i cannot use OpenDNS because there is a suggestion that the BT service runs via a proxy server. Does any one know if this is the case? Many thanks

  timcooke wrote:
   Thank you for offering to help. As you might know OpenDNS is a parental controls offering that routes traffic via their filtering servers. It used to work fine until about 6-9 months ago whn I started getting the following error message.
  “Your DNS filtering settings might not work due to DNS IP address (92.242.132.15) and HTTP IP address (86.179.60.99) mismatch.” When I click on more details the most relevant part seems to be:
  “However, in many situations this means that your connection is being sent through some kind of proxy which will likely have an impact on your use of OpenDNS services. Check with your ISP to see if they proxy DNS or HTTP traffic.  This is especially common with many wireless and satellite broadband providers”
  My IP address is corectly shown as 86.179.60.99.
  Although I am reasonably IT literate I do not understand networking so any help you could give or advice on questions I should ask BT to get OpenDNS working again would be great.
  Tim
  The IP address 92.xxx etc is indeed the Barefruit (effectively the DNS hijacking system). As I mentioned, it's not a proxy server, but a DNS proxy which are different items.
  You can turn off the Barefruit interference. Go to my shortcuts option 17a/b.
  AFAIK quote a few people use OpenDNS, so it's a little surprising that this hasn't come up a lot before.
  http://www.andyweb.co.uk/shortcuts
  http://www.andyweb.co.uk/pictures

• How can I find flash media playback setup page? Flash media playback OSMF site - missing, hijacked, bad DNS?

  How can I find flash media playback setup page? Flash media playback OSMF site - missing, hijacked, bad DNS?

  I'm having this issue as well. Weird how hard is to find info and solutions on Google.What do people use instead? A lot of tutorials link to this page...

• Has my DNS been hijacked? (FTP problem)

  I am connecting by FTP to this machine as root to edit some root-owned files in Transmit. Now I open
  /private/var/log/ftp.log
  and I see log entries like this
  <pre style='font-family: Monaco;width: 90%; margin: auto; padding: 5px; border: 1px solid #B1B5B9; background: #EEEFF1;'>FTP LOGIN FROM hoetechnology.com as root (class: real, type: REAL)</pre>
  Google revealed that hoetechnology.com is a notorious malware site that fools Mac users into installing a bogus codec that instead hijacks your DNS.
  Examining my own computer revealed my DNS settings were default, so no viruses had hijacked my DNS.
  Examining my router revealed the same default DNS settings.
  Examining my DSL modem revealed that the modem was set to Earthlink DNS servers, so that apparently is the DNS I am using.
  I even flushed my DNS cache to no avail.
  Does anyone know what this means?

  Note: ran into this SAME pinkteentop.com thing.
  Converted my Host table over from Tiger based off
  this source:
  # This MVPS HOSTS file is a free download from: #
  # http://www.mvps.org/winhelp2002/ #
  # Notes: the browser does not read this "#" symbol #
  # You can create your own notes, after the # symbol #
  # This must be the first line: 127.0.0.1 localhost #
  # ------------------Updated: 08-18-07---------------------#
  Umm this really freaked me; from reading my routing table, it
  "hijacked" my ip address and made it look like it installed itself
  on my internal network 192.168.x.x
  If this fell into...it looks like a vector/hole/exploit.
  i'm going to use a blocking host table **** or High Water;
  have for long time and it has served me well.
  Because the routing table gets messed, i proposed that
  an internal trojan/virus was installed, was broadcasting
  back to pinkteentop and was using my machine as a
  replicator of their ***** relay.
  Jim