Something illegal going on here!

[INVIGOR]

I own a very valuable domain name regged at moniker for years. I've had it parked with hitfarm for a year. I've checked the DNS at Moniker and they are correct; however, when I checked my stats today for the name, they were WAY WAY off!


After having a look, the name is NOT resolving to the hitfarm lander, it's resolving to www3.searchmirror.com/xxxxxxxxxxx

WTF?!?!? I changed absolutely nothing! What's going on?!?! Somebody is stealing my traffic!! This has to be illegal!

Any ideas??

[Onward]

What does hitfarm say?

[INVIGOR]

I just discovered it. They are closed right now, but I've sent them an email and another to Moniker. Everything is kosher at Moniker and I can see the log in history. The whois record is right too.

[Focus]

At a big ISP level maybe?

[Raider]

You might want to try changing the DNS and see if it resolves.

[DNBA]

well it dosent look like a hitfarm site.

1. make sure its still in your account
2. if it is with moniker make sure the dns is correct. there maybe a security issue with them cause it looks like a lot are popping off.
3. contact whois www3.searchmirror.com. looks like its pointing to a hostway.com server on ip 64.26.28.139
4. jusy because its right at moniker doesnt mean there could be an issue. keeping the same whois contact may not mean shit if its pointing to the right place
5. have you been working with any untrusted developers? someone that may have access to your accounts?

i wish you luck in finding out the situation. i manage quite a few huge portfolios and hot keys are not ones to just pass off on your account. so it seems like its root lever with the registrar.

[ecomindia]

to ensure your domains is rightly configured.

use the URL http://www.dnsqueries.com/en/domain_check.php

and you may find the bug!

i had problems like this many a times, and this site proved a gem for me.

[Commerce]

I think that there are at least to possible things going on here.

First, if the name is resolvable from elsewhere (and I'm fairly sure this is not the problem given your drop in hits) and not from your own client, then your local DNS resolver has been compromised.

If the name resolves badly from everywhere, then your DNS authoritative host server has been compromised.

The good news is that those problems are easily fixable and by now should have been fixed by you (if you support your own authoritative host and resolving DNS servers) or by your ISP if they paid any attention at all to the huge story last summer about this topic.

FWIW, the authoritative DNS and the resolver DNS servers are using the same type of software (DNS), but they are doing different functions. The authoritative server is there to serve "answers" to requests about your domain (from its host file) and the other serves to ask "questions" about domains from other DNS authoritative servers. Any good administrator will setup their DNS servers to allow them to only resolve the names they serve (as authoritative) and only resolve names for clients in its known network. Sadly there are a huge number that act as what is called an open resolver, meaning that as an authoritative server, it was also answer for other domain names (though it should not do so authoritiatively) and as a resolver will serve anyone out there. Both are probably unwise and certainly not recommended configurations these days without a darn good reason to do so.

If this is the case of an ISP who did not "get it", then they are reaping the harvest of paying no attention to a critical infrastructure problem. The bug relates to randomness of UDP ports for a DNS server. Patched versions of every major ISP have been out since mid-to later last year (in fact it was the biggest coordinated infrastructure applications fix in the history of the Internet).

Don't feel bad, your ISP is not alone. The stats on current DNS servers which actually address the bug are dismal. To me, if you want to be in the Internet business, you should know that something as basic as this kind of attack must be addressed if there is an answer.

While something else more nafarious could be going on, this would be the most logical guess and probably the starting point I would check first.

-Commerce

[INVIGOR]

changed dns to parked.com and it took. Not sure what the heck the problem was. I'll try putting back to hitfarm tomorrow and see what happens.

[Carter]

changed dns to parked.com and it took. Not sure what the heck the problem was. I'll try putting back to hitfarm tomorrow and see what happens.

Let us know.

[DomainTurn.com]

GoDaddy is good at changing dns when your name is going to expire even if they are
not the owners of the domain name. It is done automaticly. no concern about your use.

[Cartoonz]

Yahoo kicked the name off, that is what happens at hitfarm in a situation like that.

If it is not truly a "sensitive" name (what Yahoo uses to describe such cases) then ask your rep at hitfarm to appeal it with yahoo.

That other lander is what it will default to in cases like this.

[INVIGOR]

This is exactly what happened according to hitfarm.

Guys, this is absolutely ridiculous. The name is as generic as it freaking gets!! www(.)assurance(.)com! Now, a few weeks ago I got a C&D letter from Assurant Corp. I replied back with the assistance of Hitfarm and I thought it went away. They were moaning that links to their agents or their websites with the word "Assurant" were showing up on the links. Obviously, they or their agents are manipulating the keywords they pay for to get those links on the lander. Do you think maybe they escalated their complaint with Yahoo?

Yahoo kicked the name off, that is what happens at hitfarm in a situation like that.

If it is not truly a "sensitive" name (what Yahoo uses to describe such cases) then ask your rep at hitfarm to appeal it with yahoo.

That other lander is what it will default to in cases like this.