dns cache getting messed up by quantserv/quantcast

HawkmanHawkman Registered Users Posts: 93 Big grins
edited October 18, 2009 in Bug Reporting
Hi,

Several times in the last month I end up with blank home page and unreachable galleries from my home computer. When I ping hawkman.smugmug.com I get an IP address that resolves to a quantcast or quantserv host instead of the correct smugmug IP. This seems to be happening since I started using Safari more, but I don't know if that is related. Eventually after flushing my dns cache, I get function back.

Looking at the source for my smugmug web page I see smugmug has embedded javascript from quantcast for the purposes of collecting web page statistics. It seems hard to believe this is a coincidence. This seems to be some quantcast javascript/ browser (possibly Safari) interaction gone bad. Can you shed any light on this issue?

Thanks,
Gene
Gene
Walk softly and carry a big lens!

Comments

  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited October 9, 2009
    Sadly, this is due to DNS malware attack out there. I'm sorry - I'm traveling now, using mobile... but Google for

    remove dns changer malware

    and you'll find info - it comes from a Ukranian hacker, and yes, it affects Macs and PCs both. :(
    Andy

    PortfolioWorkshopsFacebookTwitter
  • docwalkerdocwalker Registered Users Posts: 1,867 SmugMug Employee
    edited October 11, 2009
    My wife got nailed by this for many other sites she uses. Using OpenDNS she was able to get to sites while not on her work network. But work was forcing the DNS server she used. They finally were able to get it fixed but it is a pain. Do check the malware thing as it is very widespread.
    SmugMug Support Hero
    http://help.smugmug.com
  • HawkmanHawkman Registered Users Posts: 93 Big grins
    edited October 12, 2009
    I have tried and searched in vain
    No malware - I have searched in many ways with numerous malware tools. And it only happens with the smugmug site and only to those quantserve or quantcast addresses (which smugmug uses for web statistics - embedded in javascript).

    In addition, I can't imagine why malware would poison my smugmug.hawkman.com dns entry to a quantcast server that serves a blank html page.

    Gene
    Gene
    Walk softly and carry a big lens!
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited October 12, 2009
    Hawkman wrote:
    No malware - I have searched in many ways with numerous malware tools. And it only happens with the smugmug site and only to those quantserve or quantcast addresses (which smugmug uses for web statistics - embedded in javascript).

    In addition, I can't imagine why malware would poison my smugmug.hawkman.com dns entry to a quantcast server that serves a blank html page.

    Gene
    Neither did Quantcast - but they pointed us to those articles... did try the removal steps anyhow, just to see?
    Andy

    PortfolioWorkshopsFacebookTwitter
  • HawkmanHawkman Registered Users Posts: 93 Big grins
    edited October 18, 2009
    Sorry to get back so late on this. Yes I tried the instructions found for several versions of this type of malware and I had none. I also rand a lot of malware tools - malware bytes, Spybot S&D, Microsoft malicious software removal tool and all found none.

    Like I said it is an inconvenience - every once and awhile I have to manually flush the dns cache on my computer.

    Gene
    Gene
    Walk softly and carry a big lens!
Sign In or Register to comment.