Home > Computer miscellany > 403 Error – Hijacked websites

403 Error – Hijacked websites

September 30, 2010 Leave a comment Go to comments

I have been getting a peculiar error for a while now — some of the most popular sites return a “403 Error — Forbidden” in boldface. At first sight it might seem that this is a result of too many requests from my network (ISP) to these sites. But occasionally I get the view of a hijacked website as well, like the following:

And if I look carefully, I see that the browser connects to smartname.com and also tries to connect to some address 192.168.243.77, which is not an address on my own network (and which it does not find). This picture also shows the browser connecting to domdex.com, which I have no clue about. The browser can still find secure websites. But this is clearly the work of some malware, probably not on my machines which run Kaspersky anti-virus 2010, but on the nameserver/proxy server of my ISP. And since the said ISP is BSNL, it is impossible to find any way of lodging a complaint beyond the simplest ones like `no connection’. I have had this problem earlier, but thought it was a result of the google and yahoo!/youtube sites being hacked. Now I think this is the result of a more local hacking.

In another incident, not sure if it is related, I found that the homepage of both my browsers had been set to mywebsearch.com.

Update: Searching for this IP address on the net gives this post and not much else. Searching about hijacked google I could find several suggestions, and I am trying out some of them, like running malwarebytes and an anti-virus (Kaspersky). Nothing so far. Of course I have already tried clearing the cache and deleting cookies. I still don’t know if it’s my machine that is affected, or the network/ISP.

Update: The problem may have been on my computer. I ran Malwarebytes after reading some advice on the internet, and it found several files, including many in the registry, infected with trojans. I have not had the problem since cleaning the infected files. Malwarebytes is available at cnet.com, but if your computer has been infected, you have to find another computer to download it. The funny thing is, I am running Kaspersky anti-virus, and it didn’t stop this trojan.

Update: It happened again yesterday, and this time nothing showed up on the virus scans, either by malwarebytes or kaspersky. So I set my DNS to the google public DNS, and it seemed to solve the problem. See here for the procedure.

Advertisements
  1. Mrityunjay Agrawal
    September 30, 2010 at 4:54 pm

    The same problem is faced by me. I too observed that my browser is trying to connect to 192.168.243.77 which is not an IP address in my LAN. Neither a ping is getting any response from this IP.

    Initially I thought that my anti-virus is blocking these sites. But soon other computers in my LAN started showing the same problem.

    My service provider is also BSNL. When I tried accessing internet through a Reliance network at my friend’s office through my laptop, same sites were working perfectly fine.

    So I do agree with Hutom that this is perhaps a problem at BSNL end and not at the PC end.

    Anyone who knows a fix to this problem is most welcome

    • Hutom
      October 1, 2010 at 1:06 am

      In the past I have called up their helpline and filed a complaint — the generic kind that says `press 1,2,3 … if the problem is …’ Usually the problem was solved, but it is not clear if that was because of the complaint, since the problem came back soon. Perhaps if enough people complain, they will look for the cause.

  2. October 1, 2010 at 9:26 am

    Yes, I too had the problem in south India from morning till about noon today(Friday, Oct 1). Apart from 192.168.243.77 I also logged 64.95.64.197, which turned up whenever I pinged a website using command prompt. If you visit the 64.95.64.197, it gives the same error which came when the network was down.

    If you find an official release from BSNL or who/what is behind this, please let me know. Luckily it happened when I am at home, otherwise my parents would have found it very difficult.

  3. Aashish
    October 14, 2010 at 8:22 pm

    I am also getting exactly the same kind of problems as Hutom, Mrityunjay & Abhijeet.
    After trying to login to say yahoo mail, I see that the browser connects to smartname.com and also tries to connect to some address 192.168.243.77, which is not an address on my own network (and which it does not find). This picture also shows the browser connecting to domdex.com, which I have no clue about. The browser can still find secure websites. The snapshot is exactly like what Hutom has uploaded except that it has yahoo mail instead of gmail.

    There was no problem, however, in opening the same yahoo mail website from my mobile.

    Can anybody help me regarding this problem?

  4. Krishnakanth
    October 17, 2010 at 5:32 am

    I too faced this problem in my home machine. Initally I thought it was some rootkit but since my machine is running on Winodws 7 64-bit, I was sure this was not a rootkit. Running Spyware doctor turned nothing. Then I figured it as an issue in BSNL DNS Server. So, I am currently using Google Public DNS Server and the problem is resolved. Hope BSNL fixes the issue at the DNS servers soon!!!!

    • Hutom
      October 18, 2010 at 3:24 pm

      I ran malwarebytes (available from cnet.com) and it found some trojans. I have not had any problems since clearing them out. So my guess is that it is a virus causing this problem, and the virus is sitting on your machine(s). Run a good anti-virus on full scan (surprisingly, kaspersky did not do a good job in my case), and hopefully it will go away.

  5. Vinay BV
    October 26, 2010 at 6:02 pm

    The problem is that this virus is pretty exhaustive. It redirects sites such as rediff and others. So the solution to set DNS to google’s public DNS server helps solve only the google issue but not the others.

    Malware, MS MRT, Kaspersky, etc., don’t work.

  1. October 23, 2010 at 2:02 am
  2. November 24, 2011 at 1:52 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: