Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Rndom internet sites redirected to page with error about being blokced by firewall

Posted on 2014-04-28
6
Medium Priority
?
311 Views
Last Modified: 2014-06-04
We have about 70 users. Every now and then some users have reported that the get redirected to webpage that says your Firewall is blocking this site. I have attached an image of the browser page. When I looked at the attached screen shoot it seems like it is being directed to blocked-wescreenshootbsite.com and the error is fake. I am not sure if all users are effected or not since the users that have reported this tell me that it does not happen all the time. This primary happens on knows sites such as youtube, facebook.....
I wonder if there is a common software on their computer that has caused this.
We have Viper antivirus and have a Cisco asa 5505 firewall. I wonder how I could to see if there are others with the same issue. Only 4 people have reported within the last month.
I am going to scan one of the computers using malwarebytes,. Your suggestions are appreciated.
0
Comment
Question by:netcomp
6 Comments
 
LVL 10

Expert Comment

by:Sam Simon Nasser
ID: 40027739
i suggest to run a malware scan on the reported computers.
question: what is your blocking policy or software? i.e. SQUID or TMG? cause the website redirect to www.blocked-website.com .. i tried accessing it but it gives an error as well
blocked.jpg
0
 
LVL 10

Accepted Solution

by:
Rafael earned 2000 total points
ID: 40027757
I noticed from your screen shot that you're using OPEN DNS. You need to log into the Open DNS portal for your company and see if you're blocking or controlling these sites through DNS.
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40036971
It might be a spyware, try to check your host file if there's anything there or run malwarebaytes.
0
 
LVL 1

Author Comment

by:netcomp
ID: 40039751
You were right. Our DNS servers were pointing to Open DNS. For some reason the old IT admin had are DNS forwarders pointed to Open DNS. I am not sure why he had done that. I replaced it with the ones from our ISP and the issue looks resolved.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
In this article, we’ll look at how to deploy ProxySQL.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question