Link to home
Create AccountLog in
Avatar of Philsh
Philsh

asked on

DNS lookup issue

I work for a non-profit agency. It has come to my attention that if you put in our website address on a smartphone, it seems to be getting "hijacked" and going to dating and other inappropriate websites.  From a desktop PC, everything seems fine. Our DNS is hosted by Network Solutions.   Any ideas how to correct this?
Avatar of Paul MacDonald
Paul MacDonald
Flag of United States of America image

How many different phones have you tested?  How many different cell carriers have you tested?  

When you say it works from a desktop, have you tested desktop computers outside your network?

What's the URL?
Is it just with one smart phone or all clients?
It might be an malware on the smart phone if this issue is only with a specific smart phone.
I would look at what the cell phones are using for DNS.  There are apps for Android phones and I would expect also for iOS phones.

If it really is only happening on mobile phones, it may not be a DNS issue.  Your web site may have different code for lower resolution (typically phone or tablet) devices.  If your site was compromised, that code may be pushing users to the other sites.  I'd check the web site to see if that got hacked.
Avatar of Philsh
Philsh

ASKER

It happens on many different smartphones - Verizon for sure. Will need to see which provider the other phones are on.  

www.caaofcc.org
I can duplicate/verify  the problem.  Fascinating.  FWIW, I'm on Sprint.

This is almost certainly (though not definitely) not a DNS problem on your end.
On my Verizon cell phone (connected to my WiFi and using my local DNS), it appears to go to the correct page, though somewhat different from the one my desktop goes to.  It looks as if it is one that attempted to deal with the lower resolution.

The URL resolves to 208.91.197.27.

I shut off WiFi on my phone and tried the same tests and got the same results.
@paulmacd: can you confirm the IP address that the URL resolves to?

It is very interesting that I didn't see the same problem.
Avatar of Philsh

ASKER

The IP should be 107.180.21.239.
ASKER CERTIFIED SOLUTION
Avatar of CompProbSolv
CompProbSolv
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
'CAAOFCC.ORG' resolves to 208.91.197.27 on my desktop.

"I'm still suspicious of something in the web page itself doing the redirection."
I'm inclined to think it's something in the web server itself, but it could be something in the page.
I'm not a web designer so have limited knowledge of the details here.

I'm not aware of how the server itself would distinguish the different clients, though that may just be my ignorance.

How do you think that the server or page is deciding what to display to the different clients?  I could imagine it being based on OS, browser, or screen resolution.

I got the results I described (proper on desktop, improper on phone) with Google and with Chrome on both platforms, and with IE on the desktop.  I presume that a web server or page can distinguish between Google on Android vs. Google on Windows.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Philsh

ASKER

Someone hacked into my hosted account and added a ".htaccess" file that was redirecting only mobile devices.
That would do it.

Nice job tracking down the fix.
Sounds good.

Don't forget to fix the DNS setting for the URL without "www.".