Yes, good point, check the DNS clients' HOSTS file, which is located in: %SYSTEMROOT%\System32\drivers\etc
Look for a rogue entry for the DNS name of the company website. Good luck. Andrew 2010/1/21 Andrew Levicki <[email protected]> > Hi Cameron, > > Have you checked that the DNS clients are definitely configured with the > correct DNS servers in their network configuration? > > Assuming that you have them pointing to internal DNS servers, you should > then check that they are configured with the correct forwarders. > > Having done that, you should launch nslookup on those DNS servers and > checked that the DNS name for the company website resolve correctly. > > Finally you should run ipconfig/flushdns on the DNS clients. > > Please report back how you get on. > > Kind regards, > > Andrew > > 2010/1/21 Cameron Cooper <[email protected]> > >> They have run their AV and run malwarebytes on all the servers and >> >> neither found anything. >> >> _____________________________ >> Cameron Cooper >> System Administrator | CompTIA A+ Certified >> Aurico Reports, Inc >> Phone: 847-890-4021 | Fax: 847-255-1896 >> [email protected] | www.aurico.com >> >> >> -----Original Message----- >> From: Terry Dickson [mailto:[email protected]] >> Sent: Thursday, January 21, 2010 12:52 PM >> To: NT System Admin Issues >> Subject: RE: Website Issue >> >> Have they done an nslookup on the dns servers to see if they are getting >> the correct dns entries? Have they been checked for malware that >> changed the hosts file? >> >> -----Original Message----- >> From: Cameron Cooper [mailto:[email protected]] >> Sent: Thursday, January 21, 2010 12:42 PM >> To: NT System Admin Issues >> Subject: Website Issue >> >> A colleague's company is having issues accessing their own website, >> which is hosted offsite. Internally when they try to access it, it goes >> to a porn site. When anyone externally accesses the site, it goes right >> to their website. He's cleared the DNS cache on all DNS servers and had >> the router's DNS flushed as well. >> >> >> >> Their setup involves a an ISA server that acts as their proxy server. >> >> >> >> Ideas? >> >> >> >> _____________________________ >> >> Cameron Cooper >> >> System Administrator | CompTIA A+ Certified >> >> Aurico Reports, Inc >> >> Phone: 847-890-4021 | Fax: 847-255-1896 >> >> [email protected] <mailto:[email protected]> | www.aurico.com >> >> >> >> >> >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> > > > -- > Kind regards, > > Andrew Levicki MCITP MCSE CCNA > [email protected] > www.andrewlevicki.eu > > > > > > -- Kind regards, Andrew Levicki MCITP MCSE CCNA [email protected] www.andrewlevicki.eu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
