So, who was the naughty person web surfing from a DC? On Fri, Jan 22, 2010 at 08:20, Cameron Cooper <[email protected]> wrote: > Sorry… no this was just on their DC. > > > > _____________________________ > > Cameron Cooper > > System Administrator | CompTIA A+ Certified > > Aurico Reports, Inc > > Phone: 847-890-4021 | Fax: 847-255-1896 > > [email protected] | www.aurico.com > > > > From: Andrew Levicki [mailto:[email protected]] > Sent: Friday, January 22, 2010 10:10 AM > To: NT System Admin Issues > Subject: Re: Website Issue > > > > On ALL the client computers? Wow. > > 2010/1/22 Cameron Cooper <[email protected]> > > Looks like it was DNS poisoning. He looked in the host file and there were > a bunch of entries in there that was causing the issue. Once removed, they > were no longer being redirected to the p0rn site. > > > > _____________________________ > > Cameron Cooper > > System Administrator | CompTIA A+ Certified > > Aurico Reports, Inc > > Phone: 847-890-4021 | Fax: 847-255-1896 > > [email protected] | www.aurico.com > > > > From: Andrew Levicki [mailto:[email protected]] > Sent: Thursday, January 21, 2010 1:17 PM > > To: NT System Admin Issues > > Subject: Re: Website Issue > > > > And lastly check that the router is configured with the correct forwarders. > > > > Over and out. > > 2010/1/21 Andrew Levicki <[email protected]> > > Yes, good point, check the DNS clients' HOSTS file, which is located in: > > %SYSTEMROOT%\System32\drivers\etc > > > > Look for a rogue entry for the DNS name of the company website. > > > > Good luck. > > > > Andrew > > 2010/1/21 Andrew Levicki <[email protected]> > > Hi Cameron, > > > > Have you checked that the DNS clients are definitely configured with the > correct DNS servers in their network configuration? > > > > Assuming that you have them pointing to internal DNS servers, you should > then check that they are configured with the correct forwarders. > > > > Having done that, you should launch nslookup on those DNS servers and > checked that the DNS name for the company website resolve correctly. > > > > Finally you should run ipconfig/flushdns on the DNS clients. > > > > Please report back how you get on. > > > > Kind regards, > > > > Andrew > > 2010/1/21 Cameron Cooper <[email protected]> > > They have run their AV and run malwarebytes on all the servers and > > neither found anything. > > _____________________________ > Cameron Cooper > System Administrator | CompTIA A+ Certified > Aurico Reports, Inc > Phone: 847-890-4021 | Fax: 847-255-1896 > > [email protected] | www.aurico.com > > -----Original Message----- > From: Terry Dickson [mailto:[email protected]] > Sent: Thursday, January 21, 2010 12:52 PM > To: NT System Admin Issues > > Subject: RE: Website Issue > > Have they done an nslookup on the dns servers to see if they are getting > the correct dns entries? Have they been checked for malware that > changed the hosts file? > > -----Original Message----- > From: Cameron Cooper [mailto:[email protected]] > Sent: Thursday, January 21, 2010 12:42 PM > To: NT System Admin Issues > Subject: Website Issue > > A colleague's company is having issues accessing their own website, > which is hosted offsite. Internally when they try to access it, it goes > to a porn site. When anyone externally accesses the site, it goes right > to their website. He's cleared the DNS cache on all DNS servers and had > the router's DNS flushed as well. > > > > Their setup involves a an ISA server that acts as their proxy server. > > > Ideas? > > > > _____________________________ > > Cameron Cooper > > System Administrator | CompTIA A+ Certified > > Aurico Reports, Inc > > Phone: 847-890-4021 | Fax: 847-255-1896 > > [email protected] <mailto:[email protected]> | www.aurico.com > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > -- > Kind regards, > > Andrew Levicki MCITP MCSE CCNA > [email protected] > www.andrewlevicki.eu > > > > > > > -- > Kind regards, > > Andrew Levicki MCITP MCSE CCNA > [email protected] > www.andrewlevicki.eu > > > > > > > -- > Kind regards, > > Andrew Levicki MCITP MCSE CCNA > [email protected] > www.andrewlevicki.eu > > > > > > > > > > > -- > Kind regards, > > Andrew Levicki MCITP MCSE CCNA > [email protected] > www.andrewlevicki.eu > > > > > > > >
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
