Tell HN: DNS hacked? Redirected to forward.rewardfinds.com?
This problem popped up for me about a week ago. Requests to retail websites would be redirected to forward.rewardfinds.com, which then redirects to the requested website. I imagine rewardfinds is some affiliate program. I thought perhaps some malware, but after trying it on both a Windows and Ubuntu box, I suspected DNS. Flushed my DNS cache, switched over to 8.8.8.8 & 8.8.4.4 (Google's DNS) and that solved the problem.
Didn't think much of it, but a friend pinged me with the same problem. Did a search and it appears others are having the same problem (http://support.mozilla.com/mr/questions/766714).
At first I thought it was some nefarious tech at my ISP who figured s/he'd earn some extra bucks redirecting everyone's requests, but it appears more widespread.
Has DNS been hacked?
4 comments
[ 4.4 ms ] story [ 24.4 ms ] threadhttp://en.wikipedia.org/wiki/DNS_cache_poisoning has definitely been exploited in the wild. A friend of mine in AWS had to investigate cache poisoning attacks happening on certain ISPs a few years back that were hijacking images.
Edit: Are any affiliate params or headers being passed to the forward page?
Yes, affiliate params were being passed in the URL to the forward page.
You mentioned that it's not confined to just your ISP - It's possible for these DNS attacks to cascade due to the nature of DNS, so the attack may have originated higher up than just your ISP's DNS servers. But they should be able to have a better idea of what's happening.