tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: DNS is hijacked and some filty AD is added at the bottom of our webpage
Date Wed, 09 Sep 2015 15:20:15 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Shi,

On 9/9/15 10:46 AM, shi wrote:
> Hi gurus,
> 
> We have a website running at a tomcat. Its web pages looks good.
> 
> Recently, we, however, find some of web pages contain the filthy AD
> at the bottom of the page.
> 
> We really could not understand why there are these filthy AD at the
> web page. We make sure the web page doesn't contain any ADs at
> tomcat. But when we access these webpage via internet, we find
> these filthy AD added..
> 
> We search related knowledge and find it looks like some DNS is
> hijacked. It causes when the client is accessing the website, the
> hijacked DNS will be used to translate the webname to  its IP.
> During this process, the hijacked DNS adds the filthy AD at the web
> page.
> 
> So my current question is: how to avoid/resolve this issue at java
> server side? Are there many good solutions to resolve it?

So, the *client's* DNS has been hijacked? The only thing you can
really do about that is require your users to use DNSSec or something
like that... not sure if that's even possible.

You could require HTTPS for everything and request certificate
pinning, but again there are ways around that.

You may not be able to do anything other than contact some authority
and try to get the rogue site shut down.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV8E4vAAoJEBzwKT+lPKRY5lkP/j6nfHoEydxcqbKeZxM7jVHG
/jxFbTdbt4qATsRj50IyEaZF2wTfhq17O1pfUQWa1zqXPxehJobl0otNmOTjoOwB
R5y3C5EUQPS8Umox1Tw+3liEDPDrOesqSPBm7XrvbS5u3kukOqBLC61KJgzsgDAu
YTqrMjODNffa7qIHOFSn6Wjy0R0dVVGa5RcxJ9f+Et7DPbHdtVa4Y7zXiltrVFBg
BHwTVSxCv8QrfTmSZgEJ819v+UZrh8lmytHnXsF4tkBvxubEEiKS3lDwTucrR/jl
mTbQDgEjra88heRl1cAU8xDVoy7y29TEZXlZcLzXG84BoAH82fOhFfo3PcMx0YI1
1W0zqCyuu7BYfgbkbtqRL76h2Nj7XPBL0qS3FmxctjZNLPAvs+2KUadkU6ecK0/6
ELnXJDZz6VzAm+cEr4Wynah42EGXBEq6y32t1Iv/s5WGv0CYmM7+TByE/s24ozzr
2BucnH1kH/3v8m5Dn6/MGpCkzaCT5+mJCR7da6nyzDN/Rupu+JAjjkj1jXjLkVgf
2EnKhN52t+Rdl+0UwV/e9qoPJgWQfBcpLQ6SkyD5h/L+SI6OPVMvHtT9w7py0EJf
LOdSAqSYt8a5CcICJFOKjip0O5icMqIwr4kwwFS0oKuUk1g8EfuiDjMlxylbLYvL
sU7+8Aa6cdyB1N+p38z7
=J+8s
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message