Help me please!

[Fuzz]

Please help me out!

Everything was fine last night but now when I can only access this site through a proxy. I can ONLY post in this forum section, so please do not move the thread as I will not be ale to look at it anymore

I cannot use the shoutbox, I cannot PM, I can only post in this forum.

I just can't connect to the forums unless I use a proxy.

I can only get one two people's profiles that are not my own, Dollparts' and Lanceor's.

Please help me

Feel free to e-mail me: fuzz--@hotmail.co.uk

Thanks

Edited May 2, 2011 by Fuzz

[DarkRider]

Strange, it's something on your end, nothing has changed in your account here. Thinge to try: use a different browser, undo any updates your PC might have added last night, make sure you didn't accidentally blacklist this site, delete cookies/browser cache

[Fuzz]

Strange, it's something on your end, nothing has changed in your account here. Thinge to try: use a different browser, undo any updates your PC might have added last night, make sure you didn't accidentally blacklist this site, delete cookies/browser cache

[DarkRider]

Do you receive an error of any kind when trying to access the site normally without using the proxy server?

[Fuzz]

Do you receive an error of any kind when trying to access the site normally without using the proxy server?

[DarkRider]

If you test now, is it working?

[Fuzz]

If you test now, is it working?

[DarkRider]

We are working on it, just sit tight.

[Fuzz]

We are working on it, just sit tight.

[DarkRider]

Okay everything looks kosher on our end, the only thing we can do is add an additional DNS line for the tesalliance.org domain, which we have done. Trick is, it may take up to 48hrs for the system cache to clear and reflect that change. You'll have to keep checking back to see if it clears, unfortunately that's the best I can do at this point. Hang in there, you'll be back in action shortly I'm sure, we'll continue to follow the situation from this thread.

[DarkRider]

Any luck using the site normally today Fuzz?

[syscrusher]

Greetings!

I manage the DNS infrastructure for my company, so I thought maybe I could chip in here.

There are a couple of things you should check. First, be aware that there is some Windows malware out there that hijacks your system's DNS resolver to point it at their DNS servers. Sometimes this is for identity theft purposes (pointing you at phishing sites to capture your passwords to web sites you visit), and sometimes it is for the purpose of sending your browser to their spam sites randomly. You should get a reputable malware scanner and run it on your system. Maybe you're clean, but it never hurts to be vigilant. Ideally, download the scanning software onto a bootable CDROM on another system (else the scanner itself can be compromised!). Boot your machine from the CDROM and scan.

From the Windows command line, you can use the "nslookup" command to see where your system is obtaining its DNS information. Type "nslookup tesalliance.org" and you should see something like this:

Server: something.something.yourISP.net

Address: 999.999.999.999

Non-authoritative answer:

Name: tesalliance.org

Address: 67.18.16.2 (or .3)

The first two lines will vary depending on your ISP, but beware if they don't look legit. If the address looks like 192.168.___.___, or 10.____.____.____, or 172.____.____.____, then there is a good possibility your DNS is being provided by your home wifi hub, cable modem, etc. In that case, the *real* info you need will be obtained by logging onto that device's administrative interface, usually accessible with a web browser (you'll typically need a password). Query the hub or modem to ask *it* what it is using for upstream DNS. The good news is that these little hubs and modems are less often compromised than the PC itself.

The second two lines will tell you what your system thinks is the IP address of tesalliance.org. That should not vary; if it does, then there is a potential malware situation. I say "potential" because some ISPs force you to use *their* proxy, but don't necessarily document that, so you may be having problems with an unwanted proxy but not necessarily a nefarious one.

I happen to run Linux here, which has some additional DNS diagnostic tools. If you can run the nslookup command and post the results here, I may be able to use the Linux tools from here to give you some additional troubleshooting data.

I don't want to scare you too much with the malware situation -- more likely than not, your ISP's DNS server is temporarily b0rk3n. It happens all the time. But I did want to make you aware of the possibility so that you can take due precautions.

Hope this helps.

Kind regards,

Syscrusher

[syscrusher]

Woohoo.... I found that the tool I would use to diagnose this on Linux is available for Windows as well. I had hoped that would be the case. Here is the link:

ftp://ftp.isc.org/isc/bind9/9.5.0-P2/BIND9.5.0-P2.zip

This is a pretty official source...ISC are the people behind BIND, the Berkeley Internet Name Daemon, which is the UNIX/Linux software that runs most of the Internet's DNS infrastructure.

You do NOT need (nor want) to install the entire BIND package. Just open the archive in WinZIP or equivalent, and extract the files dig.exe, dig.html, host.exe, and host.html to a directory on your hard drive.

Dig works a lot like Microsoft's nslookup, but provides much more information. Try this:

dig -t NS tesalliance.org

This will tell you which nameservers you are querying for the TES Alliance domain.

Once you have an IP address for any server, you can find out something about who owns that address by running this:

dig -x ____.____.____.____

putting in the IP address of interest.

Note that "dig -x" is not always going to be the exact reverse of a regular "dig". For instance, a "dig -x" on the IP address of one of the TES Alliance DNS servers returns this:

2.16.18.67.in-addr.arpa. 86400 IN PTR gator480.hostgator.com.

That doesn't match their domain, but that doesn't mean anything nefarious is going on. Rather, it means that they are using hostgator.com to provide their DNS services, a very common situation.

The "host" command is a quick-and-dirty IP address lookup, with very simplified output. It's handy to have available but isn't going to give much useful diagnostic information here; I mention it only because installing it is a target of opportunity since it's right there in the archive.

Here is what I get from the dig command here:

$ dig tesalliance.org

; <<>> DiG 9.7.1-P2 <<>> tesalliance.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39637

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;tesalliance.org. IN A

;; ANSWER SECTION:

tesalliance.org. 8757 IN A 67.18.16.2

;; AUTHORITY SECTION:

tesalliance.org. 44134 IN NS ns960.hostgator.com.

tesalliance.org. 44134 IN NS ns959.hostgator.com.

;; ADDITIONAL SECTION:

ns959.hostgator.com. 8756 IN A 67.18.16.2

ns960.hostgator.com. 8756 IN A 67.18.16.3

;; Query time: 1 msec

;; SERVER: 192.168.64.2#53(192.168.64.2)

;; WHEN: Wed May 4 12:01:11 2011

;; MSG SIZE rcvd: 134

The "authority section" should look pretty similar from your end.

By the way, if you "dig -x" on one of those special IP addresses (192.168.___.___, 10.___.____.____, or 172.___.___.___), you may not get a meaningful result. Those are "local address spaces" whose usage depends either on your home network setup or your ISP's network setup, and they're not governed by the global DNS service.

Syscrusher

[Fuzz]

I am back on the site normally now

I just came on today at it works perfect!

Thanks for the support

[syscrusher]

I am back on the site normally now

I just came on today at it works perfect!

Thanks for the support

[DarkRider]

The problem was on our end, but thanks sys

Welcome back Fuzz