What is DNS?
DNS is an acronym for Domain Name Server. DNS servers can be compared to digital phone books. When you type in a domain name, a DNS server will lookup the corresponding IP address for that domain.
What is DNS Hijacking?
DNS hijacking (AKA DNS redirection) occurs when a DNS server returns an invalid IP. Your browser will connect to the IP address returned by the DNS server. If a rogue DNS server is returning an invalid IP address, your web page request will be processed by an impostor.
How does this affect me?
You may notice that you are redirected to a landing page filled with advertisements when you mistype a domain name into your browser. A few ISPs (Internet Service Providers) have begun to redirect traffic on invalid domains for the purpose of generating revenue.
What can I do about it?
I found this to be very annoying. The landing page didn't display any useful information and I would have much rather seen an error page displayed. The following steps detail how I was able to regain control of the hijacked DNS responses and turn them into something useful.
The end result is that invalid domain name requests are now automatically redirected to Google, where I can now view a nice set of search results. An added benefit is that I am now able to use the web address bar in my browser as a search bar.
This was done on Unbuntu 9.10; exact changes on your system may vary. This can be done on Windows systems as well, however you will need to lookup the exact locations for your hosts and apache configuration files.
Step 1:
The first thing I did was add an entry to my /etc/hosts file. The domain name you are redirected to when a DNS query is hijacked will be displayed in your browser. Assign this domain name a local IP address on your system. In my case, I added the following line:
Code: Select all
127.0.0.3 assist.mediacomcable.comNext, view the contents of /etc/apache2/mods-enabled/. You'll want to ensure that rewrite.load is present. If not, execute the following command from within that directory.
Code: Select all
sudo ln -s ../mods-available/rewrite.load rewrite.loadNext we will add a virtual host to apache. This will accept connections on the IP address specified in the /etc/hosts file. In my case this was 127.0.0.3. Working in the directory /etc/apache2/sites-available/ create a file named auto_redirect.
Code: Select all
<virtualHost 127.0.0.3>
ServerName assist.mediacomcable.com
DocumentRoot "/var/www/autosearch"
DirectoryIndex index.php
<Directory />
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order deny,allow
Deny from all
Allow from 127.0.0.3
</Directory>
</VirtualHost>
Now that the file is created we must place a symbolic link into the sites-enabled folder.
Code: Select all
cd ../sites-enabled/
sudo ln -s ../sites-available/auto_redirect auto_redirectRestart Apache
Code: Select all
sudo /etc/init.d/apache2 restartIn your web root, create a folder named autosearch. On my system this is located at /var/www/autosearch/.
Create an .htaccess file. This will reroute all requests to index.php.
Code: Select all
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L,QSA]Code: Select all
<?php
$query = urlencode(isset($_GET['domain']) ? $_GET['domain'] : 'invalid request');
header("LOCATION: http://google.com/search?hl=en&q=$query");If everything was done correctly you will have solved the DNS hijacking issue and will now be redirected to useful results if you mistype a domain name.