Hi Folks

You'll need to be running port monitoring software to see this. :kilroy:

Why does opening any page on this forum
open multiple Remote Address & Port connections, (up to 18),
to an apparently fake domain - downloads.malwarebytes.org(72.233.76.234) ?

Attempting to browse downloads.malwarebytes.org gives a DNS failure
but 72.233.76.234 points to layeredtech.com

It's not a direct call from this page's html
and from a quick glance, not blatantly obvious in the javascript.



UPDATE
Pinging sim-outhouse.com resolves as 72.233.76.234
tracert on 72.233.76.234 resolves as downloads.malwarebytes.org

I'm not the only one seeing this,
see Google search results for - "downloads.malwarebytes.org(72.233.76.234)" (http://www.google.co.uk/search?hl=en&source=hp&biw=1157&bih=879&q=%22downloads.malwarebytes.org%2872.233.76.234%29 %22&gbv=2&oq=%22downloads.malwarebytes.org%2872.233.76.234%2 9%22&aq=f&aqi=&aql=1&gs_sm=e&gs_upl=1183l2618l0l3061l3l3l0l1l0l0l135l214l1.1l2l 0)



Many thanks
ATB
Paul

I would have to do some more investigation that I have time for this morning, however a quick guess is the DNS server you are resolving from is either out of sync or it may possibly have some bad routing tables - that is rare but it can happen. Without knowing your ISP or what DNS server you are resolving through it is impossible for me to be much more specific, you can however try OPENDNS and see it the problem resolves itself (no pun intended).

Not knowing your level of expertise with TCPIP settings and OS version I am not going to try to explain the process of setting it up, but you can look here and get the details;

http://www.opendns.com/home

There is also a very good guide to Open DNS on this site; http://www.guidingtech.com/3333/opendns-guide/
(http://www.guidingtech.com/3333/opendns-guide/)
and last but not least they have a pretty good support forum here; http://forums.opendns.com/

There is also Google DNS which is growing in popularity, but depending on your location and the number of hops to get to the closest Google DNS server there are some who report it as sluggish, I have not tried it for some time, I know for me it was very slow when I first tried but "your mileage may vary".

This is not even my field of expertise (not that I have any to begin with), but just knowing the past history of SOH being hacked and the damage that has done, I'm guessing this is a very elaborate "Strainer" if you will. . . .A way to run everything that happens on SOH through a fail-safe to guard against hackers, especially since Malwarebytes is a major anti-virus/malware detection software. Just my guess though.

However, after reading Gigs explanation, I would have to say, that I don't know what I'm talking about, so disregard anything I may have said that made me look less than intelligent, lol.

This is not even my field of expertise (not that I have any to begin with), but just knowing the past history of SOH being hacked and the damage that has done, I'm guessing this is a very elaborate "Strainer" if you will. . . .A way to run everything that happens on SOH through a fail-safe to guard against hackers, especially since Malwarebytes is a major anti-virus/malware detection software. Just my guess though.

However, after reading Gigs explanation, I would have to say, that I don't know what I'm talking about, so disregard anything I may have said that made me look less than intelligent, lol.

falcon409, you are not alone in level of understanding of DNS it is a fairly complex system, I am far from an expert but I do have a working knowledge, so while I am sitting here waiting on my RAID array to rebuild here is a quick & dirty on DNS if you are interested?

DNS stands for "Domain Name System" the simplest way to think of it is a massive phone book for the internet, as most of us know computers loves numbers and all devices on the internet or any network need to have a unique identifier, as in IP Address, this is great for computers but for use lowly humans we like names and letters, so we use things like www.sim-outhouse.com to get to our favorite website. Now the Domain name system is just one great big registry that keeps track of what unique IP address belongs to which domain (as in ours sim-outhouse.com) so when you type the name in the address bar of your browser the DNS server you are using looks it up and converts it to the right IP address for our computer and off you go to your favorite Flight Sim site in the whole wide world. That is the simplistic explanation I tell my users at work and I generally use sim-outhouse.com in my example, of course they all say I spend more time on sites like "boobiesRUs.com" but I have never been there I swear.

The thing about DNS is it has to be distributed and every ISP needs a DNS server to provide users a starting point, can you imagine if all domain name requests went through one server... now all of the ISP servers request updates from teh Domain Name registers on a regular basis from higher level DNS servers but there can be times when a site moves or a single DNS server is out of sync that web page requests are not directed properly so you enter www.sim-outhouse.com and the DNS is out of sync you get the wrong IP and end up at some obscure DIY Septic tank installation site... It does not happen often but it can, and DNS servers can be attacked by hackers the same as any other system, although that is becomming rare now due to the nature of their security and the fact that they are not easily accessible to the public. There were some big DNS hacks in the 90's when hackers had easier access so they would redirect any request from a legit site to whatever IP they wanted and you wound up on a porno site when trying to get your bank, but that has not happened in quite some time.

and that's all I got to say about that...

Hi Folks

Mike -
Are you infering
that a ping and tracert
gave you different results ?



If not,
then try the following-

Ping sim-outhouse.com
What IP does that resolve to ?

tracert that resolved IP
What domain name does that resolve to ?



Yes its a configuration issue,
question is whether its DNS or site originated.



I'm already using OPENDNS as my resolver.




I am sitting here waiting on my RAID array to rebuild
LMAO
Don't sit & wait.

As part of commissioning an installation -
Just deliberately broke and resurrected a networked 1TB mirror, (3 off 1TB disks).
Each resync iteration took 49 hours.



HTH
ATB
Paul

Hi Folks

Mike -
Are you infering
that a ping and tracert
gave you different results ?

If not,
then try the following-

Ping sim-outhouse.com
What IP does that resolve to ?

tracert that resolved IP
What domain name does that resolve to ?

Yes its a configuration issue,
question is whether its DNS or site originated.

I'm already using OPENDNS as my resolver.

LMAO
Don't sit & wait.

As part of commissioning an installation -
Just deliberately broke and resurrected a networked 1TB mirror, (3 off 1TB disks).
Each resync iteration took 49 hours.

HTH
ATB
Paul

Hey Paul, I see what you mean, I am getting the same result as you are when I ping sim-outhouse.com I get our IP 72.233.76.234, however a trace resolves that to downloads.malwarebyres.org. Very strange indeed, I will pass this along to Ickie and get him to check the forum configuration.

I have seen this type of thing before but it has always been the result of moving a site to a new host and the delay that always happens while all of the localized DNS servers get updated, we had it with the Hard of Hearing site I administer and it caused some confustion for a couple of days but that generally clears itself up in a day or two at most.

As far as waiting on the array, I am waiting for it to finish so I can mount a pair of 2 TB drives to replace an old 250gb and a dead 1TB Seagate Barracuda, I have the old drives disabled and if this was a server I could easily hot swap but this is my gaming rig and I don't have the room inside to get the old drives out safely while the case has power. I also noticed that if I shutdown when I restart the array starts to rebuild from scratch and I am close to 22 hours into the rebuild now. I really do not like the way this software RAID works but I am stuck with it for now. I am looking at investing in a good RAID controller over the winter and doing it right, maybe a couple of 1TB 10,000 RPM drives in a RAID 1 Array for my OS and main apps and run the other 5 in JBOD configuration. Now just to find the time and the drives - have you seen drive prices recently, the floods in Asia wipped out WD and Seagate production, no inventory likely into the supply chain until Q1 of 2012 from what I am reading...

I have data center looking into this, it is not the server but high up.

The invalid entry you are seeing for downloads.malwarebytes.org is because our PTR ("Reverse" DNSentry), which is controlled by the datacenter somehow got changed maybe last friday I am guessing since we went off the air for no reason from 3 to 5 PM, it took a reboot to restore. malwarebytes.org is also a customer of datacenter/layeredtech and must have IP's simular to ours.
I have datacenter working on restoring it to sim-outhouse.com
sometime maybe today it will be fixed.

You Rock Ickie.. Thanks for getting us back up and going :)
Pam

A few years ago I had found I was unable to snag updates from the Microsoft servers for my copy of Windows XP Home. It was very frustrating and lasted several months. At one point I recall sending calls to my ISP to which they simply ignored my requests. At any rate the fix was a manual DNS change. At the time they were routing through Virginia or some such thing (come to find out it was a data collection center around the time these legal proceedings were happening about the internet with Congress, etc). The link was broke along the way, which was incredibly annoying considering I was living in Washington and trying to download off servers in Seattle.

I've seen stranger things happen.

Hi Folks

Cheers Ickie
Resolving correctly as of this morning.

ATB
Paul

I found a few people (Pro techs, 19 years old) yesterday totally full of $HIT telling me it was all my fault and it lies in my server, one at malwarebytes trying to convince me I was a missing mobile 8110 database on my server. Even after showing them the links to trace route and all they had to do is click a link, they still defended their answer.
What the world is coming to, when you tell them the sky is blue all they see is green and will not back down from it or give a scientific mathematical answer, who the f*#^ cares if their math says (IF 1+1=3, then 3+1=5, and if so 5+1=7, then the answer has to be 7+1=9).
1 more beer please.

*Hands Ickie a good oatmeal porter.*

Cheers for all you do regardless.

Way to be. Sounds like they got the "Ickie Smackdown" :icon_lol:

You should have told them if they didn't wise up fast the penquin would be happy to come over and explain things! :kilroy: