Page 1 of 1

GTSS Working?

Posted: Wed Jul 25, 2007 7:54 pm
by Paul
Hi All,

Could some folks from an active group, e.g., pharr-d, please see if GTSS is now working? For several weeks now it has been failing with a "403 Forbidden" error.

It might be best if you first emptied your browser's cache, sometimes known as "deleting temporary internet files."

Please let me know outcome. Thanks.

Cordially,

Paul

Posted: Thu Jul 26, 2007 12:22 am
by Bert
It works again for me.

Re: GTSS Working?

Posted: Thu Jul 26, 2007 4:08 am
by marmar2
[quote="Paul"]Hi All,

Could some folks from an active group, e.g., pharr-d, please see if GTSS is now working? For several weeks now it has been failing with a "403 Forbidden" error.

Paul:

Well done! It works for me too.

Did you find out what the problem was?

Great to be in action again.

Maria Brandl
Pharr-d

Posted: Thu Jul 26, 2007 3:25 pm
by Paul
Thank you Bert and Maria. I am most grateful for your efforts.

In fact, neither I nor my ISP knows what caused this. But I do know that my code hasn't changed in many months. Hence *something* must have changed at the ISP.

I am sorry to all GTSSers about this hiatus. Let's hope this is last of such difficulties.

Cordially,

Paul

Posted: Sat Aug 18, 2007 4:48 pm
by Alex Green
Hello, Paul!

Is there is something wrong with the login page of GTSS, I can't find it?

Posted: Sat Aug 18, 2007 5:55 pm
by edonnelly
Alex Green wrote:Is there is something wrong with the login page of GTSS, I can't find it?
Yikes! It appears to have been infiltrated by evil spammers. Paul...

Posted: Sat Aug 18, 2007 8:12 pm
by perispomenon
Yeah? It seems OK to me.

Posted: Sat Aug 18, 2007 8:20 pm
by edonnelly
What?? Here's what I get:

Image

P.S., Adelheid, I love your new avatar. was the water really that blue in Greece? It looks great. The Cunliffe is a nice touch.

Posted: Sat Aug 18, 2007 8:47 pm
by perispomenon
edonnelly wrote:What?? Here's what I get:

P.S., Adelheid, I love your new avatar. was the water really that blue in Greece? It looks great. The Cunliffe is a nice touch.
I have no problems when I go directly to http://www.greekgeek.org/groups/login.htm

Ohh, and yes that water was all that blue :-)

By the way, I couldn't do without Cunliffe... I drag it along with me just about anywhere...

Posted: Sat Aug 18, 2007 9:42 pm
by Alex Green
edonnelly wrote:What?? Here's what I get:
I have got the same page. :-(

P. S. The avatar is really great. :-) I did not know that it is Greece. Is this picture a real photo?

Posted: Sat Aug 18, 2007 10:01 pm
by Bert
perispomenon wrote: I have no problems when I go directly to http://www.greekgeek.org/groups/login.htm
That is the what I use but I get the same result as Alex and Ed. Maybe it is GreekGeeks new look. A picture of Paul's wife or daughter beside the menu.
I'm not confident that that's it and I am afraid to try the menu.

Posted: Sun Aug 19, 2007 5:40 am
by perispomenon
That's really weird: I see nothing out of the ordinary, can just go to GTSS and post lessons there. Also going to greekgeek.org gives me the page I always get.

This must be a nameserver issue.

Posted: Sun Aug 19, 2007 9:23 am
by perispomenon
Stranger thing still: I asked my husband to go to greekgeek.org on his own machine and sure enough, the page Ed posted appeared.

I emptied the cache of my browser and tried again myself, but I get the correct page every single time.

The only way I can get the "Welcome to greekgee.org" page is when I use the IP address of the site.

This is strange.

Posted: Sun Aug 19, 2007 9:45 am
by perispomenon
OK, here's the deal: the current IP-address connected to greekgeek.org obviously isn't Paul's site:

PING greekgeek.org (8.15.231.100)

Paul's site is still available to me, because I happen to have an entry for greekgeek.org in my /etc/hosts file (don't remember why I put it there):

72.29.74.163 www.greekgeek.org

Putting that in your own hosts file will make the site available to you again.

Posted: Sun Aug 19, 2007 1:37 pm
by edonnelly
Works for me! Thanks.

So, the good news is that we have gtss again, but the bad news is that it looks like Paul won't be an inside source for us to get discounts on Greek Island Cruises.

Adelheid, are you a linux user? I think Windows users can do the same thing in C:/windows(or winnt or whatever)/system32/drivers/etc/hosts, but I can't test that until tomorrow.

Posted: Sun Aug 19, 2007 3:14 pm
by perispomenon
edonnelly wrote:I think Windows users can do the same thing in C:/windows(or winnt or whatever)/system32/drivers/etc/hosts, but I can't test that until tomorrow.
Yes, that will work for Windows users.

p.s. Your avatar is also pretty cool! You have some automated rotation going on?

Posted: Sun Aug 19, 2007 3:30 pm
by edonnelly
perispomenon wrote:p.s. Your avatar is also pretty cool! You have some automated rotation going on?
I just have my avatar "image" link really go to a small php script which picks an image at random. It saves me the trouble of having to make a decision.

Posted: Sun Aug 19, 2007 4:29 pm
by mingshey
edonnelly wrote:Works for me! Thanks.

So, the good news is that we have gtss again, but the bad news is that it looks like Paul won't be an inside source for us to get discounts on Greek Island Cruises.

Adelheid, are you a linux user? I think Windows users can do the same thing in C:/windows(or winnt or whatever)/system32/drivers/etc/hosts, but I can't test that until tomorrow.
It works fine for me.

Posted: Tue Aug 21, 2007 1:30 pm
by Paul
Hi All,

Quelle drag. I became aware of this issue two days ago. On one computer the "blond girl" page showed up; on another my website showed up. Today I get blond girl on both machines. Sounds like it was just a matter of nameserver percolation.

So now what? whois shows me still the owner of the site. But I am not sure how best to proceed. I will look into it further. I am open to suggestions.

Thank you all, again, for your patience. And thinks for the spelunking which led to the workaround.

Cordially,

Paul

Posted: Tue Aug 21, 2007 1:49 pm
by perispomenon
Paul wrote:So now what? whois shows me still the owner of the site. But I am not sure how best to proceed. I will look into it further. I am open to suggestions.
I think the organisation who handed you your domain name should take action here: whois shows your hold on the domain name is not expired yet, so they should have to fix this for you.

Posted: Tue Aug 21, 2007 7:00 pm
by Paul
Thanks Adelheid. I will do as you suggest.

I am curious about the hack's m.o. It seems to me that the canonical name servers for my site must have been compromised, replacing the proper domain->ip mapping with another one.

Does anyone know what such attacks are called?

Thanks.

-paul

Posted: Tue Aug 21, 2007 7:17 pm
by edonnelly
Let us know if you find out any more about how this happened and how it can be fixed (and prevented). I'm worried about my own sits. I have them all locked, as I can see from a whois that you did for yours, so there's more to it than just that.

Posted: Tue Aug 21, 2007 8:44 pm
by annis
Paul wrote:Does anyone know what such attacks are called?
This looks less like an attack than domain squatting on an expired domain. Where did you purchase your domain? Did you do that directly, or did your ISP do it for you?

Posted: Wed Aug 22, 2007 1:14 pm
by Alex Green
edonnelly wrote:I think Windows users can do the same thing in C:/windows(or winnt or whatever)/system32/drivers/etc/hosts, but I can't test that until tomorrow.
Edonnelly is right, it is works for Windows. It is OK for me now, thanks. :-)

Posted: Wed Aug 22, 2007 7:52 pm
by Paul
Will: I am pretty sure this is a so-called "DNS hijack." My domain registration is up-to-date.

All: My ISP is looking at the problem; they seemed quite concerned about it. Also, if you are behind a caching proxy server, then the HOSTS file workaround won't work. I am unable to reach greekgeek.org (the real one) from work for this very reason. When IE (and Mozilla, it seems) knows it's talking to proxy server, it simply ignores HOSTS file, instead deferring to proxy server's cache. I lack authority at work to mung with proxy server, though I am nonetheless tempted....

Cordially,

Paul

Posted: Thu Aug 23, 2007 12:33 am
by Bert
perispomenon wrote:OK, here's the deal: the current IP-address connected to greekgeek.org obviously isn't Paul's site:

PING greekgeek.org (8.15.231.100)

Paul's site is still available to me, because I happen to have an entry for greekgeek.org in my /etc/hosts file (don't remember why I put it there):

72.29.74.163 www.greekgeek.org

Putting that in your own hosts file will make the site available to you again.
I sure hope this thing gets sorted out because I have no idea what you are talking about with host file etc.

Posted: Thu Aug 23, 2007 1:13 am
by annis
Paul wrote:Will: I am pretty sure this is a so-called "DNS hijack." My domain registration is up-to-date.
Very bizarre. The whois record seems correct.

That's the strangest and least racy use of a domain hijacking I have ever seen

Posted: Thu Aug 23, 2007 5:57 am
by perispomenon
Bert wrote:I sure hope this thing gets sorted out because I have no idea what you are talking about with host file etc.
Bert, if you are on a pc, try to find the following file:

C:/windows/system32/drivers/etc/hosts

In this file, which you can open with notepad, you can add the line

72.29.74.163 www.greekgeek.org

(without the underlining)

After saving the file, you would be able to get to Pauls site again.

Posted: Thu Aug 23, 2007 9:52 am
by Bert
I tried to find it using the Search dialog box but no success.

Posted: Thu Aug 23, 2007 10:45 am
by perispomenon
On my pc at work (XP) the path is C:\WINDOWS\system32\drivers\etc

Can you browse there via 'My Computer'?

Posted: Thu Aug 23, 2007 2:18 pm
by Paul
Bert wrote:I tried to find it using the Search dialog box but no success.
Hi Bert,

Perhaps your "My Computer" (aka "Windows Explorer") is set to hide system files. Launch "My Computer" and do this:

Tools -> Folder Options
Click on the View tab
Under the entry "Hidden Files and Folders" click on the radio button (a circle) for "Show hidden files and folders."

Then try search again.....or you could simply use "My Computer" to navigate your way to the desired folder.

Cordially,

Paul

Posted: Thu Aug 23, 2007 7:59 pm
by Marmar
Paul and all:

The GTSS site appears to be working this morning.

Thanks for your help, Adelheid.

Back to work now

Maria B
Pharr-d[/quote]

Posted: Thu Aug 23, 2007 8:56 pm
by perispomenon
Marmar wrote:The GTSS site appears to be working this morning.
Really? I just checked, but no change as yet.

Posted: Thu Aug 23, 2007 9:04 pm
by perispomenon
Now even my hosts file entry doesn't work anymore...

Posted: Thu Aug 23, 2007 9:18 pm
by edonnelly
Here's an interesting post about a DNS-changing Trojan. What they're describing is a little different, since it sounds more like ISP name servers getting hijacked, but the image of the redirected/hijacked site is strangely similar to what got Paul's site.

http://blog.trendmicro.com/rogue-domain ... eposted5d/

(By the way, I'm still getting the "true" gtss when my host file has fix, and the hijacked one if I delete the fix).

Posted: Fri Aug 24, 2007 1:28 am
by Bert
perispomenon wrote:On my pc at work (XP) the path is C:\WINDOWS\system32\drivers\etc

Can you browse there via 'My Computer'?
That's it. Back slash instead of forward slash.
But like you, it didn't have an effect.
I wanted it to work if for no other reason than to make the effort of this vandal useless.
Why is edonnelly's still work I wonder?

Posted: Fri Aug 24, 2007 6:26 am
by perispomenon
Bert wrote:Why is edonnelly's still work I wonder?
That's what I would like to know: after testing it yesterday (removing the hosts file entry and putting it back) there was no way I could get to Pauls site again.

Posted: Fri Aug 24, 2007 2:51 pm
by Paul
Hi Everyone,

At my ISP's instruction, I updated the authoritative nameservers for greekgeek.org. This update should be effective within 24 hours (I think I did it around mid-day yesteday) Worldwide nameserver percolation should take not more than 48.

I am finding that I can now get to my website from several computers without any fix to HOSTS file.

I suspect that by Saturday afternoon, all will be cool. But please let me know if not.

I'm still not quite sure what really happened, nor do I know if my ISP has taken steps to prevent its re-occurence. But I will read article Ed posted.

Cordially,

Paul

Posted: Fri Aug 24, 2007 9:16 pm
by Bert
All's good now.