Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Web page redirects to adfoc.us
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Web page redirects to adfoc.us
Web page redirects to adfoc.us
24-11-2014 11:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As of this evening, almost all web pages loading on any device connected to our local network are redirecting to a URL shortening service called adfoc.us. Worryingly, these are sometimes further redirecting to sites containing explicit adult content.
I've isolated the problem to the DNS servers, which on my ADSL router were set to use the default service provider (I.e. PlusNet). I have now set them to use Open DNS servers instead, which resolves the problem. Switching mobile devices off the local network (whilst it was still using PlusNet's DNS servers) to their mobile data providers also resolved the issue.
So all evidence at this end suggests a problem with PlusNet's DNS servers, but if that's the case, I can't believe there's not more on this forum; on PlusNet's status page; or web searches generally about the problem. There's currently a wait of an hour for phone support, which may be indicative of a bigger problem, but I don't know what's normal in terms of their response time.
Is anyone else experiencing this or does this sound familiar in any way?
I've isolated the problem to the DNS servers, which on my ADSL router were set to use the default service provider (I.e. PlusNet). I have now set them to use Open DNS servers instead, which resolves the problem. Switching mobile devices off the local network (whilst it was still using PlusNet's DNS servers) to their mobile data providers also resolved the issue.
So all evidence at this end suggests a problem with PlusNet's DNS servers, but if that's the case, I can't believe there's not more on this forum; on PlusNet's status page; or web searches generally about the problem. There's currently a wait of an hour for phone support, which may be indicative of a bigger problem, but I don't know what's normal in terms of their response time.
Is anyone else experiencing this or does this sound familiar in any way?
Message 1 of 8
(5,816 Views)
7 REPLIES 7
Re: Web page redirects to adfoc.us
25-11-2014 2:51 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
What make and model is your ADSL router? There have been some in the past that have been compromised by an exploit, specifically changing the DNS server to a 'dodgy' one.
There was a thread awhile back here with some info about these sort of security breaches. Will have to look for the link after posting as it's not an easy task on a mobile device.
Edit:
Ah, here we are. Found it. Have a look at this thread.
https://community.plus.net/forum/index.php/topic,124783.0.html
There was a thread awhile back here with some info about these sort of security breaches. Will have to look for the link after posting as it's not an easy task on a mobile device.
Edit:
Ah, here we are. Found it. Have a look at this thread.
https://community.plus.net/forum/index.php/topic,124783.0.html
That's RPM to you!!
Message 2 of 8
(1,934 Views)
Re: Web page redirects to adfoc.us
25-11-2014 9:57 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As you mentioned if it was our DNS causing the issue I'd expect to see much more noise about this. Having just done a quick web search I can see that a few people are reporting this starting from yesterday. Have a read through the thread linked in the previous reply, I'd also run virus and malware scans on your PC just in case.
Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.
Message 3 of 8
(1,935 Views)
Re: Web page redirects to adfoc.us
25-11-2014 11:11 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks very much both. It is indeed an ADSL modem hack. It's still occurring (albeit more rarely) with the OpenDNS servers.
My modem is a D-LINK 320b (Z1). Firmware is up to date, which suggests it's a new exploit D-LINK are not aware of yet. I'm just going to reset and turn on the device firewall (which was off) in the hope that might stop the exploit, but I'll switch my attention to D-LINK support forums now.
My modem is a D-LINK 320b (Z1). Firmware is up to date, which suggests it's a new exploit D-LINK are not aware of yet. I'm just going to reset and turn on the device firewall (which was off) in the hope that might stop the exploit, but I'll switch my attention to D-LINK support forums now.
Message 4 of 8
(1,935 Views)
Re: Web page redirects to adfoc.us
25-11-2014 11:19 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Have you tried setting the DNS servers on your PC and not using the router's DNS - or is it intercepting DNS requests?
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Message 5 of 8
(1,935 Views)
Not applicable
Re: Web page redirects to adfoc.us
25-11-2014 11:28 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
OMG ! - why was the firewall switched off ? - you should never do that !
You should have your Plusnet Broadband Firewall set to a minimum of "Low".
You should check that all the settings for remote WAN access for the router management interface is set to 'Disabled' for ALL protocols.
Disable "UPnP" on your router, as that will reduce the chances of malware on your LAN allowing remote access.
It might be worth changing the password that you use to access your router's web interface.
Try using "ShieldsUP!" to check your firewall ("All Service Ports" test) and UPnP ("Exposure Test") for router vulnerabilities.
You might also want to read about more secure DNS implementations such as OpenDNS DNSCrypt.
You should have your Plusnet Broadband Firewall set to a minimum of "Low".
You should check that all the settings for remote WAN access for the router management interface is set to 'Disabled' for ALL protocols.
Disable "UPnP" on your router, as that will reduce the chances of malware on your LAN allowing remote access.
It might be worth changing the password that you use to access your router's web interface.
Try using "ShieldsUP!" to check your firewall ("All Service Ports" test) and UPnP ("Exposure Test") for router vulnerabilities.
You might also want to read about more secure DNS implementations such as OpenDNS DNSCrypt.
Message 6 of 8
(1,935 Views)
Not applicable
Re: Web page redirects to adfoc.us
25-11-2014 12:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I've just re-read this topic and realized you are talking about a modem and not a router
Are you running the modem as a PPPoE connection straight into a PC, or does the modem connect to a separate wired router ?
I had assumed you meant router, because you mentioned -
So I'm confused as to how your network and broadband gateway is configured ?
Are you running the modem as a PPPoE connection straight into a PC, or does the modem connect to a separate wired router ?
I had assumed you meant router, because you mentioned -
- "device firewall", - and modems don't generally have built in firewalls !
- "any device connected to our local network" - which implies the use of a router.
So I'm confused as to how your network and broadband gateway is configured ?
Message 7 of 8
(1,935 Views)
Re: Web page redirects to adfoc.us
25-11-2014 12:22 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks @jelv - yes, that would work, though ultimately is only a temporary solution. What I'm looking at is a factory restore of the modem itself to hopefully remove the malicious code and remove the root of the problem (it is a modem, though strangely the DSL-320b is also a DHCP server so does act as my network router).
Thanks for the pointers @purleigh - the PlusNet firewall is on 'low'. It's the modem's internal firewall that is off, which is the factory setting. I'm certainly going to go through the default settings once it's restored to make sure security is higher.
Thanks for the pointers @purleigh - the PlusNet firewall is on 'low'. It's the modem's internal firewall that is off, which is the factory setting. I'm certainly going to go through the default settings once it's restored to make sure security is higher.
Message 8 of 8
(1,935 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Web page redirects to adfoc.us