Not the first time

*Ahem*

http://www.theregister.co.uk/2007/07/11/tiscali_dns_hijacking/

Should this not be opt in?

I've just opted out of this service and I'm pleased to say VM are managing the opt out using the cable modem mac address, rather than a cookie based opt-out, a la Phorm.

But I'd prefer the system to be opt in, rather than opt out.

VM have always had CRAP DNS

Vm DNS has always been slow, so this just makes a crap service more crap!

I switched to Comodo Secure DNS . A fast and efficient service

http://www.comodo.com/secure-dns/

So much better then VM. And unlike OPEN DNS no Adverts to opt into.

VM After the PHORM disaster you should have known better then piss your customers off once again.

First Time?

" The trick isn't new: Comcast, Verizon and several other US ISPs already insert their own messages when users try to contact a non-existent server. But it's the first time we've seen it on this side of the pond"

A couple of members of my family are on Orange broadband and this has been happening for at least a year on their service, and it's not a branded help page, it's just a straight up search engine result crammed with advertising fed by orange/google.

OpenDNS

Then you get different ads.

Not new this side of the pond...

The bastards known as 'Tiscali' do it already... I'm sure that won't suprise anyone though!

Havent looked to hard have you then lol

Orange have been doing this for ages .

What is it with

..organisations/businesses and IE6?

Also was that screenshot taken by the author? Nice windows theme :P

Karoo?

Is this not what Karoo have been doing for 18 months?

http://www.thinkbroadband.com/news/3471-karoo-users-redirected-to-ask-com-for-failed-dns-lookups.html

Oh well..

Another coroporate not upgraded from IE6 then

Nothing new

Deutsche Telekom started this over here on the right side of the North Sea some months ago.

The opt-out instrcutions were on the returned page so I only saw it twice and forgot about it. Not that I minded the ads since my brain filters them automagically, but it really screws up the auto-complete in my browser.

Don't mess with standards, ISPs. Some people actually use them as intended.

First time this side of the pond?

Get your facts correct, this isnt the first time that an ISP has done it on 'this side of the pond' - check the register for previous stories (keyword typo). It wont be the last time either.

I would rather my ISP gets the PPC on this activity over all the other embedded fraudsters which currently hijack my errors..

I can already hear the comments coming - lets all use OpenDNS!! wait a minute there whole business model is built on NXDOMAIN hijacking!!

How can replacing NXDOMAIN with resolvable IP's be classed as hijacking? there is no ownership of something which doesnt exist, or is the ERROR yours???

If you all want the really useful browser error (ffs) then opt out!

petard hoisting

Luckily I'm not a customer of Virgin Media.

But has anyone tried the trick of editing the hosts file and adding an entry

127.0.0.1 advancedsearch.virginmedia.com

Is there a real use for this web site or is just an adman's wet dream?

Update your bookmarks now

Can't we make it less cost effective for the ISPs to do this?

e.g. if you have www.virginmedia.com as a bookmark, change it to www.virginmedia.cmo and then click the sponsored link on the error page.

Virgin then has to pay Yahoo for the click every time you visit.

Don't mess with the DNS

If an ISP cant make enough money from subs to keep its network ticking over and make a profit then it deserves to go out of business.

The reason Virgin etc can't make moeny is because they are crap.

Duh

Never mind - daft idea.

jsut going to lead to annoying confusion...

.... I can see the calls to helldesk now...

"why the f*ck am I seeing virginmedia instead of our homepage"

Misleading screenshots...

After the "www.nottheregister.co.uk" example of the first screenshot, the reader would be forgiven for assuming that the second screenshot was what Virgin's add-site - sorry, "helpful assisted search tool" - serves up in response to the same address.

In which case, having the top two links return links to Virgin Media would, indeed, be a laughably-obvious attempt at self-promotion.

However, the URL typed for the second screenshot being "www.virginmedia.CMO", the links shown are, in fact, the most useful links it could have provided.

In other words, a laughably-obvious attempt at producing an amusing screenshot.

Opt out is broken

I have a little script on my "linux server in the hall cupboard" that I use to check the current server some domains are on (we just moved server and a few are still on the wrong box)

The script uses the PHP gethostbyname function to get info on a domain

I've switched off Virgin's DNS hijacker

Anyway, I just added the non-existant qweasdzxc.co.uk to the script and got this back

82.7.250.238

www.qweasdzxc.co.uk

82.7.250.238 is owned by Virgin - I should be getting an error, not an IP!

OpenDNS

They do this already, in fact they're the reason I ditched them after giving up on TalkTalk's own DNS servers (which kept killing my router?!). If a page doesn't exist I WANT to know, not get some 'helpful suggestions'.

I eventually ended up using a selection of 4.2.2.1 - 6, which are widely known and used on the Internet...

It's all OK - honestly

..Ted has shown us the light, so don't whinge as he knows fucking everything...

http://www.theregister.co.uk/2009/08/17/dzuiba_virgin_media_opendns/

..."clueless twat" doesn't even come close.....

Virgin also direct you to porn sites...

I love new toys :)

Find any domain that contains the letters sex as part of the domain and give it a go - what a laugh!

I tried going to http://www.myessexstore.com - presumably a store that sells gifts from the county of Essex

Virgin will happily direct me to all kinds of pornography but not to anything related to Essex

Even more worryingly if I go to www.essex-babies.co.uk or www.essex-schools.co.uk I get a few meaningful(ish) results plus all the porn links at the bottom

What Virgin meant to say was...

"Advanced Network Error Search

Our advanced network error search helps us make money from you even more quickly.

You all make mistakes when you type in website addresses, because, quite frankly, you're all morons. Perhaps you miss a few letters, or the website doesn't exist any longer. Well that's good news for us! If an address you enter doesn't locate a site, this handy feature will convert the incorrect address into even more money for us, so instead of an error message you will get a list of our highest-paying advertisers, plus some completely useless additional unrelated links.

The advanced network error search is currently switched OFF.

To change your selection, use the buttons below:

Yes - I would like Virgin Media to take the piss out of me even more than they do already

No - I would like the internet to work in the way it was intended, complying with net standards and not breaking programs that I may use which need the internet to function properly."

Paris - because she'll do anything for money too.

Other DNS

I wish people would think before they post coments suggesting other DNS providers on here.

Both OpenDNS and SecureDNS show the same type of page with adverts when a domain name has no corresponding IP.

The only quarm I ever had with VirginMedia DNS is that it seemed to take forever to update......

Took two weeks once to update my domain...

Not just the ISPs

It isn't just the ISPs who are doing this hijack. Grisoft's AVG anti-virus has sold out to Yahoo in some very weird ways. Not only have they rammed a Search Tool into their security toolbar (which cannot be removed), but they also have added this same "feature" for typos.

It would be interesting to know which takes precedence over your typos - AVG-Yahoo or the ISP.

(I use OpenDNS didn't see this "feature" get enabled on my Virgin Broadband connection. And AVG was removed they day they started letting Yahoo at my data. In Free software that was fine, but in a Paid For version of a Security product it fails to make any sense)

3rd Way

Now the cat's out of the bag, like spam, this isn't going to stop. The exec's at the top of ISPs won't understand what the issue really is - they can only see the internet as the web and think this is a great idea to make money from <ahem> I mean "help" the users.

So DNS needs to come up with a 3rd way - a response that includes a NXDOMAIN but also an address of a "useful server" to redirect some protocols to.

Not got it here

Not got it here on my Virgin Media connection, just times out.

But then I am running my own DNS on my server too which looks at OpenDNS alongside Virgin Media. What does annoy me is when OpenDNS helpfully comes up with a search when it thinks a site is down, not very helpful when the timeout appears to be less than a second. A quick refresh and bang, the correct site appears.

By the way, www.nottheregister.co.uk now points to a holding site which says "Greetings to El Reg.".

By the way, if you have something like the GOD AWFUL AVG toolbar installed (which always hijacks the search to Yahoo even if it's configured not to, and then re-enables itself even if you disable it) it will also open up an AVG/Yahoo Search when it can't find what it's looking for.

With all this crap going into AVG (nag screens every week or so to 'upgrade', slow performance and now this toolbar shite) I'm tempted to look elsewhere for anti-virus software (might even give ClamWin a try).

Rob

dnsmasq

If you're using dnsmasq then you should be able to fix this by using the bogus-nxdomain flag,

ie, for those of you using opendns but don't want their search page you can get away with: bogus-nxdomain=208.69.34.132 in your config file.

VeriSign Site Finder

You lot have very short memories. Obviously have forgotten about this from 2003 http://en.wikipedia.org/wiki/Site_Finder

@AC 09:45 - VM have always had CRAP DNS

If Comodo Secure DNS is so much better than VM, why did it reply with:

;; ANSWER SECTION:

ww.microsoft.com. 3600 IN A 92.242.144.10

This IS hijacking

RE: Anonymous Coward,Tuesday 18th August 2009 10:19 GMT

Hijacking NXDOMAINs can be a real nuisance for users of most VPNs. In order to reduce traffic hitting the VPN's DNS server, the normal proceedure for looking up a host is the following:

- Lookup dns for 'serv1.company.local' on ISP's DNS server

- Receieve NXDOMAIN from ISPs DNS server

- Lookup dns for 'serv1.company.local' on VPN's DNS server

- Receive IP, connect etc.

that way, global DNS entries are looked up on the ISP's DNS server and does not hit the VPN for extra traffic, unless the global DNS cache doesn't know of the server, then it trys the VPN DNS server.

With NXDomain hijacking, this is not possible as the ISP does not return NXDOMAIN for serv1.company.local and the VPN's DNS is never queried. Company email/intranet is effectively blocked by the ISP.

Not a cure for Domain Squatting

There've been a few comments on this thread, and the other story along the lines of

"I'd prefer Virgin got the PPC than the Scum who place ads on mis-typed domains"

Just to point out, this makes no difference to those people. If you type Verminmedia.com and someone has registered that address and placed ads on it, guess what, there'll be a valid DNS record and you'll still land on that persons parking page.

All this does is increases the likelihood of a typo serving you ads.

Oh and buggers and applications that rely on DNS accuracy. Bad, bad idea. But at least it appears they are Opting out at a network level rather than relying on cookies!

404

Just because you server content doesnt mean you can't still provide a 404 response, therefore leaving spiders to do what they do no?