Netgate SG-1000 microFirewall

Author Topic: DNS Hijacked?  (Read 182 times)

0 Members and 1 Guest are viewing this topic.

Offline mifronte

  • Jr. Member
  • **
  • Posts: 95
  • Karma: +1/-0
    • View Profile
DNS Hijacked?
« on: February 06, 2018, 11:04:56 am »
This morning I was browsing the finance.yahoo.com site and when I clicked on a ticker symbol to get the current market info, a page came up that said my computer is locked up and I needed to call the number on the page to prevent data loss.

At first I panicked thinking my laptop has malware, but then I realized I am still in the browser and just closed out the tab.

I have pfBlockerNG with DNSBL enabled and all my DNS queries are redirected to my pfSense to ensure it uses the default pfSense settings (root servers).  I ran a Windows defender quick scan and everything came back normal on my laptop.  Given that I have pfBlocerNG and DNSBL running, I am now surprised that I even landed on the scam page.

Can someone explained how I could have been redirected to this scam page?  Is this something I need to check on my laptop? 
SuperMicro Atom C2758 A1SRI-2758F 16GB
2.4.2-RELEASE (amd64)

Offline Grimson

  • Sr. Member
  • ****
  • Posts: 310
  • Karma: +46/-3
    • View Profile
Re: DNS Hijacked?
« Reply #1 on: February 06, 2018, 04:24:19 pm »
https://forum.pfsense.org/index.php?topic=143474.0 read then check the DNS results, if they are fine it's either a compromised website (yahoo has a history of security fails) or something on your laptop.

Offline mifronte

  • Jr. Member
  • **
  • Posts: 95
  • Karma: +1/-0
    • View Profile
Re: DNS Hijacked?
« Reply #2 on: February 06, 2018, 11:41:04 pm »
I checked the DNS at whatsmydns.net and it came back with all green check marks.  I assume that is good.  As far as the rest of the thread, there were a lot of commands that went over my head.

I have not seen the problem since that one incident.  It so happened when this incident happened, the finance.yahoo.com site was real sluggish and I would get a lot of connection errors.  So maybe yahoo was under attacked?

I did a full scan of my laptop with Windows defender and it came back clean.
SuperMicro Atom C2758 A1SRI-2758F 16GB
2.4.2-RELEASE (amd64)