[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] DNS hijacking

For months now one of my domains keeps getting redirected sometimes when
accessed through Tor. Even non-existing subdomains.

Instead of landing on my page, one will get to a site looking exactly like
parkingcrew.net, complete with ads and trackers, but located at a
different IP in the US and showing the domain tried to access instead of
"parkingcrew.net". I played around a bit and found out that it will accept
any valid-looking domain supplied in the Host header, even if the domain
doesn't actually exist.

It will only happen when using Tor. I did a "normal" DNS dig and a
tor-resolve simultaneously - the first pointing to the real IP, the latter
pointing to said server.

Someone out there is manipulating DNS resolves done through Tor.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to