homepage Welcome to WebmasterWorld Guest from 54.227.215.139
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

This 41 message thread spans 2 pages: 41 ( [1] 2 > >     
Comcast Goes Live With DNS Hijacked Advertising
Comcast calls it "Domain Helper"
incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3966582 posted 1:10 am on Aug 6, 2009 (gmt 0)

[edit]NOTE: Comcast is not just targeting Firefox. There was a technical issue that caused me to initially jump to that conclusion which is discussed fully later in this thread.[/edit]

Comcast is currently targeting Firefox users in the SF Bay Area with DNS Hijacking [arstechnica.com], or "Domain Helper" as they call it, and showing pages of advertisments when inactive domains are accessed.

The new product, which has been tested in trial markets since July 9, redirects nonexistent URLs like www.example.com/clinteckergoatbonedbyhisnewbicycle to a search page slathered in advertising instead of returning the proper DNS error to the browser. Readers began reporting the change to us yesterday.

Just happened to me today for the first time so I thought I'd report it since it has gone live. This whole mess scared me at first because I just upgraded to the latest FF 3.5, perfect timing with a new FF release, and thought maybe it was a new "feature" and I couldn't find any way to disable it. Tested on a couple of machines with both FF 3.0 and FF 3.5, same results, no change for MSIE 7.

So I go check example.com [search2.comcast.com] to see what happens and we got ads, which is amusing because example.com technically responds with the following:
You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser.

These domain names are reserved for use in documentation and are not available for registration. See RFC 2606, Section 3.

If you simply change your user agent to be MSIE 7 the "Domain Helper" behavior stops.

Just to see how much hijacking is going on, I tried CURL from my desktop command line to access a non-existent domain and got the proper error:
curl: (6) Could not resolve host: example333.com; No data record of requested type

So Comcast is definitely targeting just the smaller, yet substantial subset, of Firefox users for this test.

This will most likely interfere with any Firefox plug-ins that link check your bookmarks or anything of this nature.

Gee thanks Comcast.

[edited by: incrediBILL at 4:57 pm (utc) on Aug. 6, 2009]

 

youfoundjake

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3966582 posted 1:23 am on Aug 6, 2009 (gmt 0)

Great heads up Incredibill, now I can warn my clients..although it doesn't really surprise me since they've already been filtering traffic for P2P..odd that example.com was modified..kind of defeats the purpose of what they put up doesn't it?

martinibuster

WebmasterWorld Administrator martinibuster us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3966582 posted 1:39 am on Aug 6, 2009 (gmt 0)

It can be defeated by routing dns lookups through opendns.org. It's easy to do.

encyclo

WebmasterWorld Senior Member encyclo us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3966582 posted 1:44 am on Aug 6, 2009 (gmt 0)

It can be defeated by routing dns lookups through opendns.org. It's easy to do

"Defeat"? OpenDNS do exactly the same thing, which is to intercept or interfere with NXDOMAIN lookups and offer up a search page with advertizing.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3966582 posted 2:25 am on Aug 6, 2009 (gmt 0)

By default AdBlock doesn't disable anything on the Comcast "Domain Helper" page either.

youfoundjake

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3966582 posted 3:51 am on Aug 6, 2009 (gmt 0)

What happens if you set your DNS to 4.2.2.2 in your router interface, does it still display ads? i can't test since i have astound,...

tedster

WebmasterWorld Senior Member tedster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3966582 posted 6:23 am on Aug 6, 2009 (gmt 0)

I just ran into this checking external links on a site. Wasn't there already a court ruling on this kind of thing when NetSol tried it?

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3966582 posted 7:33 am on Aug 6, 2009 (gmt 0)

I just ran into this checking external links on a site.

What kind of link checker?

Something in Firefox checking bookmarks or something like Xenu with a different user agent?

dingloo

5+ Year Member



 
Msg#: 3966582 posted 9:08 am on Aug 6, 2009 (gmt 0)

I have been seeing this behavior in Optimum Online (Cablevision) in the east coast of the US for almost a year now.

Any time a domain is not found, they take us to the sponsored listing page with search.

robzilla

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3966582 posted 9:12 am on Aug 6, 2009 (gmt 0)

You don't have to be a Comcast user or be located in the United States to see these DNS hijacks; I'm in Europe and seeing them too. Tried the "Disable this error service" link, but the opt-out server must be under heavy load as I can't connect to it.

IanTurner

WebmasterWorld Administrator ianturner us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3966582 posted 9:16 am on Aug 6, 2009 (gmt 0)

BT in the UK have recently started running all their DNS queries via OpenDNS, thus we now get ads on non resolving domains.
See [webmasterworld.com...]

Also it is a real pain if you make a typo when putting a URL in the address bar as you can't just type in the correction as you have to get rid of the opendns URL first.

webdoctor

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3966582 posted 9:26 am on Aug 6, 2009 (gmt 0)

So I go check example.com to see what happens and we got ads,

I don't understand this bit...

Example.com does exist in DNS (and there's a webserver for www.example.com at 208.77.188.166) - so why would attempts to access this site get hijacked?

Drag_Racer

5+ Year Member



 
Msg#: 3966582 posted 9:33 am on Aug 6, 2009 (gmt 0)

Tedster, I believe you are right. NS was forced to take all that mess down as it was ruled it would interfere with too many other things... from ping to email bounces etc...

JS_Harris

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3966582 posted 9:57 am on Aug 6, 2009 (gmt 0)

So when is Comcast cutting each of us a check? The non-existent domain ad revenue doesn't belong to anyone technically and I'm sure everyone wants some extra revenue.

I wonder how long it will be before someone picks up a domain and realizes it's been serving up ads for a while so it has a history already.

JAB Creations

WebmasterWorld Senior Member jab_creations us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3966582 posted 10:03 am on Aug 6, 2009 (gmt 0)

I've updated my Adblock list, these filters will block the ads on their DNS hijacking page if any one would like to block them.

search2.comcast.com##DIV#sidebar
search2.comcast.com##DIV#narrow-search

Of course if you just want to block everything you can use the following filter...

search2.comcast.com#body

Gotta love Comcast...they also falsely advertise their upload speed. In example here in Florida when I upload things via FTP the first 10 megabytes are transferred at the full speed of 440KB (or 3.5 megabit) however after ten megabytes have been transferred the speed drops down to only about 120KB (0.96 megabit). Imagine driving on to the highway and you see a sign that says, 'After first 1,000 feet reduce speed by two-thirds; also feel free to look at all the billboards we've put up!'

- John

maximillianos

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3966582 posted 11:51 am on Aug 6, 2009 (gmt 0)

OpenDNS does this if you use their name servers. Only diff is they offer a FREE service. Comcast charges us to show us ads.

amznVibe

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3966582 posted 12:25 pm on Aug 6, 2009 (gmt 0)

Level3 is better than opendns and does not show ads (but doesn't have filtering either)

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3966582 posted 12:50 pm on Aug 6, 2009 (gmt 0)

To me the point many are missing here is that FIREFOX was deemed a large enough target to test to single out for these ads leaving the MSIE crowd alone.

Why single out Firefox users only, why penalize us with this garbage?

I'm sure I know the answer, but it's massively discriminatory IMO to a typically higher end class of customer to be singled out for assaulting with advertisements.

Could come back to bite them.

jlivingood

5+ Year Member



 
Msg#: 3966582 posted 12:51 pm on Aug 6, 2009 (gmt 0)

@robzilla -- The opt-out site is neither under heavy load nor down. There is an IP ACL that only permits you to access it from the Comcast network.

JL
Comcast

jlivingood

5+ Year Member



 
Msg#: 3966582 posted 12:54 pm on Aug 6, 2009 (gmt 0)

@JAB Creations - Rather than setting up ad-blocking, why not just opt-out and get DHCP-assigned DNS IPs that are for servers that do not redirect?

Also, the upload thing you describe is a feature called PowerBoost. I suspect you do not subscribe to a tier that has 3.5Mbps upstream right? I'm curious what it is. In any case, PowerBoost allows you to boost over your subscribed upstream and downstream speeds for a brief time.

JL

Leosghost

WebmasterWorld Senior Member leosghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3966582 posted 12:59 pm on Aug 6, 2009 (gmt 0)

ISP redirects have been going on in France for years ..I mentioned it here in 2006 [webmasterworld.com] and again here in 2007 [webmasterworld.com]..tried to get an answer from google PR man to here of the time "Adam" ..he apparently couldn't see any postings in those threads about it ..at least he never did answer why they did deals with MIVA and indirectly with some ISP's to high jack results for non existant domain names ..when typed into the address bar ..

still goes on here ( if you let it :)..on all browsers

jlivingood

5+ Year Member



 
Msg#: 3966582 posted 1:02 pm on Aug 6, 2009 (gmt 0)

@incrediBILL - This is *not* just a FF thing, this would work on any browser and you can test this yourself if you have not already opted out. If you want to know what URL patterns would be affected --> see [networkmanagement.comcast.net...] Basically, it must have "www." and the domain must be invalid. (If you have already opted out and wanted to test using nslookup, you can find the server IPs to use here: [dns.comcast.net...]

Also, and importantly, I am not sure where the statement that we redirect "www.example.com" comes from. If this is the case, I would like to see the DNS query response, as redirect should not occur. Why not - because a valid A record exists. What you did provide was a link to the resulting search engine with "www.example.com" at the end of the URL string. But it is just a simple search engine and you could modify it with any search in that URL string -- such as the URL of this site (http://search2.comcast.com/?cat=dnsr&con=ds&url=www.webmasterworld.com). Just because you can perform a search on that site with that FQDN appended to the URL string does not mean the Domain Helper service would have performed the redirect and sent you there.

Regards
JL
Comcast

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3966582 posted 2:54 pm on Aug 6, 2009 (gmt 0)

This is *not* just a FF thing, this would work on any browser and you can test this yourself if you have not already opted out.

Per my original post I tested it on multiple computers and multiple browsers here and the only browser showing Comcast ads using my test criteria was Firefox.

Basically, it must have "www." and the domain must be invalid.

That explains a LOT...

I never type "www." in front of anything and Firefox attempts to insert "www." in front of the domain name if it fails without the "www." and some of my other browsers don't do that by default.

Had I realized that it was that feature of Firefox I would've titled this thread differently!

I am not sure where the statement that we redirect "www.example.com" comes from.

I entered it into Firefox without the www. and your ads popped up so you're intercepting more than you think with some browsers, I'm sure it's a Firefox quirk.

Looks like something changed on your end because I tested this on 2 computers yesterday and Firefox showed a Comcast ad page for "example.com" however I can't reproduce that today.

Good to know it's only triggered by typing "www." since I never do that so I'll never see those Comcast ads again as soon as I disable this behavior of auto-adding "www." in Firefox.

Most websites are running "www." free these days and to make sure their domain is canonicalized in the search engines actively redirect from the "www." version to the shorter non-www version, so Comcast is going to lose a ton of type in traffic if you only trigger based on the presence of "www.".

Thanks for clearing it all up and now I know that my domain typing behavior combined with Firefox's automated DNS resolving feature is why it appeared you targeted Firefox.

jlivingood

5+ Year Member



 
Msg#: 3966582 posted 3:08 pm on Aug 6, 2009 (gmt 0)

@incrediBILL re: "Most websites are running "www." free these days and to make sure their domain is canonicalized in the search engines actively redirect from the "www." version to the shorter non-www version, so Comcast is going to lose a ton of type in traffic if you only trigger based on the presence of "www."."

In my personal opinion, I think folks recognize that we'll lose some traffic but with "www." we know with a high degree of certainty that it is http or https, and so not as likely to cause technical problems in edge cases. It is a more conservative and less lucrative approach but less controversial and less potentially problematic.

BTW, **very** interesting that FF added that www - that really does explain the difference you saw. It had us all scratching our heads here - mystery solved. :-)

JL

robzilla

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3966582 posted 3:14 pm on Aug 6, 2009 (gmt 0)

You're absolutely right, I will have to retract my previous comments. I assumed the example.com link in the first post actually led me to www.example.com, which it clearly does not. My fault for not checking properly.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3966582 posted 3:36 pm on Aug 6, 2009 (gmt 0)

OK, now that I know how it works I have to retract my previous statement about Comcast not interfering with Firefox bookmark checkers, XENU and other utilities used to check for broken links.

You're returning a 302 instead of failing to resolve the host so any existing bookmark or link checkers *MAY* fail to recognize domains that no longer exist if they aren't smart enough to record the previous results to know something has changed.

This is a serious problem breaking people's software and basic functionality of the internet that we depend upon for these automated tools to work that make our daily lives so much easier.

Here's a simple example of how Comcast's interference with DNS will cause issues:
c:\curl>curl -v www.examplethisdomaindoesnotexist.com

* About to connect() to www.examplethisdomaindoesnotexist.com port 80 (#0)
* Trying 208.68.139.nnn... connected
* Connected to www.examplethisdomaindoesnotexist.com (208.68.139.nnn) port 80 (#0
)
> GET / HTTP/1.1
> User-Agent: curl/7.18.1 (i386-pc-win32) libcurl/7.18.1 OpenSSL/0.9.8g zlib/1.2
.3
> Host: www.examplethisdomaindoesnotexist.com
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Thu, 06 Aug 2009 15:23:23 GMT
< Server: Apache/2.2.3 (Red Hat)
< Location: http://search2.comcast.com/?cat=dnsr&con=ds&url=www.examplethisdomai
ndoesnotexist.com
< Content-Length: 5450
< Connection: close
< Content-Type: text/html; charset=UTF-8
<

A "302 Found" response is a far cry from an unresolvable domain name so the above will totally fool a link checker that doesn't understand that redirects are a potential problem and people with bookmark lists full of bad links will see COMCAST on every broken page.

Glad I'm not going to be taking all those calls ;)

[edited by: incrediBILL at 4:05 pm (utc) on Aug. 6, 2009]

robzilla

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3966582 posted 3:52 pm on Aug 6, 2009 (gmt 0)

Comcast Profits Up Sharply [informationweek.com]
The nation's biggest cable TV provider cited its "all-digital" strategy, wideband deployment, and launch of a wireless service as factors.

jlivingood

5+ Year Member



 
Msg#: 3966582 posted 4:03 pm on Aug 6, 2009 (gmt 0)

@incrediBILL -- Give those unique use cases, you should opt-out IMHO...

Leosghost

WebmasterWorld Senior Member leosghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3966582 posted 4:14 pm on Aug 6, 2009 (gmt 0)

@jlivingood .. did you make it opt in ?.
and do all subscribers know about it ' ..

as in "did you tell them" ? ..or do you just wait for the calls ? ) ..

Our ISP's here never have said anything about it ..they just did it ..with no opt outs ..( except those we hack ourselves ..if we know what they are doing on the sly ) .

jlivingood

5+ Year Member



 
Msg#: 3966582 posted 4:46 pm on Aug 6, 2009 (gmt 0)

@Leosghost

Re how we told people and opt-in/out status:

1 - For our tech savvy users who had some time ago statically-configured their DNS IPs: Opted-OUT by default. (The DNS redirect servers have new IPs.)

2 - For the balance of customers, this is opt-out. Most ISPs with experience in this area see 0.1% or fewer customers opt-out over time.

3 - We sent an email to every customer advising of the service launch and with a direct link to the opt-out page.

4 - We announced this on our Network Management policy page at [networkmanagement.comcast.net...]

5 - We announced this on our Comcast Voices blog.

6 - We proactively posted about it on the Broadband Reports web forum and have jumped reactively on many other sites (like this one).

7 - We published an Internet Draft with the IETF describing exactly how the system works and documenting our view of best practices (and I presented this last week to both the IETF and to an ICANN committee meeting).

We have tried to go out of our way to communicate with customers and to go to places they go online, and also to be very generally transparent about the whole thing.

JL

This 41 message thread spans 2 pages: 41 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved