Sorry your browser is not supported!

I keep getting a... Server? (attached)

How do i fix it?

Not being able to connect list -
Facebook
Yahoo
Gmail
Paypal

Did you recently install apache or xampp on your home computer?

Try going to Facebook, now look at the url, is the bold part facebook.com or www.facebook.com? if it isn't, it's possible that a certain file on your computer has been modified to redirect some urls to other IP addressed, But I've forgotten where the file is or what it's called
This could be from a virus.

edit: the file is called hosts, it's found in either
C:\Windows\System32\Drivers\etc
or
C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829

open these file with a text editor (like notepad), if it has a line like xxx.xxx.xxx.xxx www.facebook.com then it's redirecting your browser to that ip address whenever you go to www.facebook.com

Of course, your problem is probably NOT this, but just in case

that might be it, this is what i found in the hosts file -

Delete it all, and then run a virus scan.

That's crazy. I did work on Apache and cPanel, but I wouldn't think they would do anything like that.

I get the same page when I go to that IP. I'd backup the file, then get rid of those entries.

Deleted it, all pages work fine. Thanks mates! I can always count on the TGC forums for help with anything!

Wow, I can't believe a stab in the dark like that guess of mine was correct

Slayer, you better beef up your windows security. The Host file shouldn't be easily editable by any program. I have to disable my protection just to add entries to it. I think most AV software blocks write access to the file, so I'm somewhat surprised yours isn't protected.

Hmmm, it looks like something edited your host file to send you to false versions of those sites, maybe like the way an ARP-spoof attack would work. The intentions of this were defiantly nefarious, your lucky they didn't set up their servers yet or they would have gotten some of your logins for sure...

Oh really? Lets shut em down then. Ill be contacting the server hosts to revoke their use of the servers to that user.



What do you recommend?

So I contacted Apache and said this -



Hi there,

I was recently browsing the internet when I came across this page when I tried to access Facebook, Gmail, Yahoo, Paypal, Live, and Hotmail. I was suspicious so I opened my Hosts file in my System32 and found this -

184.172.198.63 http://gmail.com
184.172.198.63 gmail.com
184.172.198.63 www.gmail.com
184.172.198.63 http://www.gmail.com
184.172.198.63 https://gmail.com
184.172.198.63 http://facebook.com
184.172.198.63 facebook.com
184.172.198.63 www.facebook.com
184.172.198.63 http://www.facebook.com
184.172.198.63 https://facebook.com
184.172.198.63 http://hotmail.com
184.172.198.63 hotmail.com
184.172.198.63 www.hotmail.com
184.172.198.63 http://www.hotmail.com
184.172.198.63 https://hotmail.com
184.172.198.63 http://live.com
184.172.198.63 live.com
184.172.198.63 www.live.com
184.172.198.63 http://www.live.com
184.172.198.63 https://live.com
184.172.198.63 http://paypal.com
184.172.198.63 paypal.com
184.172.198.63 www.paypal.com
184.172.198.63 http://www.paypal.com
184.172.198.63 https://paypal.com
184.172.198.63 http://yahoomail.com
184.172.198.63 yahoomail.com
184.172.198.63 www.yahoomail.com
184.172.198.63 http://www.yahoomail.com
184.172.198.63 https://yahoomail.com
184.172.198.63 http://yahoo.com
184.172.198.63 yahoo.com
184.172.198.63 www.yahoo.com
184.172.198.63 http://www.yahoo.com
184.172.198.63 https://yahoo.com

This was an really bad attempt to try and steal my information and I recommend that you shutdown those servers before you have very angry people running up to you filing a lawsuit for what was not your fault. I would also recommend that you find the person who owns the "184.172.198.63" domain and introduce them to the FBI in which it states on the FBI Website -

Source - http://www.fbi.gov/scams-safety/e-scams
____________
Phishing and Smishing Schemes

In phishing schemes, a fraudster poses as a legitimate entity and uses e-mail and scam websites to obtain victims’ personal information, such as account numbers, user names, passwords, etc. Smishing is the act of sending fraudulent text messages to bait a victim into revealing personal information.

Be leery of e-mails or text messages that indicate a problem or question regarding your financial accounts. In this scam, fraudsters direct victims to follow a link or call a number to update an account or correct a purported problem. The link directs the victim to a fraudulent website or message that appears legitimate. Instead, the site allows the fraudster to steal any personal information the victim provides.

Current smishing schemes involve fraudsters calling victims’ cell phones offering to lower the interest rates for credit cards the victims do not even possess. If a victim asserts that they do not own the credit card, the caller hangs up. These fraudsters call from TRAC cell phones that do not have voicemail, or the phone provides a constant busy signal when called, rendering these calls virtually untraceable.

Another scam involves fraudsters directing victims, via e-mail, to a spoofed website. A spoofed website is a fake site that misleads the victim into providing personal information, which is routed to the scammer’s computer.

Phishing schemes related to deliveries are also rampant. Legitimate delivery service providers neither e-mail shippers regarding scheduled deliveries nor state when a package is intercepted or being temporarily held. Consequently, e-mails informing of such delivery issues are phishing scams that can lead to personal information breaches and financial losses.
____________
Some of the consiquences include -

A misdemeanor charge is punishable by up to one year in jail. A felony is punishable by 16 months or more of state prison time. The charge and sentence will depend on the following:
•Seriousness or degree of the victim's harm
•Amount of monetary damage
•The sophistication of the crime
•Defendant's past criminal record
•Internet theft: the Internet crosses state lines, so the theft can also be charged as a federal crime

____________

What I recommed you do -
Shutdown the (potential) website and make sure that they don't get back up on any other domain or hosting site. Do this to prevent any damage to your reputation, your money, and your systems.
____________

I appreciate you working with me and I hope you have a good day.

Thank you,
~Ervin Sabic

You contacted Apache? Apache is an open source server project, their not likely to be of much help here, you'd need to contact the server host, a quick look up on the IP reveals this:
http://whatismyipaddress.com/ip/184.172.198.63

So it looks like its - ThePlanet.com
Which i can't connect to?

Okay so i also googled Website Welcome and got this - http://www.websitewelcome.com/

Which when I emailed it lead to this - http://www.hostgator.com/

This is fun Like a game of cat and mouse.

ThePlanet.com seems to be the ISP of the host, i suppose they could do something but they'd want something more substantial than this to take action http://whois.net/ip-address-lookup/184.172.198.63 has some interesting information, an actual location and some email addresses

You have a virus that was trying to route your personal information to an external website that was poorly set up. Neither Apache nor CPanel has anything to do with this, and you must format your machine immediately.

Ran virus scan, clean now.

So I got them downed, this is the reply that I got from the server admins at the host -

Hello,

Thank you for your report. The phishing content on the server has been removed, and our client notified. The attack you have encountered is called pharming, and the person who did it was hoping that this would redirect your attempt to use any of those sites to the server to steal your information. We recommend that you remove those entries from your hosts file, and scan your computer for malicious content, removing any that you find.

If you would like help with cleaning malware from a personal computer, we've found this forum post to give an in-depth description of things to consider: http://forums.majorgeeks.com/showthread.php?t=35407

Please let us know if we can do anything else to help or if you have any questions.

Best Regards,

Frank B.
Hostgator Security Level 1
HostGator.com LLC
http://support.hostgator.com

If so, then it was well made but poorly executed. Consider yourself lucky, sir Slayer267.

I am luckey lol

Yes I feel epic for getting away with this haha