Why do Facebook users sometimes end up on my site when they enter www.facebook.com in their browser?

domain-name-system internet routing

Every few weeks I get an email (usually a very unpleasant one) or sometimes even a phone call from a Facebook user who believes that I am "hacking" their internet. They come to this conclusion after they end up on my site after entering www.facebook.com. Looking at my server logs, it seems like this happens to about 1 person per day from different IPs and service providers.

The HOST: header in their request does contain www.facebook.com as I can confirm from my server logs. At this point I believe the problem must lie in DNS. Somehow my IP ends up getting served for a www.facebook.com query. This must happen very infrequently otherwise I'd be seeing a lot more traffic from the problem. In fact, my site would be flattened if even a small fraction of Facebook users ended up there.

Any thoughts on the root cause of this? Anyone seen anything similar? At this point the only course of action I can think of is to create a special landing page for users requesting www.facebook.com from my server telling them to try again later.


Solution 1:

You've already answered your own question. "the problem must lie in DNS". Assuming you have no control over anybody else's DNS there's really nothing you can do about it, unless of course those visits are from somewhere within the network you do have control over.

Solution 2:

You Should report this to facebook, Since this is not your problem. It is the problem of DNS configs for Facebook.com domain, which is not under your administration.

Facebook must be dynamically generating dns records for load balancing, And your IP must fall near Facebook's subnet. You can change your IP if this is a problem to you.

Solution 3:

There are two likely sources for this DNS misdirection:

  1. Someone futzing with DNS packets (look up "Golden Shield Project")

  2. Messed up "hosts" files on clients as a result of malware infection

I can't tell without more information, though. What client addresses are you seeing, for example? What's your IP address. If you can't share publicly, contact me offline. I'm a DNS researcher, not too hard to find - look for the ServerFault answers where I've mentioned particular RFCs I've written ;-)

Solution 4:

if at all possible see if yhou csan get the folks complaining to tell you their dns server name. Maybe then you can track down the DNS servers causing the issue.

Related

What are the benefits of a high TTL for DNS?
SQL - an error occurred during the pre-login handshake
/etc/fstab skip on error
How to choose the external IP address of a Kubernetes load balancer in Google Kubernetes Engine
Tuning (and understanding) table_cache in mySQL
What does "cross connect" means in Datacenters?
Nested RDP and VMWare and ILO console sessions: keystroke repetition and latency
How can I make haproxy route requests based on URL substrings?
How can I run Firefox on CentOS with no display? [closed]
How to delete a route on a specific interface? [closed]
How to find the .pid file for a given process
How to find the cause of locked user account in Windows AD domain