Why does my browser take me to the WRONG site?

Sometimes I type nytimes.com and my browser takes me to usatoday.com. Sometimes google.com takes me to Bing.com. Sometimes I enter online.wsj.com (Wall street Journal), but I'm taken to online.wsj.com/dr, a sub-directory that doesn't exist, and fails to display any web page.

The problem occurs sporadically and lasts a few minutes before things become normal. I have both Windows and Linux installed, but both display this problem. Very curiously, I never have this problem when I use my laptops at other places. However, when I use it at home (with Wifi) I have this strange problem.

I've checked for virus like DnsChanger, but haven't found anything. I suspect either my ISP is doing something strange, or the Wifi router at home is flawed. What do you think?


I may have found the problem. The Cisco Linksys wireless router that I'm using has a known vulnerability: http://www.billgerrard.com/linkSys-by-cisco-wrt160n-wireless-internet-router-dns-resolver-flaw/

In the linked website people complained that the router sets itself, 192.168.1.1, as a DNS server, and would give wrong directions. A user was taken to myspace.com when he typed facebook.com.

Together with my original question here, it's clear that this router's DNS "mis-lookup" is very smart, and redirects you to a website of the same category. I suspect Cisco is doing something secretly, OR the router is vulnerable to attacks which changes its DNS functionality.


First confirm that you actually have bad DNS resolutions causing this.

  1. Identify your present DNS server (ipconfig /all on Windows, etc) and record it for reference; see if it changes during the next step
  2. Record DNS resolution during correct and incorrect behavior (check dig, nslookup)
  3. Force your system to use OpenDNS or one of the Google DNS servers (8.8.8.8)

If these things confirm bad resolutions are happening and they go away on changing DNS server IPs, look up your ISP for the correct DNS server to use and check when it is changing.

If you find the DNS server IP is changing from the one your ISP expects you to use, the problem is local (your WiFi router misbehaving or someone playing with it).

If the IP is correct and remains unchanged while you see problems, your ISP needs to look into it.

ps: At one time our ISP decided to force their primary page for the first DNS query I made after connecting! Weird things do happen.


Strange... but the problem is limited to home usage so it's a very good beginning to easily spot where's the problem. It's not a virus problem since you already checked it (with a virus like DNS changer, this problem will happened in any place and not with Linux...). Also it's Not an HOSTS file hijack (in both W and Linux!) since this happen only with your ISP DNS servers so...

Check your DNS settings and the alternate DNS server with NameBench (use it with the options "include censorship checks" and "include global DNS servers" enabled). NameBench works for Windows and Linux.

http://code.google.com/p/namebench/

Run the complete test. NameBench check the DNS response speed, DNS response errors and DNS censorship (if present) for your actual DNS servers and many others in your neighbour including Public DNS such as OpenDNS, Google DNS and so on.

I supposed (did I'm right?) that your DNS setup in Router or Windows (/Linux) is set to "Get the DNS server automatically" which nay explain why the results are different from your home place and your ISP and the other WiFi networks...

Then, based on the results, change your Router / Windows / Linux network parameters to these DNS addresses instead of the automatic setup...

EDIT: also take a look at this online test from Gibson Research: DNS Nameserver Spoofability Test

https://www.grc.com/dns/dns.htm

Hope this help. Let us know.


I used to have the Linksys WRT160N router as well. In fact, I mentioned its DNS issues in a similar question. The problem is that the router's built-in DNS system is faulty.

By default, the router sets its IP address as a DNS address. So, if you have your computer or device connecting to the router via DCHP to get DNS addresses, then the primary DNS will be the router. This is not good!

To fix the problem, you must manually set your computer's DNS addresses. I used Google Public DNS (8.8.8.8, 8.8.4.4), although you can use any other service or the addresses provided by your ISP.


Some ISP use a service to change malformed dns requests: http://arstechnica.com/tech-policy/news/2011/08/small-isps-turn-to-malicious-dns-servers-to-make-extra-cash.ars

This may be what your ISP is doing; if you want to check, change the DNS to some other server than the ISPs.