Verisign, in a quest for more "profits" has slipped to become one of the low-life vermin infesting the internet. The are now, as of this past Monday, redirecting misspelled/not registered/inactive url requests to their own site. In most cases an individual would end up at the sitefinder site instead of the normal error page.

On Monday, VeriSign began to redirect domain lookups for misspelled or nonexistent names to its own site, a process that has confused Internet e-mail utilities and drawn angry denunciations of the company's business practices from frustrated network administrators. The Mountain View, Calif.-based company enjoys a government-granted monopoly as the master database administrator for .com and .net.

VeriSign's new policy is intended to generate more advertising revenue from additional visitors to its network of Web sites. But the change has had the side effect of rewiring a portion of the Internet that software designers always had expected to behave a certain way, snarling antispam mechanisms that check to see if the sender's domain exists, complicating the analysis of network problems, and possibly even polluting search engine results.

http://news.com.com/2100-1032-5077530.html



Basically, this is the same thing done by many crapware hijackers, many of which are considered to be some of the sleeziest purveyors of filth on the 'Net. This is really nothing more than your standard DNS error hijack...

To prevent being redirected to Verisign's Sitefinder for a "not found":

Add the following to your HOSTS file:

127.0.0.1 sitefinder.verisign.com #Block Verisign SiteFinder
127.0.0.1 sitefinder-idn.verisign.com #Block Verisgn SiteFinder

This will block most, if not all of the redirects.

If you have a firewall that allows IP blocking you can add the following IPs to its blocklist.

12.158.80.10
64.94.110.11

Preferably blocking in both directions, any application and all protocols.

Yeah, I saw that story yesterday here (http://www.theinquirer.net/?article=11569), along with an IAB response, and thought it was a pretty sleazy move.

Just out of curiosity, I tried entering something random like www.askdjhrh.com into my address bar, and received a standard 404 error. Later in the day though, completely by accident, I entered "awebsite.com" instead of "www.awebsite.com" (not really "awebsite", just using it as an example), and found myself at a Verisign page.

Actually, the more I think about it, it may have been that I entered "www.awebsite.com" when I should've entered "www.awebsite.net" - I'm just not sure.

Anyway, thanks for the tips on foiling their hijack, mjc.

Further update on your post MJC

http://www.theregister.co.uk/content/6/32873.html


Below is an excerpt form verisigns TOC's. From this link here (about halfway down page)
http://www.theregister.co.uk/content/6/32872.html


"2.4 Monitoring and Communication

VeriSign actively monitors all traffic associated with Site Finder, including DNS queries matching the wildcard entries in .com and .net and associated responses, and all traffic sent to the response server. This traffic is correlated and monitored in real time, 24 hours a day, seven days a week, by VeriSign's Network Operations Centre... complete traffic stream to the .com and .net name servers and the response server, as well as rolled up statistics, are stored for analysis."

So, you mistype a domain name, and suddenly to have agreed to Verisign’s T&C's to let them collect information about you. What if the URL was mistyped but had some personal information in it, e.g. http://dummysite-that-is-not- real-at-all.com/userid=mylogin,mypassword=password

Similarly, the SMTP service that replies with the 550 error only does so after you have specified the recipient. What will Verisign do with all the "from" mail addresses that they will be logging? A ready made list of live e-mail addresses for selling on to marketing companies perhaps?

However, it seems that the T&C's might help us to stop this abuse. If you do not agree to the T&C's the only option they have is to not redirect your netblock to their site. So, give them a call on 0800-032-2101, select 2 to speak to their support department and once you get a human, tell them that you don't agree to their T&C's and can they remove your netblocks!

Well, I just suffered Verisigns redirection when mistyping the arctic silver site. How very Nice of them and I dont seem to be able to block(?).

A little more.....

To successfully block you need to block both the IPs and the name.




http://www.reuters.com/newsArticle.jhtml;jsessionid=PO2OW2OSUQV2OCRBAEKSF FA?type=internetNews&storyID=3471297

http://www.securityfocus.com/news/7009