Domain Name Owners Must Fight ROGERS DNS Hijack
20 July 2008
413 views
5 CommentsTagged as: advertisement • advertisements • digg • dns hijacking • domain name • hijack • internet service • rogers • rogers yahoo • s • scam • website owner • yahoo
How would you feel if this was your home business website and a potential customer was just stolen by Rogers, a major ISP in Canada. Im going to go sit in front of your hardware store and for each customer that opens your door I will try to sell them my hardware tools instead before they get inside the door.
Do you own a domain name? Like most web site owners you’d likely have your website located at www.yourdomain.com . What usually happens if you accidentally make a mistake while typing that address? You type ww.yourdomain.com and generally you receive an error page with a message similar to “Server not found”.
Well not anymore for Canadian web users who receive their internet service from Rogers. As mentioned earlier today in my article Rogers has Hijacked My Browser and DNS which also includes instructions on how to disable this I am just now realizing the full impact of this kind of bullshit. From now on unless you as a website owner have full access to your web server to set up proper redirects all mistyped spellings of your subdomains will be redirected to a Rogers/Yahoo paid advertisement.
Here is a very simple example which will illustrate this point. Typing abc123.digg.com into your browser would result in a server not found error because Digg has not set up a subdomain named abc123. Typing that into your browser as a Rogers customer redirects the result to
which then presents you with a search page with paid advertisements. Does Rogers or Yahoo have the right to redirect your potential traffic to their own servers?
Here is another example. Note Digg’s IP address when I ping the server:
Now take a look at the IP address when I ping abc123.digg.com:
That IP address 8.15.7.107 is not Digg’s IP which differs from 64.191.203.30 . Because abc123.digg.com does not exist it should result in no IP address being reached. Instead Rogers and Yahoo are taking this and profiting from it.
This could be your domain name. Give Roger’s a call and let them know how you feel. This does not only affect Canadians. This affects website and domain name owners world wide. 1-888-764-3771 and voice your concern.
For Rogers ISP customers who wish to disable the search page please see my article How to Disable the Rogers Search Page which has step by step instructions on how to bypass the page without having to make any serious changes.
Similar Posts
- ROGERS Has Hijacked My DNS and Browser!
- How to Disable the Rogers Search Page
- The Next Generation in International Debate
- Stats Your Hit Tracker Won’t Show You
- Email responses from 1and1’s horrible management
If you enjoyed this post please leave a comment or subscribe to my rss feed
Have me blog about you on this site!
This is not entirely a DNS related issue. Rogers is manipulating DNS along with monitoring the URL’s we are all attempting to browse to and selectively manipulating those.
A feature of Internet Explorer is “Address Bar Searching”. This feature can actually be configured using Tools/Internet Options, then under the Search area, select Settings. This option allows you to select a search provider. By default Microsoft’s live.com service is selected, however you can install additional providers such as Google. This is an open service and any provider, including Rogers are capable of creating and distributing providers.
What Rogers has done is review the URL structure used by this feature when using the Microsoft Live.com search provider. This particular provider takes what is typed into the address bar, when DNS name resolution fails redirects your entry too:
http://search.live.com/results.aspx?q=yoursearch&src=IE-Address
The important aspect of this URL is the src=IE-Address component. This particular component is what Rogers is using to decide if they should steal the request and redirect it to their own service. If you browse to the link I provided directly your request will be stolen and sent to Rogers.
If you change your search provider to something other than Live.com, Roger’s manipulation will not take into effect, unless they decide to steal this traffic as well.
This is disturbing because Rogers has made the decision for all Internet Explorer users to prevent you from using the Address Bar searching feature for Live.com. They are preventing individuals from accessing a public search engine as intended. This is not only something to be reported to the various sites already mentioned, but to Microsoft and Live.com themselves.
Hi Tim,
Thank you for your input. While this information is definitely useful for preventing some types of URL redirection, Rogers is doing something completely different.
I do not use Internet Explorer therefore the Live Search function should never come into play when I use Firefox on my PC or Safari on my Mac.
What Rogers is doing right now is taking any non-existent addresses and serving sponsored ad pages if the domain or subdomain you entered does not exist. If this was only a URL redirection related to Internet Explorer then performing a ping from the command line on a non-existent domain should not be returning a ROGERS IP address
The redirections in this case are going through a link similar to www20.search.rogers.com/?q=searchrsults.
Even the error pages are displaying Internet Explorer errors when you browse with a MAC using safari.
There a number of forum discussions going on about this such as http://www.digitalhome.ca/forum/showthread.php?p=771150#post771150 .
I dont imagine this type of behaviour will last very long. If it does Rogers will be losing a nice chunk of business. We pay to use the internet so why are we being forced to see ad plastered search pages?
I already gave my two cents on this. Use your hosts file to ignore it or, if you want to be a real dick, launch a DDOS against their server with a nice message that will expose their bullshit if they go to the media.
thanks again for your input kobra. I am currently using the hosts method to redirect rogers to localhost and it works like a charm. Hell if I had the resources id have launched a ddos already
the problem here though is that other website owners not on Rogers should be more aware of how their DNS is handled.
for example the majority of shared web hosting companies do not check for invalid subdomains. Using your domain name in this example if you were selling products online, sdfasf.kobrascorner.com would result in a rogers redirection to all rogers users who are not aware of how to opt-out or hard code their hosts file thus resulting in a possible lost customer to a competitor. Website owners need to inquire about catch-all subdomains so that *.kobrascorner.com gets mapped to something on your host’s server to protect your own site.
Most people wouldn’t think to inquire about this type of feature but if Rogers is able to get away with this it is only a matter of time before more ISP’s utilize the same dirty practice and it becomes mainstream.
Hi Kobra!
You’re right that there are technical work-arounds to defeat Rogers new heavy-handed tactics, but there comes a point where it is important for technically-minded people to help others stand up for themselves, and to stand up to an organization like Rogers.
Mike van Lammerens last blog post..Rogers is now Hijacking invalid DNS requests