Can't reach Wilders' site on my XP desktop since yesterday...

Discussion in 'Forum Related Discussions' started by Tarnak, Sep 4, 2017.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,565
    Location:
    Texas
    Remove the entries for wilders in your hosts file and see if you can eliminate the errors.
     
  2. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
    I just flushed the DNS cache on the XP desktop. That didn't help change the situation.
     
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,713
    Rebootski?
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
    "Rebootski?" ...Nonski :D ...Should I?
     
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,713
    It's Windows so sure, why not. :p
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
    I am in the process of doing that...a reboot. ;)
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
    oops, I just spotted your comment. I will give that a go. Thanks.
     
  9. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    363
    I was able to reproduce the warning when typing in the Hosts IP manually: https://104.236.97.180, same domain etc so removing those should do the trick as ronjor thought.

    104.236.97.180 uses an invalid security certificate. The certificate is only valid for the following names: *.hexnodemdm.com, hexnodemdm.com
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,109
    Yeah, removing these entries from the HOSTS-file should definitely solve the issue.
     
  11. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
    Thanks, all ...With the input our great members, a good result has been achieved. :)
     
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
    I am just rebooting after make the necessary changes to the HOSTS file. Will see how it goes, shortly.
     
  13. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
    I have to wait...awhile. My computer is 10 years 'young', and when it boots, the main screen is not showing up properly. More ghostly! I have to hard shutdown, and wait for it to settle. Then I restart, and it usually will boot up. Crossed fingers! It only started doing that in the last year, or so, and only intermittently.

    P.S. That is why I decided to buy a Surface Book, last year in anticipation that the XP desktop will give up the ghost, eventually. ;)
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
    And, finally the proof. :)

    ScreenShot_Wilders Security_connection is  made_01.gif
     
  15. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,981
    Location:
    California
    I notice that domain in your Navigation links as "nofollow." I don't know what that refers to.

    Screen shot:
    wilders-link.jpg



    ----
    rich
     
  16. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
  17. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,436
    Posting this comment from my XP desktop, because the Surface Book is back on the charger. Battery is getting less hours use. I think I will need to get the battery replaced before my warranty runs out on the laptop. :(
     
  18. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,099
    What happened here is, Wilders has a new IP address.
    45.33.17.126

    Tarnak had Wilders old IP address in his host file.
    104.236.97.180

    So when he typed in or clicked on a bookmark to,
    https://www.wilderssecurity.com
    The windows host file sent his browser to the old IP address which is now assigned to,
    *.hexnodendm.com

    I'm a little surprised no one else noticed this especially as
    104.236.97.180 had been Wilders IP address for the longest time.

    It goes to show, had that been a mitm attack that used a poison dns to redirected to a fake Wilders website, the only one here that would have been protected was Tarnuk, by using the host file which prevented the DNS lookup.
    The other thing is, if you do use a host file, and you get a warning that you are not at the website you are supposed to be at, check to see if the website has changed IP addresses.

    This is actually a great demonstration of why the old host file (which I believe MS disabled in later versions of Windows to prevent it being used to block data mining servers) is/was a great security feature because the browsers own security features then check if the site cert matches the domain in the address bar.
    This is why I was talking about IP address/Cert/Domain name pinning in one of the other threads. If you pin all three it makes mitm attacks close to impossible, unless you ignore the warnings.
     
    Last edited: Sep 5, 2017
  19. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,027
    Hosts file can be hijacked so make sure you keep an eye on it. Set it to "read-only" can help.
    Some firewalls IIRC can monitor the Hosts file for changes.

    Malware can use it to block detection by security software and also to redirect traffic to
    servers of their choice.
     
    Last edited: Sep 5, 2017
Loading...