Update download sites

Greetings, When i went to download TDS update today i noticed that all the mirrors and the main TDS update download update sites had the same address and that was 148.225.83.37 remote name always....
fractus.mat.uson.mx i have not paid much attention in the past but i am thinking that all the download sites had diiferent addresses and the names were as indicated in the TDS server config window......

TIA

 

Waiting for our DCS team to explain this. They should all have different IP addresses yes.

 

Yes there is 8 different servers at the moment, with 1 experiencing problems. Grab a new update.cfg here if you need it, or just check it in notepad that it has some different servers included

http://tds.diamondcs.com.au/index.php?page=update

 

Greetings,
Today at 7:15am Alaska time i went to download TDS update and the mirror that i used was www.turvamies.com ( as shown in console window )
The remote address was 66.152.98.13 but when i checked turvamies ip address by going to www.turvamies.com it was 193.64.174.119. Now when i was dealing the issue mentioned above my firewall would ask me if i wanted to allow a dll to that .mx site and again it did this for all the mirrors and not just one and in the past my fw would simply update TDS w/out asking for permission to load a dll. Today no dll request came up but why two different ip address? Is this normal in that the mirror might be using a mirror?

 

66.152.98.13 belongs to www03.powweb.com

 

Thanks Dollefie but i do not know what that means ( www03.powweb.com )

 

Well....just went to try new download of tds-3 and tried all mirrors listed at diamonds site and everyone showed ip address as 66.152.98.13
i really need some help here.

 

this just keeeps getting better..... blocked site above and now ALL updates are from 148.225.83.37......... mexico again
yeah, got to sort this out......helpppppppp

 

Hi all,
this sounds strange - but I'm not sure I even understand what you're describing. It could be all things - from a harmless thing, to a rootkit, to a poisoned DNS server at your ISP...
I'd like you to clarify a few things for us:

- Can you paste the contents of your update.cfg (and possibly filesearch-verify that there is only one such file on your system)?

- Can you paste the contents of your hosts file, if it's not too large? If it is, try to find out if the FQDNs (Fully Qualified Domain Names - like www. xy . com) or the IP adresses involved are in there...

- What firewall are you using?

- How do you proceed to compare the IP adresses to the FQDNs, i.e. which program are you using, where are the values displayed?

- What is your DNS server (can be seen by running WinIPConfig, i think)? Have you encountered any webbrowsing problems or problems updating other security software?

Thanks a lot,
Andreas

 

Andreas....thanks for getting back. Something very strange just happened..... i clicked on the link you sent ( xy.com ) to look at FQDN stuff as recommended and it is a gay something or other site. I spent no time there and backed out right away. Did YOU send that site. ?

 

Addresses change at times from owner/content (we're not always able to check a site before posting it). Anyway, found on this site more explanation which you might like to look
here for the FQDN part. (google is more or less our friend here)

 

Thanks Jooske do you or anyone know what the heck wwwo3.powweb.com is all about i was not aware of anything but www.ect ect this 03 thing could not be good

 

Sorry, Rainwalker,
I didn't mean to provide a link. I meant that just as an example of what a "Fully Qualified Domain Name" is, i.e. a toplevel domain .com which has one or more servers/subdomains preceding it. The first one being normally a www server, i wanted to give www<dot>xy-or-just-anything<dot>com as an example. Sorry to have caused you trouble. You did right to immediately back up and leave.

To be more precise, I was meaning to ask if you find www.turvamies.com, fractus.mat.uson.mx, www03.powweb.com or any of the IP adresses you mentioned in your hosts file (in my W2k system this is in c:\windows\system32\drivers\etc).

The 03 in www03 probably is harmless, it indicates a part of a webserver array that provide the same pages, but share their load. You point your browser to www.blabla and then are transparently being redirected to one of the mirrors. But when you do a lookup of that mirror's IP, you don't receive your initial go-to adress, but its real name, being www03 here.

Sorry again,
Andreas

 

Andreas not to worry right after i posted it dawned on me what you meant. Did you see my wwwo3. question? If so, any info??

 

updated the above posting - probably while you were reading the initial version or writing your reply. My interpretation of www03 is in there now.

Andreas

 

ok feel better i will look deeper later. gotta hit the sack....4:30am here thanks again