Typically if google were pulling your site sometimes from the
wrong IP, their safe browsing page should indicate it being
on another AS number in addition to the correct one 2152:
That site's DNS is screwed up and some requests are sent
to a different IP at a different host, so Google picked
up both AS numbers.
Could one of your domain's subdomains be what is
actually infected? You seem to have a bunch of
them, maybe google is penalizing the whole domain over
a subdomain? Not sure if they do that or not.
If your sites are running off of an application like
wordpress, etc., you may not get the same page that
google gets and the application may have been hacked.
Here's a wget command you can use to make requests to
your site pretending to be google:
nanog will probably line wrap that user agent line making
it not correct so you'll have to put it back together
correctly. It will save the output to a file named
googlebot.html you can look at to see if anything weird
ends up being served.
Yes, we’ve used the Google Webmaster Tools a lot today. Submitted multiple requests and they keep insisting that our site issues a redirect. Unable to duplicate the problem here.
matthew black
information technology services
california state university, long beach
… have you consulted the logs?
If the redirect is there, it … 1) might not be from the home page, and 2) could be in … user content?
awk '{if ($9 ~ /304/) { print $0 }}' access_log.
… or some such.
Granted, might be a storm of " " -> index.html redirects, but they should be grep -v 'able in short order.
You might also look for the rDNS of the Google spider to see exactly where it is looking, and what it sees.
It's not DNS. If you're sure there's no htaccess files in place, check your content (even that stored in a database) for anything that might be altering data based on referrer. This simple test shows what I mean:
Airy:~ user$ curl -e 'http://google.com' csulb.edu
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.couchtarts.com/media.php">here</a>.</p>
</body></html>
Running curl without the -e argument gives the proper site contents.
Seriously? Our servers have multiple log files due to multiple virtual hosts. Our primary domain log file on just one server has over 600,000 records x 3 servers.
I'm not familiar with curl and don't understand what I type and what are results. Are you suggesting that when google refers to our website, we pick that up and redirect to couchtarts?
matthew black
information technology services
california state university, long beach
I'm not familiar with curl and don't understand what I type and what are results. Are you suggesting that when google refers to our website, we pick that up and redirect to couchtarts?
matthew black
information technology services
california state university, long beach
Referer is an HTTP header that can be included in requests to your web
server
- HTTP referer - Wikipedia
"man curl"
-e, --referer <URL>
(HTTP) Sends the "Referer Page" information to the HTTP
server. This can also be set with the -H, --header flag of course. When
used
with -L, --location you can append ";auto" to the
--referer URL to make curl automatically set the previous URL when
it follows a
Location: header. The ";auto" string can be used alone,
even if you don't set an initial --referer.
$ curl -v -e 'http://google.com' csulb.edu
* About to connect() to csulb.edu port 80 (#0)
* Trying 134.139.1.60...
* connected
* Connected to csulb.edu (134.139.1.60) port 80 (#0)
GET / HTTP/1.1
User-Agent: curl/7.24.0 (x86_64-pc-linux-gnu) libcurl/7.24.0
In article <ED78B1C68B84A14FA706D13A230D7B431954E95B@ITS-MAIL01.campus.ad.csulb.edu> you write:
I'm not familiar with curl and don't understand what I type and what are results. Are you suggesting that when
google refers to our website, we pick that up and redirect to couchtarts?
curl is a command line www client that's worth knowing about.
And I observe the same thing, using my own local DNS cache -- if I
fetch the home page from csulb.edu or www.csulb.edu with Google as the
referrer, it returns a page that redirects to couchtarts.
My e-mail was showing extra stuff at the end of the sample command lines, which confused me:
Airy:~ user$ curl -e 'http://google.com' csulb.edu <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head>
...................................................###############################################################
Sigh, I just Outlook not to strip extra line breaks.
matthew black
information technology services
california state university, long beach