RE: paypal down!

>>> Internal Server Error
>>> The server encountered an internal error or
misconfiguration and was
>>> unable to complete your request.
>>> Please contact the server administrator,
>> and inform
>>> them of the time the error occurred, and anything you might
>> have done
>>> that may have caused the error.
>>> More information about this error may be available in the
>> server error
>>> log.
>> Works for me. Same BS splash advertising that always comes
>> up. Damn that
>> is annoying.
> Yes, but it *is* up. Same here. Probably one of the rotation web
> servers had
> an issue or something minor.

Or there's a chance that you've got a trojan/malware install on the

No chance. Do you have the attributions wrong here? Even your own website
says that 404's are 70% burp-factor - which I would tend to agree with
for the most part. Not enough httpd spurned, reloads, bad pages, etc.

And oddly enough, no mention of the possibility of malware. Time to
update. :slight_smile:


Sorry, I guess I wasn't quite clear. No, I'm not suggesting that you specifically have a trojan on your system(I know from your reputation that's not happening :slight_smile: ), or that I believed that malware was definitively the cause for the original poster's problem either.

The point I was trying to make was malware does cause these exact problems, and those attempting to support end users reporting these problems need to keep trojans and other spyware in mind when researching "{big_important_site} is down!!!' complaints, when it appears to be up from everywhere else you look.

One really strange example happened about 6 months ago. One of our "adult oriented" customers started getting emails from people saying that their adult site was showing up to lots of users when they tried visiting a certain list of sites (PayPal, eBay, Google, CNN, Hotmail, etc). These users could still access small sites fine, but when they entered any of the larger sites in their browser, they got a rather graphic page from porn site instead. We took down the page that the viewers were being redirected to and put a "Seeing this message instead of the site you expected? Email us for help". After talking to a few dozen people who wrote in, we finally figured it out. It turns out that the common thing between all the people sending complaints about this was that they were infected with an MSIE "Browser Helper Object" that was redirecting traffic to any of these sites to a HTTP proxy in Russia. This proxy was taking any request and redirecting them to my client's URL. I'm guessing they were sniffing for private info or inserting pops in the HTML or something, and decided they were done. Why they didn't just kill the proxy server instead of showing unsuspecting users "adult materials" isn't really clear, unless it was meant to be some juvenile "fun".

I'd be curious to see if anyone on the ISP side of things has made a list of recent/common IP addresses and hostnames that malware attempts to connect to or resolve, and looked for accesses in name server logs and netflow records to get an idea of what percentage of end-users end up hitting them. I'm willing to bet it's disturbingly high.

-- Kevin

(And I can't take credit for 404lab, not my site at all) :slight_smile: