Phantom Redirect

BJ Clark bjclark at me.com
Wed Jan 21 07:58:07 MSK 2009


Yes, it looks like it's the same Nginx.

I'm now looking into if this is a security issue (ie, I was somehow  
haxored and have figured it out).

I contacted slicehost and they've never seen anything like this either.

BJ Clark



On Jan 20, 2009, at 8:44 PM, Cliff Wells wrote:

> The domain isn't expired (I checked), but it might also be a problem
> with Slicehost.   Does the version of Nginx listed in the HTTP headers
> match the actual version you have installed?   It might be Slicehost
> uses Nginx and *they* are redirecting your domain.
>
> Cliff
>
> On Tue, 2009-01-20 at 12:16 -0800, BJ Clark wrote:
>> Hello all,
>>
>> I'm having the most puzzling problem. I am getting a very strange  
>> redirect:
>>
>> http://kritiq.us/
>>
>>
>>
>> GET / HTTP/1.1
>>
>> Host: kritiq.us
>>
>> User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;  
>> rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5
>>
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ 
>> *;q=0.8
>>
>> Accept-Language: en-us,en;q=0.5
>>
>> Accept-Encoding: gzip,deflate
>>
>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>>
>> Keep-Alive: 300
>>
>> Connection: keep-alive
>>
>>
>>
>> HTTP/1.x 302 Moved Temporarily
>>
>> Server: nginx/0.6.16
>>
>> Date: Tue, 20 Jan 2009 20:05:28 GMT
>>
>> Content-Type: text/html
>>
>> Connection: keep-alive
>>
>> X-Powered-By: PHP/5.2.0-8+etch13
>>
>> Expires: Mon, 26 Jul 1997 05:00:00 GMT
>>
>> Last-Modified: Tue, 20 Jan 2009 20:05:27 GMT
>>
>> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,  
>> pre-check=0
>>
>> Pragma: no-cache
>>
>> Location: http://sedoparking.com/search/registrar.php?domain=kritiq.us&registrar=sedopark
>>
>> Vary: User-Agent,Accept-Encoding
>>
>> Content-Encoding: gzip
>>
>> Content-Length: 170
>>
>> X-Cache: MISS from 226072
>>
>>
>>
>> I have no idea where this redirect is coming from. I have no idea  
>> what sedoparking is. I don't have any PHP on the server, or even  
>> have it installed, for all I know. This is a rails project, it's  
>> using the config here:
>> http://pastie.org/365988
>>
>>
>> Can anyone give me a direction on this? I'm completely lost as to  
>> where this is coming from and how to stop it.
>>
>>
>> BJ Clark
>>
>>
>
>






More information about the nginx mailing list