New Opera Forums launching soon!
Discussion thread

m.facebook.com redirects to a russian website

ratchetranger
ratchetranger

4 posts

    Hi,

    When data saving mode is enabled, when I go to m.facebook.com, I am redirected to m.tabor.ru (a russian website). What the hell ? Has Opera servers been hacked in some way ? Everything is normal with data saving mode disabled.

    23 Replies - 1344 Views

    ratchetranger
    1 0
    ratchetranger

    4 posts

      I can't edit the first post, so here are some others informations :

      • It seems only http://m.facebook.com/ lead to a redirection : https doesn't
      • With others browsers (like Chrome), no redirection
      • I tested with two others smartphones, Opera was never installed on them : redirection when using Opera + data save mode

      About network : tested with 4G and Wifi, with differents ISP

      About phones : one Huawei on Android 5.0, one Huawei on Android 6.0, one Honor on Android 7.1

      leocg
      0 0
      leocg

      13242 posts

      • Moderator
      • 10000 posts

      I couldn't reproduce it here, m.facebook.com leads to Facebook page.

      plusminus1
      0 0
      plusminus1

      8 posts

        Can confirm, m.facebook.com redirects if used without Https.

        all-lala
        0 0
        all-lala

        1 posts

          Hi,

          Same issue for me. m.facebook.com redirect to filmweb pl.

          It's only appear if i select nav bar and clic on facebook icon in recent/sugested website.

          Ps: sory for my very bad english

          kamenlitchev
          0 0
          kamenlitchev

          3 posts

            Same here - 2 different Androids on two different networks. Selecting from recently used redirects to some Polish auction sites.

            leocg
            0 0
            leocg

            13242 posts

            • Moderator
            • 10000 posts

            Opera 42.7.2246.114996 here and I still can't reproduce it, typing m.facebook.com or www.facebook.com leads to Facebook page.

            Even using http it redirects to the secure page.

            ericuno
            0 0
            ericuno

            2 posts

              I'm having the same problem, I can't get into facebook, it will only send me to a blank page or a random page sometimes, what's happening

              4k1l
              0 0
              4k1l

              1 posts

                Can confirm, m.facebook.com redirects to filmweb. pl using opera on android

                ericuno
                0 0
                ericuno

                2 posts

                  Has there been any solution to this? I still can't open facebook, and I'm thinking on going back to Chrome already

                  leocg
                  0 0
                  leocg

                  13242 posts

                  • Moderator
                  • 10000 posts

                  Has there been any solution to this?

                  It was reported? I'm still not facing such issue.

                  gabrieljonathan123
                  0 0
                  gabrieljonathan123

                  48 posts

                    Have you tried cleaning up your browser? Cache and temporary files? Maybe you have some adware plugins that redirect specific sites?

                    kamenlitchev
                    0 0
                    kamenlitchev

                    3 posts

                      Have you tried cleaning up your browser? Cache and temporary files? Maybe you have some adware plugins that redirect specific sites?

                      Hey, gabrieljonathan123, it is Android app - no plugins there. Yet, it happens to a few people, so it is not user-specific issue. My wife came complaining that this happened and when I checked on my Opera - it did happen, too. Since I never user Facebook, for me it was not for sure caching issue.

                      gabrieljonathan123
                      0 0
                      gabrieljonathan123

                      48 posts

                        Whoops! Confused it with different mobile browsers functionality, Opera indeed does not have plugins on android. Try cleaning up cached files and cookies, maybe even doing a Malwarebytes scan.

                        thegilroy
                        0 0
                        thegilroy

                        4 posts

                          Having The Same issue on Galaxy S5. Android 6.0.1 no root.

                          First I suspected some Kind of DNS poisoning. When this First happened, my xmpp Client could Not Connect properly, supporting My theory. But it also happened via GSM mobile Internet, making at least MITM pretty unlikely. And I can Work around by explicitly connecting via HTTPS. I'm going to reproduce it while Monitoring my Network, maybe I can find Out further information.

                          axtamar
                          0 0
                          Soccer

                          48 posts

                          • Server monkey

                          Hi, When data saving mode is enabled, when I go to m.facebook.com, I am redirected to m.tabor.ru (a russian website). What the hell ? Has Opera servers been hacked in some way ? Everything is normal with data saving mode disabled.

                          Maybe virus attacked your device.

                          thegilroy
                          0 0
                          thegilroy

                          4 posts

                            Well, didn't work out. I couldn't reproduce it yesterday. I can't even force a connection via http instead of https, which makes it really hard to reproduce it on purpose, when I want it to happen. Nevertheless, this looks like some kind of DNS bamboozle to me. It is pretty obvious that the Domain isn't resolved correctly, this indicates either a corrupted DNS Server, a DNS poisoning on the mobile phone or a DNS spoofing attack. I'm pretty sure that it is not the latter, because DNS spoofing on GSM requires really much work and hardware, making it pretty unlikely. Also, I think that facebook is using own DNS servers, so I'm assuming that they would be aware if a server would misbehave, and take efforts to fix it within a few hours. Leaving me with the conclusion that it's a DNS poisoning, either replacing the DNS server adress for http://m.facebook.com with the one of tabor.ru (on the phone, which you might call a virus infection) or replacing the IP adress of facebook.com with the one of tabor.ru when connecting via http to the DNS server, making it an attack on the DNS server side.

                            We all should be aware that this is a security risk. Basically, we are sending our login data via an insecure or currupted DNS server, making it an easy target for a skilled person, and a potential risk of identity theft and stuff. Even if what we are experiencing is not an attempt of identity theft itself, but only a mostly harmless - yet aggressive - form of spam, don't forget about the fact that everyone in this thread including myself is yelling "My phone is not secure!" out into the internet.

                            thegilroy
                            0 0
                            thegilroy

                            4 posts

                              Sorry for Double Posting, but I wanted this separated. I might have found a fix, Not only a workaround. I checked The Update history and found that my Android Assistant App has received an Update right before The First occurance of our phenomenon. So I tried several Android Virus Scanners and I found Android/domob.A within Android Assistant. This is quite smart, looking at it from The perspective of a Malware coder, hiding malicious Code within an App that natively requires pretty deep System permissions to so The Job ist's designed to. Alright, I installed eset mobile Security and just removed The Malware. At least give it a try, the only Thing that can Happen is finding malicious Software.

                              If you find something: Keep in Mund that a system that has been compromised should ne Seen as compromised whether you remove The Virus or don't. Your Phone is Not save anymore anderen should receive a hard reset. DON'T DO THIS ON YOUR OWN unless you know really what you are doing. You might lose Warrant and stuff. Also, Take this as a Lesson and learn how to safely Use and secure your phones.

                              A few Information on The Malware: https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-4235-99

                              Domob transmits your IMEI, your device Informations, Location, SIM-ID, GSM and Network information and many other sensible Data. The skilled Person from my Last Post can do REALLY odd stuff with this. Read about it on your own, and become an expert in The Systems you rely on.

                              Also sorry for the misspelling anderen stuff, I am writing this from The Toilet at Work and don't have time for Double checking. Excuse me.

                              ratchetranger
                              0 0
                              ratchetranger

                              4 posts

                                Hi,

                                I can't reproduce the issue anymore. However, that's weird to see that others people are redirected to others strange websites.

                                Opera 42.7.2246.114996 here and I still can't reproduce it, typing m.facebook.com or www.facebook.com leads to Facebook page.

                                Typing "m.facebook.com" is not enough, because it require forcing http → "http://m.facebook.com" (notice the "http://" as prefix). Plus, if the DNS server hypothesis (see below) is correct and we don't use the same Opera Turbo server, maybe you're not at risk. Because I'm in France, according to a network sniffing app, I use a Opera Server located in the Europe.

                                Try cleaning up cached files and cookies, maybe even doing a Malwarebytes scan

                                Clean cache is not enough : next time I went to http://m.facebook.com, I was redirected with Opera Turbo/Data saving mode. But it was enough to go to genuine Facebook without Opera Turbo/data saving mode. Malwarebyte scan → done.

                                First I suspected some Kind of DNS poisoning.

                                Same. As far as I understand, when you use Opera Turbo/data saving mode, you use Opera DNS servers. That would mean Opera DNS servers are not trustworthy.

                                So I tried several Android Virus Scanners and I found Android/domob.A within Android Assistant.

                                What scaner did you use ?

                                Maybe virus attacked your device.

                                devices*. That's highly unlikely, because :

                                • 1 of the 3 smartphones tested never accessed the Play Store before downloading Opera, no third-party app from an other store ... Just default apps.
                                • on these 3 smartphones, http://m.facebook.com always redirected to the SAME website (tabor.ru)
                                • the redirection happens ONLY when those two conditions were met :
                                  • Browser is Opera Android
                                  • Opera Turbo/data saving mode is enabled
                                thegilroy
                                0 0
                                thegilroy

                                4 posts

                                  I used eset mobile Scanner. It doesn't occur anymore, or at least it didn't so far. Also, I never enabled Data saving Mode, itvdid Happen without it. Forgot to mention, sorry.

                                  gabrieljonathan123
                                  0 1
                                  gabrieljonathan123

                                  48 posts

                                    With that many issues, I would recommend backing up important files, factory reset the phone and be done with it. A fast solution, might not be the most comfortable one, but effective.

                                    kamenlitchev
                                    0 0
                                    kamenlitchev

                                    3 posts

                                      "With that many issues on different phones" of different makes but same browser, I'd recommend backing up your bookmarks AND UNINSTALLING OPERA for some other browser.

                                      I did so on my wife's phone and - lo and behold - m.facebook.com works without issues.

                                      Obviously last thing any Opera employee (cough, cough, Qihoo) wants is help us. It seems like some management is trying to make the $600 mil deal worth it for the new king on the throne.

                                      So, forget it - Opera is no longer a browser - it is a Trojan horse invading your privacy. If it was some sane company, they'd have at least participated in a discussion that says loud and clear that their beloved software hijacks traffic.

                                      leocg
                                      0 0
                                      leocg

                                      13242 posts

                                      • Moderator
                                      • 10000 posts

                                      The issue was reported so they can check it? If so, post the bug ID (without the @ part) here for reference.

                                      I'm still unable to reproduce the problem here. I'm on a Moto x Play running Android 6.0.1 if that matters.

                                      Does it happen no matter if you use WI-Fi or mobile network?

                                      gabrieljonathan123
                                      0 0
                                      gabrieljonathan123

                                      48 posts

                                        Was thinking that it could be a router problem. DNS settings were altered, could cause such issues. You could try factory restarting the router.