m.facebook.com redirects to a russian website
-
ratchetranger last edited by
I can't edit the first post, so here are some others informations :
- It seems only http://m.facebook.com/ lead to a redirection : https doesn't
- With others browsers (like Chrome), no redirection
- I tested with two others smartphones, Opera was never installed on them : redirection when using Opera + data save mode
About network : tested with 4G and Wifi, with differents ISP
About phones : one Huawei on Android 5.0, one Huawei on Android 6.0, one Honor on Android 7.1
-
leocg Moderator Volunteer last edited by
I couldn't reproduce it here, m.facebook.com leads to Facebook page.
-
all-lala last edited by
Hi,
Same issue for me.
m.facebook.com redirect to filmweb pl.It's only appear if i select nav bar and clic on facebook icon in recent/sugested website.
Ps: sory for my very bad english
-
kamenlitchev last edited by
Same here - 2 different Androids on two different networks. Selecting from recently used redirects to some Polish auction sites.
-
leocg Moderator Volunteer last edited by
Opera 42.7.2246.114996 here and I still can't reproduce it, typing m.facebook.com or www.facebook.com leads to Facebook page.
Even using http it redirects to the secure page.
-
ericuno last edited by
I'm having the same problem, I can't get into facebook, it will only send me to a blank page or a random page sometimes, what's happening
-
ericuno last edited by
Has there been any solution to this? I still can't open facebook, and I'm thinking on going back to Chrome already
-
A Former User last edited by
Have you tried cleaning up your browser? Cache and temporary files? Maybe you have some adware plugins that redirect specific sites?
-
kamenlitchev last edited by
Have you tried cleaning up your browser? Cache and temporary files? Maybe you have some adware plugins that redirect specific sites?
Hey, gabrieljonathan123, it is Android app - no plugins there. Yet, it happens to a few people, so it is not user-specific issue. My wife came complaining that this happened and when I checked on my Opera - it did happen, too. Since I never user Facebook, for me it was not for sure caching issue.
-
A Former User last edited by
Whoops! Confused it with different mobile browsers functionality, Opera indeed does not have plugins on android. Try cleaning up cached files and cookies, maybe even doing a Malwarebytes scan.
-
thegilroy last edited by
Having The Same issue on Galaxy S5. Android 6.0.1 no root.
First I suspected some Kind of DNS poisoning. When this First happened, my xmpp Client could Not Connect properly, supporting My theory. But it also happened via GSM mobile Internet, making at least MITM pretty unlikely. And I can Work around by explicitly connecting via HTTPS. I'm going to reproduce it while Monitoring my Network, maybe I can find Out further information.
-
axtamar last edited by
Hi,
When data saving mode is enabled, when I go to m.facebook.com, I am redirected to m.tabor.ru (a russian website).
What the hell ? Has Opera servers been hacked in some way ?
Everything is normal with data saving mode disabled.Maybe virus attacked your device.
-
thegilroy last edited by
Well, didn't work out. I couldn't reproduce it yesterday. I can't even force a connection via http instead of https, which makes it really hard to reproduce it on purpose, when I want it to happen.
Nevertheless, this looks like some kind of DNS bamboozle to me.
It is pretty obvious that the Domain isn't resolved correctly, this indicates either a corrupted DNS Server, a DNS poisoning on the mobile phone or a DNS spoofing attack. I'm pretty sure that it is not the latter, because DNS spoofing on GSM requires really much work and hardware, making it pretty unlikely. Also, I think that facebook is using own DNS servers, so I'm assuming that they would be aware if a server would misbehave, and take efforts to fix it within a few hours.
Leaving me with the conclusion that it's a DNS poisoning, either replacing the DNS server adress for http://m.facebook.com with the one of tabor.ru (on the phone, which you might call a virus infection) or replacing the IP adress of facebook.com with the one of tabor.ru when connecting via http to the DNS server, making it an attack on the DNS server side.We all should be aware that this is a security risk. Basically, we are sending our login data via an insecure or currupted DNS server, making it an easy target for a skilled person, and a potential risk of identity theft and stuff. Even if what we are experiencing is not an attempt of identity theft itself, but only a mostly harmless - yet aggressive - form of spam, don't forget about the fact that everyone in this thread including myself is yelling "My phone is not secure!" out into the internet.
-
thegilroy last edited by
Sorry for Double Posting, but I wanted this separated. I might have found a fix, Not only a workaround.
I checked The Update history and found that my Android Assistant App has received an Update right before The First occurance of our phenomenon. So I tried several Android Virus Scanners and I found Android/domob.A within Android Assistant. This is quite smart, looking at it from The perspective of a Malware coder, hiding malicious Code within an App that natively requires pretty deep System permissions to so The Job ist's designed to. Alright, I installed eset mobile Security and just removed The Malware. At least give it a try, the only Thing that can Happen is finding malicious Software.If you find something:
Keep in Mund that a system that has been compromised should ne Seen as compromised whether you remove The Virus or don't. Your Phone is Not save anymore anderen should receive a hard reset. DON'T DO THIS ON YOUR OWN unless you know really what you are doing. You might lose Warrant and stuff.
Also, Take this as a Lesson and learn how to safely Use and secure your phones.A few Information on The Malware:
https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-4235-99Domob transmits your IMEI, your device Informations, Location, SIM-ID, GSM and Network information and many other sensible Data. The skilled Person from my Last Post can do REALLY odd stuff with this. Read about it on your own, and become an expert in The Systems you rely on.
Also sorry for the misspelling anderen stuff, I am writing this from The Toilet at Work and don't have time for Double checking. Excuse me.
-
ratchetranger last edited by
Hi,
I can't reproduce the issue anymore. However, that's weird to see that others people are redirected to others strange websites.
Opera 42.7.2246.114996 here and I still can't reproduce it, typing m.facebook.com or www.facebook.com leads to Facebook page.
Typing "m.facebook.com" is not enough, because it require forcing http → "http://m.facebook.com" (notice the "http://" as prefix). Plus, if the DNS server hypothesis (see below) is correct and we don't use the same Opera Turbo server, maybe you're not at risk. Because I'm in France, according to a network sniffing app, I use a Opera Server located in the Europe.
Try cleaning up cached files and cookies, maybe even doing a Malwarebytes scan
Clean cache is not enough : next time I went to http://m.facebook.com, I was redirected with Opera Turbo/Data saving mode. But it was enough to go to genuine Facebook without Opera Turbo/data saving mode.
Malwarebyte scan → done.First I suspected some Kind of DNS poisoning.
Same. As far as I understand, when you use Opera Turbo/data saving mode, you use Opera DNS servers. That would mean Opera DNS servers are not trustworthy.
So I tried several Android Virus Scanners and I found Android/domob.A within Android Assistant.
What scaner did you use ?
Maybe virus attacked your device.
devices*. That's highly unlikely, because :
- 1 of the 3 smartphones tested never accessed the Play Store before downloading Opera, no third-party app from an other store ... Just default apps.
- on these 3 smartphones, http://m.facebook.com always redirected to the SAME website (tabor.ru)
- the redirection happens ONLY when those two conditions were met :
- Browser is Opera Android
- Opera Turbo/data saving mode is enabled
-
thegilroy last edited by
I used eset mobile Scanner. It doesn't occur anymore, or at least it didn't so far.
Also, I never enabled Data saving Mode, itvdid Happen without it. Forgot to mention, sorry. -
A Former User last edited by
With that many issues, I would recommend backing up important files, factory reset the phone and be done with it. A fast solution, might not be the most comfortable one, but effective.