m.facebook.com redirects to a russian website
-
thegilroy last edited by
Having The Same issue on Galaxy S5. Android 6.0.1 no root.
First I suspected some Kind of DNS poisoning. When this First happened, my xmpp Client could Not Connect properly, supporting My theory. But it also happened via GSM mobile Internet, making at least MITM pretty unlikely. And I can Work around by explicitly connecting via HTTPS. I'm going to reproduce it while Monitoring my Network, maybe I can find Out further information.
-
axtamar last edited by
Hi,
When data saving mode is enabled, when I go to m.facebook.com, I am redirected to m.tabor.ru (a russian website).
What the hell ? Has Opera servers been hacked in some way ?
Everything is normal with data saving mode disabled.Maybe virus attacked your device.
-
thegilroy last edited by
Well, didn't work out. I couldn't reproduce it yesterday. I can't even force a connection via http instead of https, which makes it really hard to reproduce it on purpose, when I want it to happen.
Nevertheless, this looks like some kind of DNS bamboozle to me.
It is pretty obvious that the Domain isn't resolved correctly, this indicates either a corrupted DNS Server, a DNS poisoning on the mobile phone or a DNS spoofing attack. I'm pretty sure that it is not the latter, because DNS spoofing on GSM requires really much work and hardware, making it pretty unlikely. Also, I think that facebook is using own DNS servers, so I'm assuming that they would be aware if a server would misbehave, and take efforts to fix it within a few hours.
Leaving me with the conclusion that it's a DNS poisoning, either replacing the DNS server adress for http://m.facebook.com with the one of tabor.ru (on the phone, which you might call a virus infection) or replacing the IP adress of facebook.com with the one of tabor.ru when connecting via http to the DNS server, making it an attack on the DNS server side.We all should be aware that this is a security risk. Basically, we are sending our login data via an insecure or currupted DNS server, making it an easy target for a skilled person, and a potential risk of identity theft and stuff. Even if what we are experiencing is not an attempt of identity theft itself, but only a mostly harmless - yet aggressive - form of spam, don't forget about the fact that everyone in this thread including myself is yelling "My phone is not secure!" out into the internet.
-
thegilroy last edited by
Sorry for Double Posting, but I wanted this separated. I might have found a fix, Not only a workaround.
I checked The Update history and found that my Android Assistant App has received an Update right before The First occurance of our phenomenon. So I tried several Android Virus Scanners and I found Android/domob.A within Android Assistant. This is quite smart, looking at it from The perspective of a Malware coder, hiding malicious Code within an App that natively requires pretty deep System permissions to so The Job ist's designed to. Alright, I installed eset mobile Security and just removed The Malware. At least give it a try, the only Thing that can Happen is finding malicious Software.If you find something:
Keep in Mund that a system that has been compromised should ne Seen as compromised whether you remove The Virus or don't. Your Phone is Not save anymore anderen should receive a hard reset. DON'T DO THIS ON YOUR OWN unless you know really what you are doing. You might lose Warrant and stuff.
Also, Take this as a Lesson and learn how to safely Use and secure your phones.A few Information on The Malware:
https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-4235-99Domob transmits your IMEI, your device Informations, Location, SIM-ID, GSM and Network information and many other sensible Data. The skilled Person from my Last Post can do REALLY odd stuff with this. Read about it on your own, and become an expert in The Systems you rely on.
Also sorry for the misspelling anderen stuff, I am writing this from The Toilet at Work and don't have time for Double checking. Excuse me.
-
ratchetranger last edited by
Hi,
I can't reproduce the issue anymore. However, that's weird to see that others people are redirected to others strange websites.
Opera 42.7.2246.114996 here and I still can't reproduce it, typing m.facebook.com or www.facebook.com leads to Facebook page.
Typing "m.facebook.com" is not enough, because it require forcing http → "http://m.facebook.com" (notice the "http://" as prefix). Plus, if the DNS server hypothesis (see below) is correct and we don't use the same Opera Turbo server, maybe you're not at risk. Because I'm in France, according to a network sniffing app, I use a Opera Server located in the Europe.
Try cleaning up cached files and cookies, maybe even doing a Malwarebytes scan
Clean cache is not enough : next time I went to http://m.facebook.com, I was redirected with Opera Turbo/Data saving mode. But it was enough to go to genuine Facebook without Opera Turbo/data saving mode.
Malwarebyte scan → done.First I suspected some Kind of DNS poisoning.
Same. As far as I understand, when you use Opera Turbo/data saving mode, you use Opera DNS servers. That would mean Opera DNS servers are not trustworthy.
So I tried several Android Virus Scanners and I found Android/domob.A within Android Assistant.
What scaner did you use ?
Maybe virus attacked your device.
devices*. That's highly unlikely, because :
- 1 of the 3 smartphones tested never accessed the Play Store before downloading Opera, no third-party app from an other store ... Just default apps.
- on these 3 smartphones, http://m.facebook.com always redirected to the SAME website (tabor.ru)
- the redirection happens ONLY when those two conditions were met :
- Browser is Opera Android
- Opera Turbo/data saving mode is enabled
-
thegilroy last edited by
I used eset mobile Scanner. It doesn't occur anymore, or at least it didn't so far.
Also, I never enabled Data saving Mode, itvdid Happen without it. Forgot to mention, sorry. -
A Former User last edited by
With that many issues, I would recommend backing up important files, factory reset the phone and be done with it. A fast solution, might not be the most comfortable one, but effective.
-
kamenlitchev last edited by
"With that many issues on different phones" of different makes but same browser, I'd recommend backing up your bookmarks AND UNINSTALLING OPERA for some other browser.
I did so on my wife's phone and - lo and behold - m.facebook.com works without issues.
Obviously last thing any Opera employee (cough, cough, Qihoo) wants is help us. It seems like some management is trying to make the $600 mil deal worth it for the new king on the throne.
So, forget it - Opera is no longer a browser - it is a Trojan horse invading your privacy. If it was some sane company, they'd have at least participated in a discussion that says loud and clear that their beloved software hijacks traffic.
-
leocg Moderator Volunteer last edited by
The issue was reported so they can check it? If so, post the bug ID (without the @ part) here for reference.
I'm still unable to reproduce the problem here. I'm on a Moto x Play running Android 6.0.1 if that matters.
Does it happen no matter if you use WI-Fi or mobile network?
-
A Former User last edited by
Was thinking that it could be a router problem. DNS settings were altered, could cause such issues. You could try factory restarting the router.