DNS Hijacked?



  • This morning I was browsing the finance.yahoo.com site and when I clicked on a ticker symbol to get the current market info, a page came up that said my computer is locked up and I needed to call the number on the page to prevent data loss.

    At first I panicked thinking my laptop has malware, but then I realized I am still in the browser and just closed out the tab.

    I have pfBlockerNG with DNSBL enabled and all my DNS queries are redirected to my pfSense to ensure it uses the default pfSense settings (root servers).  I ran a Windows defender quick scan and everything came back normal on my laptop.  Given that I have pfBlocerNG and DNSBL running, I am now surprised that I even landed on the scam page.

    Can someone explained how I could have been redirected to this scam page?  Is this something I need to check on my laptop?



  • https://forum.pfsense.org/index.php?topic=143474.0 read then check the DNS results, if they are fine it's either a compromised website (yahoo has a history of security fails) or something on your laptop.



  • I checked the DNS at whatsmydns.net and it came back with all green check marks.  I assume that is good.  As far as the rest of the thread, there were a lot of commands that went over my head.

    I have not seen the problem since that one incident.  It so happened when this incident happened, the finance.yahoo.com site was real sluggish and I would get a lot of connection errors.  So maybe yahoo was under attacked?

    I did a full scan of my laptop with Windows defender and it came back clean.