UPC Ireland, DNS hijacking, and Bender Bending Rodríguez
I recently read a post on Twitter mentioning how UPC Ireland have started to implement DNS hijacking: redirecting the resolution of non-existent domain names to sponsored pages of spam, ads and other not-nice things.
In the spirit of equal time, UPC Ireland seem to refer to this practice as helpfully pointing non-existent domains to their “Chorus ntl search results page”.
Your mileage, as always, may vary.
This qualifies as a Bad Thing on many levels, but mainly because after being involuntarily “opted-in” to this service, there is no corresponding “opt-out” available. For the customer, there is no clear pointer to how to turn this “service” off.
The best thing that UPC Ireland have offered their customers is a generic walk-through on how to change their computer’s settings to avoid seeing these pages.
This walk-through is detailed in a PDF (a PDF?!??) on UPC Ireland’s website.
Seeing this information stored in Portable Document Format instead of a plain HTML page pains me greatly, so I have converted this PDF to HTML (using Zamzar) and put it online here. It’s ugly, the formatting is disgusting, but at least I can READ THE CONTENTS WITHOUT A PLUG-IN.
(Sorry – rant over.)
The super-short solution to getting rid of UPC Ireland’s DNS hijacking is:
change your computer’s DNS settings to use 89.101.160.8 and 89.101.160.9, instead of relying on the settings you receive automagically from your router.
After that, you should be free to mis-type any URLs you like without fear of spamification.
Tangent #1:
I wanted to find out a bit more about why – and for how long – this was happening I started by looking at CaptSolo’s tweet here.
He shows an example of what happens when a UPC Ireland customer browses the web for a non-existent URL (using curl, natch) and displaying the output showing where the request redirects to.
You can see how the search function works on your own browser by going to UPC Ireland’s website and using a non-existent domain for testing.
Let’s use “www.bitemyshinymetalass.ie” for this, shall we?
http://search.upc.ie/upcieassist/dnsassist/main/?domain=www.bitemyshinymetalass.ie
Note that this domain doesn’t actually exist, so users will get UPC Ireland’s “suggestions” on what you might be looking for… and they are some pretty awesome suggestions, indeed.
YEAH!!!
I am a firm believer that when your ISP offers you the opportunity to buy “sex toys” and indulge in “sex dating” when you mis-type a URL, you’ve got to seize that opportunity with both hands… and choke it until it dies.
Tangent #2:
The UPC Ireland hijack spam is coming from some other company, though. Let’s use a little dig action to find out where:
will@zendo:~$ dig search.upc.ie ANY
;; ANSWER SECTION:
search.upc.ie. 86400 IN CNAME upcieassist.infospace.com.
So, we find that this is InfoSpace’s DNS Error Assist Service, which sells itself quite brazenly:
InfoSpace’s service offers an effective way for ISPs to generate significant revenue by providing relevant search results for errors resulting from mistyped keywords and domain names through the browser address bar.
With highly relevant results that blend organic and sponsored results, InfoSpace helps generate more revenue through clicks from your users than any individual search engine.
…they forgot to mention the pr0n links, but I digress.
A little more dig…
will@zendo:~$ dig upcieassist.infospace.com ANY
;; ANSWER SECTION:
upcieassist.infospace.com. 30 IN CNAME assist.infospace.com.will@zendo:~$ dig assist.infospace.com ANY
;; ANSWER SECTION:
assist.infospace.com. 30 IN A 67.63.58.69
According to ARIN, it seems like customers’ mis-typed URL requests are being forwarded over to America.
Wow – go U.S.A., indeed.
Tangent #3:
This same DNS hijacking has been taking place in other UPC Broadband companies – such as UPC Nederland and UPC Austria – for a while now.
Here’s a UPC Nederland user having issues on 30 May 2009: “hijacking NXDOMAIN”
Here’s a UPC Austria user having issues on 06 Apr 2009: “soo 1.0″
If it makes you feel better, UPC Ireland users… you’re not alone.
Tangent #4:
ICANN – you know, the guys who manage the top-level domain – have dealt with DNS hijacking in the past. You know how they dealt with it? They threatened to put the offending company out of business.
They have specifically condemned this type of activity, and in the past have stated quite clearly (PDF warning!) the following:
Third parties should disclose that they practice NXDomain response modification and provide opportunities for customers to opt out.
Yes, UPC – this means you. Besides, Bender wouldn’t want his good (non-existent domain) name besmirched by such filth.
If you want to learn more about DNS hijacking and UPC, you can do so by starting at these links and branching out from there:
UPC Hijacking HTTP requests for non-existing domains?
Comcast’s “Domain Helper” info
Help! My provider hijacks my DNS requests!
UPDATE (21 Oct 2009): I have been informed by some users that UPC Ireland are periodically disabling their DNS hijacker “feature”, so if you’ve read this post and are now going, “What the hell was that all about?” … now you know.