How to Avoid and Solve DNS Hijacking

Although we often go online, not everyone knows the mechanism behind opening a web page. There are many links in Web browsing, and there are many opportunities to be hijacked, among which DNS is very easy to be manipulated.

Since entering the network era, people’s lives have become more and more colorful, but there are also many more worries. For example, the vast masses of garbage and abyss that appear from time to time in the information ocean are extremely defensible.

What I’m talking about here is that in the process of surfing the Internet, a web page with a good end suddenly becomes a full-screen advertisement; or the pages that could normally be visited suddenly can’t be opened, but software like QQ can login normally. What is the cause of this? In fact, these disturbing anomalies mean that you may be the victim of DNS hijacking and poisoning.

What exactly is DNS?

Although we often go online, not everyone knows the mechanism behind opening a web page. Click the mouse, the web page is presented in front of us, how familiar with the operation, but behind this familiar operation, there is a set of interlocking processes. From the user clicking on the mouse, knocking on the return, to the web page display, the information will first be sent through the browser, then routed, then DNS will resolve the domain name into IP, after finding the server, the server will send the content to the user, then routed and forwarded the data, and finally the browser will present the content to the user. Depending on the actual situation, there may be more barriers in this process, such as firewalls, proxy servers and so on.

In this process, whether there are betrayers in any link such as browser, routing, DNS, server, etc., it may lead to the inaccessibility of web pages. Perhaps DNS is the most tampered with. DNS is the domain name system, which plays a role in resolving domain names into IP addresses. We can access a website by connecting to the IP address of the server of the website. DNS plays a role in resolving “www.baidu.com” into “123.125.114.144” IP address, so that you can connect to the server of this address to visit the website.

There are too many factors that can affect DNS in the process of Internet access, such as your PC settings, router settings, operator settings and so on. Once DNS makes mistakes, it will not be able to parse the domain name into the correct IP address, and we naturally can not access the correct page. Therefore, if you find that you can’t open a web page, but the network software that connects directly to IP such as QQ can work properly, then DNS is a very doubtful reason.

What are the consequences of DNS errors?

DNS can be influenced by too many factors, so many stakeholders will do something about it. For example, DNS hijacking is a very common means of advertising. Normally, if you don’t set up a DNS server in particular, the DNS server will be provided by the operator. In principle, the DNS servers provided by operators should be used to provide you with IP jumps correctly, but the personality of many operators’DNS servers is not impressive. Often you can see what pages the operator will jump you to, such as a set of online meals, or even a situation where you enter A shopping network but are jumped to competitor B. This is called DNS hijacking.

Avoiding the loss of DNS hijacking

In fact, DNS hijacking is not a new thing, nor can it be prevented. Baidu’s black incident once again reveals the vulnerability of the global DNS system, and shows that if Internet manufacturers only have security plans for their own information systems, they will not be able to quickly respond to comprehensive and complex threats. Therefore, it is necessary for us to prepare a website monitoring tool to help ourselves monitor the website. For example: IIS7 website monitoring tool.

The advantage of IIS7 website monitoring is that it can monitor the website 24 hours a day, detect whether the website has been hijacked, hijacked after the invasion, by the wall, in which areas can not be opened, and so on. In the process of monitoring, once the website is abnormal, it will send an email notification immediately, so that we can deal with the problem in time and avoid the loss caused by DNS hijacking.

DNS Hijacking Solution

For some unknown reasons, automatic repair is unsuccessful in very few cases. It is recommended that you modify it manually. At the same time, in order to avoid being attacked again, even if the repair is successful, users can modify the login username and password of the router according to 360 or Tencent computer stewardship prompts. The modification method is illustrated with the TP-link router commonly used by users as an example (other brand routers are similar to this method).

Manually modify DNS

  1. Enter: http://192.168.1.1 in the address bar (try: http://192.168.0.1 if the page cannot be displayed).
  2. Fill in the user name and password of your router and click OK.
  3. In the “DHCP Server-DHCP” service, fill in the main DNS server for a more reliable 114.114.114.114 address, the standby DNS server for 8.8.8.8, click save.

Modifying Router Password

  1. Enter: http://192.168.1.1 in the address bar (try: http://192.168.0.1 if the page cannot be displayed).
  2. Fill in the user name and password of your router. The initial user name of the router is admin, and the password is admin. If you have changed it, fill in the modified user name and password and click “OK”.
  3. After filling in correctly, it will enter the router password modification page, and the modification can be completed in the system tool – modifying the login password page (the original user name and password are the same as those in 2).