Forum: NGINX Phantom Redirect

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
BJ Clark (Guest)
on 2009-01-20 22:26
(Received via mailing list)
Hello all,

I'm having the most puzzling problem. I am getting a very strange
redirect:

http://kritiq.us/



GET / HTTP/1.1

Host: kritiq.us

User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;
rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive



HTTP/1.x 302 Moved Temporarily

Server: nginx/0.6.16

Date: Tue, 20 Jan 2009 20:05:28 GMT

Content-Type: text/html

Connection: keep-alive

X-Powered-By: PHP/5.2.0-8+etch13

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Tue, 20 Jan 2009 20:05:27 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0

Pragma: no-cache

Location:
http://sedoparking.com/search/registrar.php?domain...

Vary: User-Agent,Accept-Encoding

Content-Encoding: gzip

Content-Length: 170

X-Cache: MISS from 226072



I have no idea where this redirect is coming from. I have no idea what
sedoparking is. I don't have any PHP on the server, or even have it
installed, for all I know. This is a rails project, it's using the
config here:
http://pastie.org/365988


Can anyone give me a direction on this? I'm completely lost as to where
this is coming from and how to stop it.


BJ Clark
Juan Fco. Giordana (Guest)
on 2009-01-20 22:43
(Received via mailing list)
Seems an expired domain to me.
Jeff E. (Guest)
on 2009-01-21 00:04
(Received via mailing list)
Check that your DNS isn't pointing to Sedo's parking servers.
Cliff W. (Guest)
on 2009-01-21 06:55
(Received via mailing list)
The domain isn't expired (I checked), but it might also be a problem
with Slicehost.   Does the version of Nginx listed in the HTTP headers
match the actual version you have installed?   It might be Slicehost
uses Nginx and *they* are redirecting your domain.

Cliff
BJ Clark (Guest)
on 2009-01-21 07:08
(Received via mailing list)
Yes, it looks like it's the same Nginx.

I'm now looking into if this is a security issue (ie, I was somehow
haxored and have figured it out).

I contacted slicehost and they've never seen anything like this either.

BJ Clark
Cliff W. (Guest)
on 2009-01-21 21:11
(Received via mailing list)
On Tue, 2009-01-20 at 20:58 -0800, BJ Clark wrote:
> Yes, it looks like it's the same Nginx.
>
> I'm now looking into if this is a security issue (ie, I was somehow
> haxored and have figured it out).

Try disabling Nginx altogether in your VPS and see if it still happens.
You might even try running a different service on port 80.

If it still happens then I'd venture that your domain name isn't
pointing to the correct IP address or that something is misconfigured on
Slicehost's end (they are sending the IP to the wrong VPS).

Cliff
This topic is locked and can not be replied to.