Results 1 to 40 of 40

Thread: access to bmwz8.us from Andoid devices

  1. #1
    Team Z8 ZMates's Avatar
    Join Date
    Aug 2009
    Posts
    393

    access to bmwz8.us from Andoid devices

    Hi Andrew,

    I have 3 Android devices, none of which can acccess bmwz8.us. I get redirected to an "Opera" web site in Russian. Been having this trouble for months now. I'm sure this is not a conspiracy instigated by the Apple fanboys in our group , but would appreciate if you can take a look. Anyone else having trouble?
    Silver/black
    Dinan S2 package: headers, throttle bodies, oversized MAFs, airfilters, anti-roll bars, lightweight flywheel
    Dinan by Brembo brake kit and monoball control arm bushings
    BBS forged individual wheels
    Quaife differential, 3.64:1 final drive
    Meisterschaft GT titanium mufflers
    K&W 3 way adjustable competition monotube dampers and monoball adjustable mounts
    CDV delete

  2. #2
    We had a hack attack on the main site which did that a week ago, and we found and cleaned out the corrupt code, so my first thought is that you need to clear the cache in the Android browser first, and then see if it still happens.

    Once you've cleared the cache, and if it still does it can you take a photo of the screen so we can see where its redirecting too.
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  3. #3
    this just in from the tech team.....

    I've checked all the code and it looks ok on the server now. Might be something in Google's history that is causing this. I've added the site to Googles Webmaster tools and it's got a clean health check showing no Malware now.
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  4. #4
    Sport Button On
    Join Date
    Jun 2009
    Posts
    32
    Yes, same problem. Although, whereas I was getting redirected to the Opera.ru site, I now get redirected to Google.com via Skypeone.net! I have tried clearing all browser data to no avail. I have read of other sites where Android mobile browsers are being redirected to porn sites et al, but not other non-mobile browsers. Many sites have code to redirect to a mobile specific version of the site when a mobile browser is detected. In this case, that code has been hijacked to redirect to a site other than the mobile version. Has this been specifically checked for on the bmwz8.us site (it wouldn't necessarily show-up as malware)?

  5. #5
    I've forward this on to the tech team, so we'll see what they come back with.
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  6. #6
    this just in from the tech team....

    I think androids are still using historic data and directing users to google instead of the old malware site that's now been removed. The code now all looks clean here now.
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  7. #7
    Team Z8 ZMates's Avatar
    Join Date
    Aug 2009
    Posts
    393
    Quote Originally Posted by macfly View Post
    this just in from the tech team....

    I think androids are still using historic data and directing users to google instead of the old malware site that's now been removed. The code now all looks clean here now.
    Hi Andrew,

    I don't claim to be an expert, but what histric data would Android be using? My understanding is that the redirects are coming from either the bmwz8.us code or the host server software. The server recognizes an android device is making the request and sends a redirect to the skypeone.net site, which subsequently redirects to google.com. Google has nothing to do with directing internet traffic and I don't think redirects are stored by the browser...why would the redirect change from opera.ru to skypeone.net when the code was "fixed"? Again, I'm not an expert!

    Don't know whether it's relevant or not, but the redirects to opera.ru where going on for several months...certainly not an issue that started last week.

    thanks for trying, John
    Silver/black
    Dinan S2 package: headers, throttle bodies, oversized MAFs, airfilters, anti-roll bars, lightweight flywheel
    Dinan by Brembo brake kit and monoball control arm bushings
    BBS forged individual wheels
    Quaife differential, 3.64:1 final drive
    Meisterschaft GT titanium mufflers
    K&W 3 way adjustable competition monotube dampers and monoball adjustable mounts
    CDV delete

  8. #8
    This is all beyond me because it is my understanding that there is only one sniffer code that recognizes mobile devices, there isn't a separate code for Android, iPhone, iPad etc. I've forwarded your link to the tech team again, and we'll see what they say.

    Just a thought, the malware may have been able to embed its code into your device, it may be worth doing a clean erase-restore to see if that cleans it out?

    Also anyone else here on Android having the same issues?
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  9. #9
    Sport Button On
    Join Date
    Jun 2009
    Posts
    32
    If our Android devices had the malware it would affect all links attempted from that device (that's certainly the case when I've had one of these redirect viruses infect my PC). I can access all other sites with no problem, it is only bmwz8.us where this issue arises. I have also deleted all browser data and scanned my phone for malware (none) and the problem persists.

  10. #10
    I'm afraid we're at a dead end, because the tech team can't find anything, and I have no idea about any of this, so I can only apologize, this is beyond all of us here. :-(
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  11. #11
    Administrator thegunguy's Avatar
    Join Date
    Sep 2005
    Posts
    2,704
    The phone could absolutely be doing the redirect as Google's mobile browser uses some pretty aggressive caching functions to help improve speed, but since the cache has been cleared, I don't think this is the issue.

    On browser detection, there really is not such thing as blanket detecting of "mobile" devices. Rather each device/OS/browser combo has a unique browser agent that the server can request and serve specific assets. This gets tough as its easy to emulate other devices (which is important in testing for developers). What ends up happening is there are callouts, scripts, or plugins that try to enforce some logic based on matching terms in the agent strings, but there is lots of room for error in this, especially with SO MANY Android devices and software forks. IF, it is on the server side, my bet is there is something off in the .htaccess file which commonly covers how incoming traffic is triaged and treated. That being said, I trust Andrew's tech team to have investigated this possibility in their analysis.

    I'm going to wager that is a DNS issue with Google's records. I'm no Android expert, but knowing how Google thinks, I'd assume that they'd default DNS to their public 8.8.8.8 and 8.8.4.4 servers, instead of using the defaults for the connected network (home, wifi, etc.). These servers are notorious for filtering and manipulating traffic, often for speed but also for malware protection. I know sites that have had their IP spoofed by spammers only to have their domains blacklisted their email and web traffic redirected by servers like Google. With the recent malware attack on the Z8 site, I wonder if this has happened in their records. Since Andrew's team has the site registered with Google's Webmaster Tools, this is the case, it might clear up soon.

    Are there tools in the Android settings to list the DNS? Can you trace the path to the server? What browser are you using (Android mobile or Chrome)?
    thegunguy

  12. #12
    Sport Button On
    Join Date
    Jun 2009
    Posts
    32
    I had considered this myself (that it could be a problem with the DNS tables on the DNS server), but then discounted it since I have seen this problem at home and using various public wifi networks, and hence different DNS servers would be being used. But if as you say Android uses its own defaults for DNS servers and not those of the network ISP, then that could indeed be the problem. I will see if there's a way to find what IP addresses Android is using for the DNS servers on my phone.

  13. #13
    Administrator thegunguy's Avatar
    Join Date
    Sep 2005
    Posts
    2,704
    Again, I'm not sure if that's what they do, but knowing how Google likes to monitor every scrap of traffic, it's reasonable to investigate.
    thegunguy

  14. #14
    Team Z8 ZMates's Avatar
    Join Date
    Aug 2009
    Posts
    393
    ...just tried accessing the site from my wife's tablet, which has never accessed BMWZ8.US before. Had the same redirect problem, so it definitively is not something that the phone has stored.

    RE Google doing the DNS routing, if that was the problem, why would google have left the opera.ru redirect in place and then switch to the skypeone.net -> google redirect only when the code was "fixed"? It doesn't seem to add up...or am I missing something.

    On my phone/tablet I'm using the android browser. I tried using the Chrome browser on the PC without problem.
    Silver/black
    Dinan S2 package: headers, throttle bodies, oversized MAFs, airfilters, anti-roll bars, lightweight flywheel
    Dinan by Brembo brake kit and monoball control arm bushings
    BBS forged individual wheels
    Quaife differential, 3.64:1 final drive
    Meisterschaft GT titanium mufflers
    K&W 3 way adjustable competition monotube dampers and monoball adjustable mounts
    CDV delete

  15. #15
    Administrator thegunguy's Avatar
    Join Date
    Sep 2005
    Posts
    2,704
    Quote Originally Posted by ZMates View Post
    RE Google doing the DNS routing, if that was the problem, why would google have left the opera.ru redirect in place and then switch to the skypeone.net -> google redirect only when the code was "fixed"? It doesn't seem to add up...or am I missing something.
    DNS updates or redirects can take days ore even months if they're in reaction to a suspected malicious site. I've read of instances of good sites that get spoofed and then have to fight the blacklist for months.

    If Andrew's team resubmitted the site to Google's crawlers when the malicious code was removed last week, it could take some time for them to sync up even if they're now reporting the site clear.

    The network seems to be the most likely point to me from the reported data - 1) clients correct and 2) server correct. This is the basis for my suspicion on Google's Public DNS being the primary Android devices. Again, this may not be they way they are configured, but it's reasonable based on their business model.

    Short of that, it seems that Andrew and his team have done all that they can do.

    Not related: you might look in to using Chrome for mobile. It's odd that it is a separate browser from the Android mobile browser, but the Android users I know swear by Chrome on the go.
    thegunguy

  16. #16
    Sport Button On
    Join Date
    Jun 2009
    Posts
    32
    It doesn't appear to be the DNS server. I was just out for coffee at Peet's and using myresolver.info the DNS server for my Android phone there was reported as: 192.221.150.79 (dns-192-221-150-79.losangeles1.level3.net). At home it's reported as: 68.87.76.185 (sjos-dnssec02.sanjose.ca.sanfran.comcast.net). Neither of these are the aforementioned Google DNS servers. I also just tried accessing the bmwz8.us site using the Dolphin browser, same result as with the stock browser.

  17. #17
    Administrator thegunguy's Avatar
    Join Date
    Sep 2005
    Posts
    2,704
    Thanks! That does clear the theory on Google's Public DNS. Back to head scratching.
    thegunguy

  18. #18
    Z8 Madness
    Join Date
    Sep 2005
    Posts
    892
    Unlikely that this is a DNS issue. DNS returns 74.52.133.130 for bmwz8.us. Going to 74.52.133.130 takes you to the Host Gator hosting site. I assume that's the hosting company for this site. Host Gator must be using virtual hosting to host multiple domain names, including bmwz8.us. This is likely to be a server side issue. It may even be a Host Gator issue, in the unlikely event that they detect mobile clients and dispatch accordingly.
    2016 Porsche GTS/MT

  19. #19
    HostGator is indeed our server, but the site code simply sits on their servers, so I'm not sure if the trouble is with them, us or Android. I'm lost in a sea of confusion with this!!
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  20. #20
    Sport Button On
    Join Date
    Jun 2009
    Posts
    32
    There is no evidence thus far that the problem is with the Android client side devices. We have ruled out that it's Android using possibly corrupted DNS servers (by checking which DNS servers are being used), or is specific to a particular Android browser (by trying with different browsers), or malware on the Android device (by clearing the cache and also trying with devices that have never accessed the bmwz8.us site before). So by process of elimination this still points to a server-side problem. However, the techs say that it's not. Dead-end apparently. One point that needs to be made again, this all started long before last week (many months ago), so if the techs are saying the servers are clean based on the fact they corrected whatever the problem was last week, that does not imply they resolved this problem.

  21. #21
    Administrator thegunguy's Avatar
    Join Date
    Sep 2005
    Posts
    2,704
    Tony has a good point on a possible issue with the virtual hosting setup by HostGator.

    Can you guys with the Android phones do a trace of the path to bmwz8.us? This will help us determine if it's even making it to the server.
    thegunguy

  22. #22
    Z8 Madness
    Join Date
    Sep 2005
    Posts
    892
    I pinged from my Android phone and got the correct IP 74.52.133.130. This problem, is originating from Host Gator going up to the web application (server side).
    2016 Porsche GTS/MT

  23. #23
    Sport Button On
    Join Date
    Jun 2009
    Posts
    32
    I'm not going to type in all the intermediates, but it ends up at:

    74.52.133.130 gator1262.hostgator.com

    This is exactly the same as I get when I do a tracert www.bmwz8.us on my PC.

  24. #24
    So can you guys tell if the problem is in our code, or in something on Hostgator's end?
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  25. #25
    Z8 Madness
    Join Date
    Sep 2005
    Posts
    892
    I'll do some investigation, and get back to you.
    2016 Porsche GTS/MT

  26. #26
    Z8 Madness
    Join Date
    Sep 2005
    Posts
    892
    Typing the actual IP in my android browser take me to the Host Gator not found page, this seems to suggest that it is not likely to be a problem with the hosting company.

    Typing bmwz8.us takes me to "skypeone.net" which in turn redirects to google.com. skypeone.net is hosted in Panama, so I would say that's a big red flag.

    My suggestion is to apply this specific patch. This would be something that the tech guys will need to do.

    Sorry, that's as far as I can go from my end. I guess this is a fairly harmless virus and the main site works, so no big deal if it's not fixed
    2016 Porsche GTS/MT

  27. #27
    Administrator thegunguy's Avatar
    Join Date
    Sep 2005
    Posts
    2,704
    The thing that puzzles me is why a particular browser agent would be treated differently in the virtual host, assuming Andrew's crew is not routing it. If it's remnants of the malware, I have the same question - why only one/group browser agent.
    thegunguy

  28. #28
    Team Z8 ZMates's Avatar
    Join Date
    Aug 2009
    Posts
    393
    Quote Originally Posted by thegunguy View Post
    The thing that puzzles me is why a particular browser agent would be treated differently in the virtual host
    Apple fanboy having a laugh?
    Silver/black
    Dinan S2 package: headers, throttle bodies, oversized MAFs, airfilters, anti-roll bars, lightweight flywheel
    Dinan by Brembo brake kit and monoball control arm bushings
    BBS forged individual wheels
    Quaife differential, 3.64:1 final drive
    Meisterschaft GT titanium mufflers
    K&W 3 way adjustable competition monotube dampers and monoball adjustable mounts
    CDV delete

  29. #29
    Administrator thegunguy's Avatar
    Join Date
    Sep 2005
    Posts
    2,704
    Sigh. Why does support on stuff like this have to degrade to name calling. Andrew's team is doing what they can without regard to any client preferences. I personally despise the term "fanboy" in any usage. It implies preferences without rational reasons. Many of us here choose Apple products for professional needs, but that doesn't impart any bias to commenting on choices by others.
    thegunguy

  30. #30
    Team Z8 ZMates's Avatar
    Join Date
    Aug 2009
    Posts
    393
    Sorry if I've offended. That certainly wasn't the intention. #*%boys aren't limited to Apple. Like you though, I wondered why the problem was limited to Android browsers and came to the conclusion that someone with an unnatural attachment to a competing operating system was the most likely culprit.

    We have had discussions in this forum about the relative merits of the Apple/Google business models. That's why I mentioned the Apple #*%boys in our group in my original post, but that was with a very healthy dose of irony. That certainly wasn't a serious comment and my sincere apologies for tweeking your sensitivities.



    Quote Originally Posted by thegunguy View Post
    Sigh. Why does support on stuff like this have to degrade to name calling. Andrew's team is doing what they can without regard to any client preferences. I personally despise the term "fanboy" in any usage. It implies preferences without rational reasons. Many of us here choose Apple products for professional needs, but that doesn't impart any bias to commenting on choices by others.
    Silver/black
    Dinan S2 package: headers, throttle bodies, oversized MAFs, airfilters, anti-roll bars, lightweight flywheel
    Dinan by Brembo brake kit and monoball control arm bushings
    BBS forged individual wheels
    Quaife differential, 3.64:1 final drive
    Meisterschaft GT titanium mufflers
    K&W 3 way adjustable competition monotube dampers and monoball adjustable mounts
    CDV delete

  31. #31
    Let me know if it does clear up, as the tech team have the info - but everyone seems at a bit of a dead end, as the code appears clean.
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  32. #32
    Sport Button On
    Join Date
    Jun 2009
    Posts
    32
    Will do. No change as of yet.

  33. #33
    Z8 Madness
    Join Date
    Sep 2005
    Posts
    892
    Thanks Andrew. This is a curiosity issue for me. The site works perfectly on my laptop/desktops, and that's how I use the site.
    2016 Porsche GTS/MT

  34. #34
    It'll be interesting to see how this vulnerability of the Android system works out, as it's obviously a separate and totally different crack/hack code than the Russian one we removed last week.
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  35. #35
    Team Z8 ZMates's Avatar
    Join Date
    Aug 2009
    Posts
    393
    Writing to you from my Xoom. We're back in business!

    Thanks for all your efforts Andrew.
    Silver/black
    Dinan S2 package: headers, throttle bodies, oversized MAFs, airfilters, anti-roll bars, lightweight flywheel
    Dinan by Brembo brake kit and monoball control arm bushings
    BBS forged individual wheels
    Quaife differential, 3.64:1 final drive
    Meisterschaft GT titanium mufflers
    K&W 3 way adjustable competition monotube dampers and monoball adjustable mounts
    CDV delete

  36. #36
    Ok, good news, $1750 later!
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  37. #37
    Sport Button On
    Join Date
    Jun 2009
    Posts
    32
    Yep! Thanks!!

  38. #38
    Team Z8 ZMates's Avatar
    Join Date
    Aug 2009
    Posts
    393
    $1750? Did you incur personal expenses because of this?
    Silver/black
    Dinan S2 package: headers, throttle bodies, oversized MAFs, airfilters, anti-roll bars, lightweight flywheel
    Dinan by Brembo brake kit and monoball control arm bushings
    BBS forged individual wheels
    Quaife differential, 3.64:1 final drive
    Meisterschaft GT titanium mufflers
    K&W 3 way adjustable competition monotube dampers and monoball adjustable mounts
    CDV delete

  39. #39
    Always, the site is an expensive hobby!
    Andrew Macpherson

    Expert Z8 Inspections, with full support for both Z8 sale and purchases.

  40. #40
    Team Z8 ZMates's Avatar
    Join Date
    Aug 2009
    Posts
    393
    What's the best way to make a donation?

    The banks really stiff me on wire transfers. Do you have a PayPal account?
    Silver/black
    Dinan S2 package: headers, throttle bodies, oversized MAFs, airfilters, anti-roll bars, lightweight flywheel
    Dinan by Brembo brake kit and monoball control arm bushings
    BBS forged individual wheels
    Quaife differential, 3.64:1 final drive
    Meisterschaft GT titanium mufflers
    K&W 3 way adjustable competition monotube dampers and monoball adjustable mounts
    CDV delete