Blocked Websites - What's doing it?

vicwatson

Having a problem with some websites that are being blocked by Open DNS all of a sudden (perhaps, though not 100% sure, it was linked to updating Firefox to version 27.0.1). It tells me to go to my network administrator when it blocks the website.

I can access the websites over my tablet and phone etc but just no longer on my laptop, this occured without me changing any settings on my laptop.

Any ideas ?

Khannie

Throw up a screenshot there. Did you check your opendns settings on their website?

vicwatson

Khannie wrote: »

Throw up a screenshot there. Did you check your opendns settings on their website?

No, i didn't think there is a need because as far as I am aware I've no account or never logged into their wesbite

Khannie

Then it's a setting in your router.

bonzodog2

If there isn't a specific reason why you are using OpenDNS, you could change it on your PC, or router, to Google's or your ISP's. Not that there's anything wrong with OpenDNS....

vicwatson

If there isn't a specific reason why you are using OpenDNS, you could change it on your PC, or router, to Google's or your ISP's. Not that there's anything wrong with OpenDNS....

Khannie wrote: »

Then it's a setting in your router.

How do I do that? I certainly haven't changed any setting in my router.

My router is a Netgear Rangemax Wireless Router WPN824v2

Thanks for help

bonzodog2

If you want to try using another DNS service, look http://windows.microsoft.com/en-ie/windows/change-tcp-ip-settings#1TC=windows-7, for Win7, but broadly similar for most recent Win OS

Google's DNS servers are 8.8.8.8 and 8.8.4.4

Irish Steve

Before you do anything else, check your machine for spyware/malware/adware, I'd be VERY suspicious that what you are seeing is a phishing site that has managed to get past your protections.

If your other devices are able to see these sites, and are operating through WiFi on your router, it is not likely to be the router.

Be very careful/suspicious until you have more information.

degsie

Your 'hosts' file may have been tampered with, I'd check there also.

Gadgetman496

Is there anything unique about the sites that are blocked? For example, are they all https: sites or a mix?

The Governor

I had this before on my PC, it was some sort of malware.

Download Malware Bytes and run that as well as your antivirus and that should sort it.

If you have no antivirus I find AVG Free very good.

vicwatson

bonzodog2 wrote: »

If you want to try using another DNS service, look http://windows.microsoft.com/en-ie/windows/change-tcp-ip-settings#1TC=windows-7, for Win7, but broadly similar for most recent Win OS

Google's DNS servers are 8.8.8.8 and 8.8.4.4

My router is set at those settings infact

Irish Steve wrote: »

Before you do anything else, check your machine for spyware/malware/adware, I'd be VERY suspicious that what you are seeing is a phishing site that has managed to get past your protections.

If your other devices are able to see these sites, and are operating through WiFi on your router, it is not likely to be the router.

Be very careful/suspicious until you have more information.

Thanks I am currently running SUPERAntiSpyware and have downloaded Malwarebytes and will run that after

degsie wrote: »

Your 'hosts' file may have been tampered with, I'd check there also.

It's funny you should say this as I was trying to update and iphone4 to ios 7 and the instructions told me to copy the hosts file (or to do something with it anyways, can't quite remember), anyhow I couldnt update the OS on the phone as it turns out but I'm nearly sure my computer was A1 after that and this problem only started occuring about 2 days after here is the thread I started - http://www.boards.ie/vbulletin/showthread.php?p=89277805#post89277805

gadgetman496 wrote: »

Is there anything unique about the sites that are blocked? For example, are they all https: sites or a mix?

Seems to be a mix, for example one is www.figleaves.com

The Governor wrote: »

I had this before on my PC, it was some sort of malware.

Download Malware Bytes and run that as well as your antivirus and that should sort it.

If you have no antivirus I find AVG Free very good.

have Norton Antivirus, have downloaded Malwarebytes and am going to run it after SuperAntiSpyware.

Any/al other suggestions to help solve this would be great - and thanks to you all for the replies thus far.

bonzodog2

Can you ping the websites that won't load in the browser?

vicwatson

Uh Oh, I don't like the look of this

Still scanning but......

What the hell? and how do I get rid of it? Trojan Agent ??

vicwatson

bonzodog2 wrote: »

Can you ping the websites that won't load in the browser?

Sorry, I don't understand, I'm not an expert by any means on this stuff.

How do you mean ping the websites?

bonzodog2

Open a command prompt window. Hold down the Windows key and press R, type cmd into the Run box.Type:

ping www.site.com

and hit enter. You should get output like this:


C:\Users\User>ping www.rte.ie

Pinging www.rte.ie [89.207.56.140] with 32 bytes of data:
Reply from 89.207.56.140: bytes=32 time=117ms TTL=60
Reply from 89.207.56.140: bytes=32 time=28ms TTL=60
Reply from 89.207.56.140: bytes=32 time=29ms TTL=60
Reply from 89.207.56.140: bytes=32 time=29ms TTL=60

Ping statistics for 89.207.56.140:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 117ms, Average = 50ms

C:\Users\User>

If your hosts file is compromised it might mention 127.0.0.1, the local IP address of your own machine

vicwatson

Thanks Bonzodog2 I've done this but unfortunately for some reason it only stays up on my screen for a split second so I cannot see if it mentions anything about 127.0.0.1, don't know why it wont stay up on screen

vicwatson

Does my superantispyware picture mean I have a Trojan virus?

degsie

I'd move this over to http://www.boards.ie/vbulletin/forumdisplay.php?f=1009

You would get more appropriate guidance there.

vicwatson

Cheers but am awaiting some replies to my queries first. Thanks

White Heart Loon

Did you check to see if Opendns Family Shield dns servers are set on your PC?
http://www.opendns.com/home-internet-security/parental-controls/opendns-familyshield/

ressem

vicwatson wrote: »

Does my superantispyware picture mean I have a Trojan virus?

Incredimail is one of those ugly programs that tries to impose itself on your computer in a way that is unwanted for most but not actually a virus.

I'd recommend checking that the incredimail is not an installed program on your PC and uninstall it.

But the OpenDNS issue should be separate.

Overlapping BonzoDogs suggestion...


If you press Windows Key + R you should result in a "Run" dialog.
If you type

cmd

into this and hit enter, you should get a black command windows that stays open.

Is this much working?

If so, within the black window, type

ipconfig /all

part of the resulting text should look similar to

Wireless LAN adapter WiFi:

   Connection-specific DNS Suffix  . : localdomain
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N
   Physical Address. . . . . . . . . : **-**-**-**-**-**
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::***:***:******(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 03 March 2014 21:56:29
   Lease Expires . . . . . . . . . . : 05 March 2014 08:13:09
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

The DNS server listed should be where your computer goes to translate domain names into ip addresses.
Usually this will be your wireless router, and relay these to, in your case, the google DNS servers.

The legit OpenDNS servers are

208.67.222.222
208.67.220.220

if these appear in the DNS Server field then that's the source of your issue.

White Heart Loon

Or the family shield one is 208.67.222.123, it's a pre configured set of blocked sites.

vicwatson

ressem wrote: »

Incredimail is one of those ugly programs that tries to impose itself on your computer in a way that is unwanted for most but not actually a virus.

I'd recommend checking that the incredimail is not an installed program on your PC and uninstall it.

But the OpenDNS issue should be separate.

Overlapping BonzoDogs suggestion...


If you press Windows Key + R you should result in a "Run" dialog.
If you type

cmd

into this and hit enter, you should get a black command windows that stays open.

Is this much working?

If so, within the black window, type

ipconfig /all

part of the resulting text should look similar to

Wireless LAN adapter WiFi:

   Connection-specific DNS Suffix  . : localdomain
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N
   Physical Address. . . . . . . . . : **-**-**-**-**-**
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::***:***:******(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 03 March 2014 21:56:29
   Lease Expires . . . . . . . . . . : 05 March 2014 08:13:09
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

The DNS server listed should be where your computer goes to translate domain names into ip addresses.
Usually this will be your wireless router, and relay these to, in your case, the google DNS servers.

The legit OpenDNS servers are

208.67.222.222
208.67.220.220

if these appear in the DNS Server field then that's the source of your issue.

I'll suss out that regarding incredimail, cheers for info

On the initial problem I have;

Many thanks for help. I've done what you said above and it shows the DNS servers as
208.67.222.222
208.67.220.220

I've logged into my router and it says the following -

Domain Name Server (DNS) Address
Primary - 8 8 8 8
Secondary - 8 8 4 4

Does this make sense - are they correctly set?

vicwatson

White Heart Loon wrote: »

Did you check to see if Opendns Family Shield dns servers are set on your PC?
http://www.opendns.com/home-internet-security/parental-controls/opendns-familyshield/

I don'y and never had an account with OpenDNS so.....

White Heart Loon wrote: »

Or the family shield one is 208.67.222.123, it's a pre configured set of blocked sites.

degsie

vicwatson wrote: »

I've done what you said above and it shows the DNS servers as
208.67.222.222
208.67.220.220

I've logged into my router and it says the following -

Domain Name Server (DNS) Address
Primary - 8 8 8 8
Secondary - 8 8 4 4

Does this make sense - are they correctly set?

They look fine, the first set are OpenDNS IP's and the second set are Google DNS IP's.

vicwatson

degsie wrote: »

They look fine, the first set are OpenDNS IP's and the second set are Google DNS IP's.

Ok, so back to my original question so, what's blocking my access to some websites on my laptop?

Cheers

degsie

Have you actually followed any of the advise given here?

Did you run MalwareBytes program?
Can you ping the sites in question?
Did you check your hosts file?

I didn't see any evidence of these....

vicwatson

degsie wrote: »

Have you actually followed any of the advise given here?

Did you run MalwareBytes program?
Can you ping the sites in question?
Did you check your hosts file?

I didn't see any evidence of these....

Yes I've followed all the advice given here, as I said im running a full system scan with super anti spy ware and its taking an age

I have downloaded male ware bytes and will run it when above is done

I've explained that my black screen keeps blanking out when I try to follow the instructions to ping so cannot see the results as it dissapears before I can read them

and finally

No I haven't checked host files as don't know how or even what they are.

degsie

From your browser try http://195.99.196.230 and can you access the site?

degsie

The hosts file is located at C:\WINDOWS\SYSTEM32\DRIVERS\ETC and is just called 'hosts' with no extension. This is a text file and you can open it with notepad.