Author Topic: Mediacom is Hijacking HTTP Requests to Google and 404 Responses from Other Sites  (Read 26710 times)

MediacomBill

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 10531
    • View Profile
Thanks for your input.

aluminumpork

  • Newbie
  • *
  • Posts: 1
    • View Profile
It may not be so cut and dry or obvious what is triggering this, but there is definitely some deep packet inspection going on here.

If you notice, going to http://www.google.com/notfound responds with a real 404 HTTP status code and does not get redirected to the Mediacom assistance page. However, http://login.myinnsite.com/notfound (also a non-existent page) -does- get redirected. There could be some domain whitelisting going on here, but it appears there's also some sort of basic regex string matching as well.

For instance, I've noticed that placing this on my private website's 404 page disables Mediacom's redirection.
Code: [Select]
1>found</h1>
The requested URL <code>/notfound</code> was not found on this server.
<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor="#3366cc"><img alt="" width=1 height=4></td></tr></table>

This code snippet was taken verbatim from Google's 404 Not Found page. So if any webmaster is frustrated with Mediacom's redirect, simply add that snippet. Surrounding it with HTML comments works as well, as to not interfere with your layout. As the previous poster mentioned, I have also noticed some filtering based on the META generator tag, but it's not quite as reliable. Please note, that redirection never occurs if the filtering software/hardware detects no User-Agent (e.g. Firefox, IE, Chrome, etc).

MediacomBill

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 10531
    • View Profile
As always, we appreciate your input.  Right now it appears that the problem has been narrowed down to a linkage issue between two of our servers.

MediacomSarah

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 1398
    • View Profile
We believe we have this repaired. Can any of you retest this?
« Last Edit: February 01, 2011, 08:38:54 AM by MediacomSarah »

amish_geek

  • Newbie
  • *
  • Posts: 3
    • View Profile
W believe we have this repaired. Can any of you retest this?


It's still redirecting 404's here.


Which platform are you using for packet inspection/messaging?  Frontporch?


JoshL

  • Newbie
  • *
  • Posts: 23
    • View Profile
Sarah,

I can report that the Google hijacking is still happening on my home account as well as my employer's business account. At the moment, 404 hijacking isn't occurring here.

Josh

MediacomSarah

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 1398
    • View Profile
 Just to reset the settings, will you try opting in and back out?

Also, have you tried clearing your cache?

JoshL

  • Newbie
  • *
  • Posts: 23
    • View Profile
After resetting the settings and clearing the cache, the problem does not appear to be occurring on either my work account or home account at the moment. Since it has been intermittent at times, I am not ready to declare victory, but it is possible that we finally have it beat.

Again, thanks for all of your assistance. I will test throughout the day and update here whether the problem returns or not.

Josh

MediacomBryan

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 304
    • View Profile
Glad to hear. I'm not able to recreate the issue at all on any test machine any longer as well. Please let me know if anything else comes up on this.

amish_geek

  • Newbie
  • *
  • Posts: 3
    • View Profile
Enabling and then disabling again appears to have worked.

MediacomSarah

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 1398
    • View Profile
Good to hear! Please let us know if you have any other problems with that service.

JoshL

  • Newbie
  • *
  • Posts: 23
    • View Profile
Would it be possible to have a technical explanation for exactly what was causing the problem?

MediacomBryan

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 304
    • View Profile
The main database that houses the modem list for opt outs wasn't communicating properly with all the systems involved. Once the communication issue was repaired, the opt-in then opt-out process was required so that all the systems would get a new message to remove your modem from their respective list(s).

JoshL

  • Newbie
  • *
  • Posts: 23
    • View Profile
Bryan,

Thank you very much. I sincerely appreciate it. Do you mind if I add that description to my blog post about this issue?

Josh

MediacomBryan

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 304
    • View Profile
No problem at all, and I've got no issue with quoting that.

If you ever have anymore problems with that system, just drop me a line and I'll take a look and find out what we can do to get you fixed up. Sorry for the trouble.

Cheers,
Bryan

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
Pardon me for resurrecting an old thread, but I'm experiencing this exact issue as of today. It is not possible to opt out, even after opting in. Attempting to opt out results in "Current setting: Enabled" changing to "Current setting:" and nothing else.

MediacomMike

  • Guest
  Have you attempted clearing the cache before attempting this process?  You can do this by clicking on tools -> Internet options -> Then under browsing history click 'Delete', then 'Delete Files'.  Hope this helps.

-Mike

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
Clearing the cache seemed to work, but the problem now recurring on my -home- account, despite having opted out in the past (the issue in my previous post was occurring on a business account).

Here is an example of a URL that is being intercepted by assist.mediacom.com:
http://apod.nasa.gov/apod/intentional404.html

Attempting to disable the redirect in the preferences does not work, even after clearing cache. Tested under Firefox 4 rc2 and Internet Explorer 8.

MediacomBill

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 10531
    • View Profile
The reason it reoccurs at home is due to the Dynamic (changing) IP address. You will have to opt out each time your IP changes.

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
I thought it was tied to the MAC address of the modem, but that's not important.

What is important is that I am unable to opt out of the 404 hijacking even though my IP address has not changed. This is occurring on both my home and business accounts. Visiting the URL in my previous post (or any 404 page on that server and many others) results in the Mediacom-injected Javascript that redirects the browser to assist.mediacom.com. There does not even appear to -be- an option to opt out of 404 hijacking. Option 1 disables NXDOMAIN poisoning (although the setting never actually changes to DISABLED), option 2 disables typo correction, and option 3 disables the adult filter. Where is the option to disable 404 page hijacking?

Mediacom is certainly making a compelling argument for the move to universal HTTPS.