Author Topic: Mediacom is Hijacking HTTP Requests to Google and 404 Responses from Other Sites  (Read 26699 times)

MediacomBill

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 10531
    • View Profile
I believe it simply says opt out.

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
http://i1208.photobucket.com/albums/cc361/mmjrogers/mediacom_prefspage.jpg
Here is what the preferences page looks like. Note that there is no "Disabled" label on the first option (although disabling it does cause Mediacom to return proper NXDOMAIN responses, so this is likely just a display bug). There is no option to disable 404 page hijacking.

http://i1208.photobucket.com/albums/cc361/mmjrogers/mediacom_hijackpage.jpg
This is what happens when I receive a non-redirecting 404 error on a web site. The server's original message is dumped by Mediacom and replaced with Javascript that redirects the browser to assist.mediacom.com.

http://i1208.photobucket.com/albums/cc361/mmjrogers/mediacom_tor_nohijack.jpg
This is what SHOULD happen when I receive a non-redirecting 404 error: the server's 404 message is displayed.

MediacomTom

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 4024
    • View Profile
After saving the settings to disabled restarting the computer or clearing the browser cache will correct this. The cache will continue to redirect as it prefers the redirect link over the 404.

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
Emptying the browser cache and restarting the computer did not correct this.

Just for the record, neither did using another browser, another computer (that had never visited the 404 page), or another Mediacom account in a different city (which also had all options on the Mediacom Assist Prefs screen disabled).

The URL can be whatever you like; if it results in a hard (i.e. not redirected) 404 error, Mediacom hijacks the connection and redirects the user to a page containing advertised links, despite having "disabled" everything there is to disable on the assist.mediacom.com preferences page.

MediacomChrisL

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 9315
    • View Profile
I can get this information up to the proper channels and have them double check this.

Chris

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
That would be great.

http://shatters.net/404 (or /celestia/foo.html, or whatever) is another site that generates the 404 redirect.

These 404 redirects seem to be targeted only at popular browsers; using a text-based browser like Lynx results in a proper 404 response from the server and no redirect.

MediacomTom

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 4024
    • View Profile
Nothing back on this yet, but the text browser most likely does not translate or run the scripts properly. If that is usable that may be at least a temp fix until more is known on this.

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
Any word back on this issue yet?

MediacomMike

  • Guest
I've been working with my tier 2 department concerning this.  At this point we're wanting to gather some examples of this issue occurring after the usual troubleshooting has taken place (which you've obviously done at this point).  Before I start gathering some information on this; if you're using a router have you tried bypassing it to ensure the issue persists without it?

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
I can confirm that the 404 hijack persists on a computer that is connected directly to the cable modem. Even tested it with a browser (Iceweasel) that had never been used to test the issue before, thus removing any possibility of a cached response.

Likewise, choosing "Disable" on the first option on http://search.mediacomcable.com/prefs.php does not result in a "Disabled" label appearing like it does for options 2 and 3.

MediacomMike

  • Guest
I understand, I'd like to get this sent up to our tier 2 department.  Would you PM me your account number or phone number please?

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
I've PM'd you the relevant account numbers.

MediacomChrisL

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 9315
    • View Profile
Thank you, we are checking on this now.

Chris

zerohp

  • Newbie
  • *
  • Posts: 7
    • View Profile
I'm having the exact same problem as mmjrogers and I'm livid.  No replies from websites (404 or otherwise) should be intercepted and modified in transit.

MediacomTom

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 4024
    • View Profile
If you would like to PM your account# or phone# I can add your information to the currently open ticket regarding this issue.

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
What news on this ongoing issue?

MediacomMike

  • Guest
At this time the issue is known and has been escalated up to our NOC department.  It's being investigated as we speak.  If I hear any pertinent information concerning the issue I'll be forwarding it on to you.

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
Any word from the NOC?

MediacomTom

  • Mediacom Social Media Relations Team
  • Global Moderator
  • *****
  • Posts: 4024
    • View Profile
Examples are still being added to a master ticket to try and correct this. Still showing WIP.

mmjrogers

  • Full Member
  • ***
  • Posts: 122
    • View Profile
One step forward, two steps back.

Mediacom is once again hijacking address bar Google searches in Internet Explorer (but not Firefox) on my business account. Upon checking the assist.mediacom.com preferences page I find that the first setting has been mysteriously changed back to "Enable". Disabling it (again) has NOT resolved the issue. My IP address has not changed (an excuse provided previously by Mediacom for why the option gets re-enabled).

Why does Mediacom insist on hijacking bona fide searches launched from the browser's address bar? This is incredibly inappropriate behavior for an ISP, particularly in light of the fact that Mediacom does not seem to be able to provide a reliable mechanism for disabling it. Hiding behind the "it's a service for our customers" excuse is disingenuous at best; Mediacom's search is filled with paid advertising and irrelevant links that lead to highly questionable products and services. This customer does NOT consider it a service.

Simply allowing searches to clear the Mediacom network unmolested would cause less trouble for Mediacom AND provide better service to its customers.