"You are here by accident" warning msg!

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

This morning after an automatic update, following warning is coming, when i
was trying to open sify.com. and msn.com
"You are here by accident
It has been brought to our attention that the IP address of this server
(205.209.153.162) is being used as a local DNS resolver by a cable or
broadband provider somewhere.
This is a mistake because this server reports the same IP for all queries
for an internal application that has nothing to do with you.

You need to contact your access provider (whoever they are) and get proper
DNS resolvers from them"

First time when it appeared I disabled the automatic pop up blocker under
internet option in IE, and it became ok. But now again it has started
appearing. I am using win XP pro, office 2003 SBE with BCM and updates till
today are installed (auto update) Can I get some help immediately please?
Thanks.
 
Sounds like a network issue rather than IE.

Can you test with another machine, or with the same machine on a
different connection?

Who is you ISP? Perhaps put a call into them too.
 
Mani wrote on Wed, 14 Dec 2005 23:11:02 -0800:
This morning after an automatic update, following warning is coming, when
i was trying to open sify.com. and msn.com
"You are here by accident
It has been brought to our attention that the IP address of this server
(205.209.153.162) is being used as a local DNS resolver by a cable or
broadband provider somewhere.
This is a mistake because this server reports the same IP for all queries
for an internal application that has nothing to do with you.

You need to contact your access provider (whoever they are) and get proper
DNS resolvers from them"

First time when it appeared I disabled the automatic pop up blocker under
internet option in IE, and it became ok. But now again it has started
appearing. I am using win XP pro, office 2003 SBE with BCM and updates
till today are installed (auto update) Can I get some help immediately
please? Thanks.
Click to expand...


It sounds like at least one of your DNS server IP addresses (most likely
assigned automatically by your ISP) is 205.209.153.162, and that DNS server
is now returning the same IP for all DNS lookups which directs your browser
to that page.

If you didn't set that IP yourself, hassle your ISP - it sounds like they've
been using a DNS server owned by someone else in their DHCP settings, and
that owner has now decided that the traffic it's generating is too much to
ignore and has decided to take action. It's not malicious - it's a message
asking you to put pressure on your ISP to sort themselves out.

If you did set that IP yourself, ask your ISP what your DNS settings should
be. Using other company's DNS servers without permission to use as a
resolver for yourself is often frowned upon.

Dan
 
Thank you both, Uab and Dan.

Though my ISP, an Indian Govt owned ISP with a huge customer base can not
act in any malicious way, I will inform them.

Also sify(sify.com) themselves are another ISP with a sizeble population.

Being a non IT/Computer man, I hope I have understodd correctly what both of
you have said!

Any how now I am able to browse the site freely.

Thanks a lot.

Mani
 
Mani wrote on Thu, 15 Dec 2005 02:46:02 -0800:
Though my ISP, an Indian Govt owned ISP with a huge customer base can not
act in any malicious way, I will inform them.
Click to expand...

They do not need to "act in any malicious way", they simply need to run
their own DNS servers rather than using ones belonging to someone else
without permission. It's possible that it's a simple mistake on their part,
and they set up the wrong secondary DNS IP in their DHCP settings, but it's
more likely that they're trying to save money by running only one (or
possibly zero) DNS resolvers of their own.
Also sify(sify.com) themselves are another ISP with a sizeble population.
Click to expand...

As you were attempting to access their site, I can't see it's something
they've done. Your PC has requested the DNS servers you have assigned to
look up the address for www.sify.com , and it has returned 205.209.153.162
as the IP address which is where the information page you saw exists. It
wouldn't have mattered what address you typed in - you would have seen the
same page. It's likely that you'll get this sporadically as you will
normally have at least 2 DNS server IP addresses assigned - if the first one
times out, then your PC will send the request to the next one listed, so
it's likely that in this case the first DNS server assigned didn't respond
to your request and your ISP has configured their secondary DNS server
205.209.153.162.
Being a non IT/Computer man, I hope I have understodd correctly what both
of you have said!

Any how now I am able to browse the site freely.
Click to expand...

You will be able to, until your PC kicks over to the secondary DNS IP again,
or you manually set the DNS IP addresses yourself.

Dan
 
Did you not read my others replies? If your DNS settings are being
automatically provided by your ISP, you need to contact them and find out
why they are using this DNS IP without the owner's permission. If you set
the DNS yourself, you need to change this IP address to one provided by your
ISP.

Dan

shweta_u19 wrote on Fri, 6 Jan 2006 10:26:45 +0530:
 
I am yet to get out of the mess. Tataindicom is my service provider in
Chennai,India. I have taken up the matter with them here, as advised by
exeprts on this column. The response of the ISP has been pathetic. I am now
praying that ordinary souls like you and me get a little more of guidence for
the payment that we make to the ISPs!

On my own, today, I choose a system restore point, beyond the first day of
this occurance. Hope it does not repeat again.
 
Mani wrote on Tue, 10 Jan 2006 21:41:02 -0800:
I am yet to get out of the mess. Tataindicom is my service provider in
Chennai,India. I have taken up the matter with them here, as advised by
exeprts on this column. The response of the ISP has been pathetic. I am
now praying that ordinary souls like you and me get a little more of
guidence for the payment that we make to the ISPs!

On my own, today, I choose a system restore point, beyond the first day of
this occurance. Hope it does not repeat again.
Click to expand...

A system restore is a waste of time if it really is a DHCP DNS allocation
thing - your ISP is still allocating that DNS IP address, and as soon as
your PC has trouble getting a response from the primary DNS you have
configured you're back to getting that message again while the secondary
address is being used. What you could try doing is disabling the DNS Client
service on your PC - that way if the primary goes again, then the switch to
the secondary will be temporary rather than semi-permanent until the
secondary doesn't respond or you reboot. However, if the primary does stop
responding, the result is that DNS lookups will appear slower. Whether this
is a better solution is dependent upon how many DNS servers are configured
by DHCP, and how many of those come before the unauthorised IP address (or
how many of them don't refer to the unauthorised IP for lookups). Can you
paste a copy of the output from the command

ipconfig /all

(first open Command Prompt - you can click on Start->Run and type cmd, then
press OK to do this). Only the DNS Servers part for your internet connection
is relevant, you can leave everything else out.

Dan
 
Thank you Dan.

Exactly when I was reading your reply, the technician from ISP came. So
temeporarily, I am postponing implementing your suggestion. And when I do,
surely I will keep you posted. (Because of a holiday season here my reply to
you is also delayed)

In the mean time, I want to share with you(and with Microsoft, if they are
reading these columns regularly) the info given to me by the technician. In
the locality alone that I live, about 40 customers have reported the same
complaint to the ISP. And all 40 have got win xp as the OS. (As a result,
every one has completely started back from scratch, repartitioned and
reinstalled everything! I dont think all can afford to do that.) Neither win
98, nor other OS have got the problem. He was menetioning that a patch has
been released by MS, but was not sure of the details. I wonder whether his
statement can be true!

But, thank you very much for your nice participation.
 
Mani wrote on Sun, 15 Jan 2006 20:49:02 -0800:
Thank you Dan.

Exactly when I was reading your reply, the technician from ISP came. So
temeporarily, I am postponing implementing your suggestion. And when I do,
surely I will keep you posted. (Because of a holiday season here my reply
to you is also delayed)

In the mean time, I want to share with you(and with Microsoft, if they are
reading these columns regularly) the info given to me by the technician.
In the locality alone that I live, about 40 customers have reported the
same complaint to the ISP. And all 40 have got win xp as the OS. (As a
result, every one has completely started back from scratch, repartitioned
and reinstalled everything! I dont think all can afford to do that.)
Neither win 98, nor other OS have got the problem. He was menetioning that
a patch has been released by MS, but was not sure of the details. I wonder
whether his statement can be true!

But, thank you very much for your nice participation.
Click to expand...

That sounds exactly like the ISP is trying to pass the blame onto Microsoft.
I've heard of no such patch, and if it was a widespread issue then I'd
expect to see loads more posts about this on the web or this newsgroup. It
still sounds like your ISP was using somebody else's DNS server as their
secondary in order to save costs.

Dan
 
Dear Dan,

Here is the output on running the command.(hope this is what you expected me
do)
================================================
C:\Documents and Settings\S.S.MANI>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : air-o-matics
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast
Eth
ernet NIC
Physical Address. . . . . . . . . : 00-C0-9F-7B-71-13
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.55
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 202.9.145.6
202.9.128.6

Ethernet adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG
Network
Connection
Physical Address. . . . . . . . . : 00-0E-35-DD-3C-58

C:\Documents and Settings\S.S.MANI>
================================================
For 2 days the connection through broadband has stopped working. However I
am able to connect to the SAME ISP through their dial up connection, though
that also is not getting connected that easily. I hope there is nothing wrong
in using both the services through a single computer!.

I look forward to your further guidence.

Thank you Dan.

Mani
 
Mani wrote on Thu, 19 Jan 2006 23:04:02 -0800:
Here is the output on running the command.(hope this is what you expected
me do)
Click to expand...
DNS Servers . . . . . . . . . . . : 202.9.145.6
202.9.128.6
Click to expand...

OK, this is the important bit. What you need to do is check this again if
you get that "you are here by accident" message again - if these addresses
are still the same, then the fault lies with one of those 2 servers using
the 205.209.153.162 address for DNS resolution, and so would be the fault of
the ISP as they would either have a configuration issue with their DNS
servers, or possibly open to "cache poisoing". If these addresses change and
include the 205.209.153.162 address, then again it's the ISP's problem as it
means that their DHCP settings have been changed.
For 2 days the connection through broadband has stopped working. However I
am able to connect to the SAME ISP through their dial up connection,
though that also is not getting connected that easily. I hope there is
nothing wrong in using both the services through a single computer!.
Click to expand...

Normally there should be no problem with trying to use both dial-up and
broadband from the same PC, just don't use them at the same time. I'd also
recommend not having the phone line connected to the modem unless you need
it for dial-up - if you do happen to get infected with a dialler program
then without the phone line connected there is nothing for it to dial (you
can't dial a number over a broadband connection), and so you greatly reduce
the risk of running up an expensive telephone bill without your knowledge.

Dan
 
Thank you Dan. Again for the past 60 minutes or so I am able to browse.

I will do share the infor that you have given, with my ISP. Hope they take
some real interest not only in solving my problem, but also in learning more
than what they probably know.

Thank you once again.

With Regards.

Mani
 
Back
Top