<html><head></head><body><div class="ydp537f447ayahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div></div>
<div dir="ltr" data-setdir="false">Well, my ISP (he who reported the problem first) is Verizon Business Fios. But I certainly don't use their nameservers; I run my own caching nameservers. <br></div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">Seems a lot of ISPs are running corrupted nameservers in the name of "security" or censorship or business steering (or just negligence), because there were some complaints (and seriously misled people) on another mailing list I'm on. But that couldn't have forced me to https: when I typed http: to get to aprs-is.net. I wonder how much of it has to do with no web browser allowing you to go to an URL without running it through a search engine first.<br></div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">Andrew, KA2DDO<br></div><div><br></div>
</div><div id="ydp2393971ayahoo_quoted_2605641850" class="ydp2393971ayahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Monday, January 10, 2022, 02:48:21 PM EST, wa7skg <wa7skg@wa7skg.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div dir="ltr">Who is your ISP? Xfinity recently made some strange changes to their <br clear="none">security protocols which has caused many websites to resolve oddly. Big <br clear="none">topic of discussion on many other forums.<br clear="none"><br clear="none">Michael WA7SKG<br clear="none"><br clear="none">Kenneth Finnegan wrote on 1/10/22 11:28 AM:<br clear="none">> This doesn't look like any kind of DNS attack.<br clear="none">> <br clear="none">> www.ametx.com <<a shape="rect" href="http://www.ametx.com" rel="nofollow" target="_blank">http://www.ametx.com</a>> and aprs-is.net <br clear="none">> <<a shape="rect" href="http://aprs-is.net" rel="nofollow" target="_blank">http://aprs-is.net</a>> are both hosted on the same web server, so it looks <br clear="none">> like there's some problems happening on the hosting side as far as the <br clear="none">> web server serving the wrong virtual host domain to clients.<br clear="none">> <br clear="none">> --<br clear="none">> Kenneth Finnegan<br clear="none">> <a shape="rect" href="http://blog.thelifeofkenneth.com/" rel="nofollow" target="_blank">http://blog.thelifeofkenneth.com/</a><br clear="none">> <br clear="none">> <br clear="none">> On Sat, Jan 8, 2022 at 6:18 PM Earl Needham <<a shape="rect" href="mailto:earl.kd5xb@gmail.com" rel="nofollow" target="_blank">earl.kd5xb@gmail.com</a> <br clear="none">> <mailto:<a shape="rect" href="mailto:earl.kd5xb@gmail.com" rel="nofollow" target="_blank">earl.kd5xb@gmail.com</a>>> wrote:<br clear="none">> <br clear="none">> Just for info, I got the AME site a few times as well.<br clear="none">> <br clear="none">> In fact, I got it again just now, but a reload got me to aprs-is.<br clear="none">> <br clear="none">> Vy 7 3<br clear="none">> Earl<br clear="none">> KD5XB<br clear="none">> <br clear="none">> <br clear="none">> e e<br clear="none">> <br clear="none">> On Sat, Jan 8, 2022 at 7:12 PM Andrew Pavlin via aprssig<br clear="none">> <<a shape="rect" href="mailto:aprssig@lists.tapr.org" rel="nofollow" target="_blank">aprssig@lists.tapr.org</a> <mailto:<a shape="rect" href="mailto:aprssig@lists.tapr.org" rel="nofollow" target="_blank">aprssig@lists.tapr.org</a>>> wrote:<br clear="none">> <br clear="none">> Looks like I had a DNS spoofing attack. After clearing all my<br clear="none">> nameserver caches and restarting them, I can see the site now.<br clear="none">> I'm not sure why earlier it was automatically upgrading from<br clear="none">> http to https to take me to the AME website.<br clear="none">> <br clear="none">> Andrew, KA2DDO<br clear="none">> <br clear="none">> On Saturday, January 8, 2022, 02:38:04 PM EST, Pete Loveall<br clear="none">> AE5PL Lists <<a shape="rect" href="mailto:hamlists@ametx.com" rel="nofollow" target="_blank">hamlists@ametx.com</a> <mailto:<a shape="rect" href="mailto:hamlists@ametx.com" rel="nofollow" target="_blank">hamlists@ametx.com</a>>> wrote:<br clear="none">> <br clear="none">> <br clear="none">> Working just fine for me. AME Corp. is the base web site for<br clear="none">> that IP address so if you were going to the IP address or you<br clear="none">> were trying to use https, you will see the base site, not<br clear="none">> aprs-is.net <<a shape="rect" href="http://aprs-is.net" rel="nofollow" target="_blank">http://aprs-is.net</a>>. Been this way since its<br clear="none">> inception.<br clear="none">> <br clear="none">> 73,<br clear="none">> <br clear="none">> Pete Loveall AE5PL<br clear="none">> pete at ae5pl dot net<br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> -----Original Message-----<br clear="none">> From: aprssig <<a shape="rect" href="mailto:aprssig-bounces@lists.tapr.org" rel="nofollow" target="_blank">aprssig-bounces@lists.tapr.org</a><br clear="none">> <mailto:<a shape="rect" href="mailto:aprssig-bounces@lists.tapr.org" rel="nofollow" target="_blank">aprssig-bounces@lists.tapr.org</a>>> On Behalf Of Andrew<br clear="none">> Pavlin via aprssig<br clear="none">> Sent: Saturday, January 8, 2022 12:33 PM<br clear="none">> To: TAPR APRS Mailing List <<a shape="rect" href="mailto:aprssig@lists.tapr.org" rel="nofollow" target="_blank">aprssig@lists.tapr.org</a><br clear="none">> <mailto:<a shape="rect" href="mailto:aprssig@lists.tapr.org" rel="nofollow" target="_blank">aprssig@lists.tapr.org</a>>><br clear="none">> Subject: [aprssig] who forgot to renew aprs-is.net<br clear="none">> <<a shape="rect" href="http://aprs-is.net" rel="nofollow" target="_blank">http://aprs-is.net</a>>?<br clear="none">> <br clear="none">> Greetings.<br clear="none">> <br clear="none">> I was going to visit the aprs-is.net <<a shape="rect" href="http://aprs-is.net" rel="nofollow" target="_blank">http://aprs-is.net</a>><div class="ydp2393971ayqt0409987266" id="ydp2393971ayqtfd90971"><br clear="none">> website to check a protocol specification, and now it's<br clear="none">> displaying a webpage for AME Corporation. Did someone forget to<br clear="none">> renew the domain name lease? Or am I dealing with DNS spoofing?<br clear="none">> <br clear="none">> Someone might want to check why this corporation is showing up<br clear="none">> for a ham radio domain name.<br clear="none">> <br clear="none">> Andrew, KA2DDO<br clear="none">> author of YAAC<br clear="none">> <br clear="none"><br clear="none">_______________________________________________<br clear="none">aprssig mailing list<br clear="none"><a shape="rect" href="mailto:aprssig@lists.tapr.org" rel="nofollow" target="_blank">aprssig@lists.tapr.org</a><br clear="none"><a shape="rect" href="http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org" rel="nofollow" target="_blank">http://lists.tapr.org/mailman/listinfo/aprssig_lists.tapr.org</a><br clear="none"></div></div></div>
</div>
</div></body></html>