unable to access specific website -sporadically- from home computer

[felinewarrior]

Greetings-

Here's the big mystery problem I mentioned in my intro:

On my home computer (the specs for which are listed on my profile), I am unable to access a certain web site - this site is accessible to friends at the very same time it's unaccessible to me, and I'm always able to access it from, say, my office computer any old time I try.

Here's the rub: It's MY web site! (Oh, cruel world!) http://felinewarrior.com

A bulleted list of things you might want to know, including what happens, what I've tried, and so on:

System/network:
* Running AVG free; updated frequently, auto-runs scans twice a week;
* Running Windows Firewall (considering going back to Zone Alarm for 2-way protection);
* Use Spybot & AdAware about once a week or so - usually only find tracking cookies, which get deleted;
* Home network; two desktops connected through Linksys router; third desktop used exclusively for backups and networked printers; a laptop is sometimes connected to the network;
* Linksys Wireless-G router - although so far, nobody is using the wireless feature (nobody that we're aware of, anyway!);
* Use primarily Firefox browser although to access work email and several other sites, IE is necessary;
* WinPatrol is installed;
* Had SpywareBlaster installed -removed it, thinking it was the culprit;
* I seem to not have a hosts file - at the suggestion of a techie friend, I deleted the hosts file. It has not recreated itself!

Symptoms of problem/failed solutions:
* Type http://felinewarrior.com into browser - sometimes it comes up, mostly it doesn't;
* Browser doesn't matter- same thing in FF, IE and Opera;
* It is not accessible from ANY computer on this home network (ie, not just my machine);
* STRANGE PATTERN: I know this will sound kooky, but it's the only pattern I've been able to identify-- almost without fail, I cannot access that page during the day; almost without fail, I CAN access it during the evening. I've tried to figure out what changes - I know it's not a sun/moon/stars thing, don't get me wrong, but perhaps there's an event that takes place between day and night...
* I have called our ISP to see if they've got anything to do with it and they say no, they don't block any sites at all;
* I can go into the Linksys admin page but don't really know what to look for.

I think that about wraps it up. I'm doing an AVG Spyware scan as I type and will do an online TrendMicro HouseCall scan momentarily.

Ideas? Suggestions? Prayers...?

Thanks!
-Franque

 

[DelJo63]

the first things to verify for issues like this are:

1. you have a valid IP config; run->cmd /k ipconfig /all
2. you can perform a lookup for the site; nslookup felinewarrior.com
3. and you usually can ping the site; ping felinewarrior.com

if all these work, then your browser should too, unless it has been hijacked.

on (1), the response should have reasonable IP information and nothing empty or 00.00.00.00

(2) if you can't find the IP address with nslookup, neither can your browser,
so investigate your DNS access

(3) if the site hosting company has not disable ping replies, then you should get
timing information, otherwise it will just timeout and it means nothing.

A ping to the host is not the same thing as HTTP:// to port 80, so many
system will reply to the browser but not to a ping

 

[felinewarrior]

thanks - here's the results

Hey, JoeBeard-

Thanks for your response. I've replied below. Let me know what you think, please.

the first things to verify for issues like this are:

(1), the response should have reasonable IP information and nothing empty or 00.00.00.00

**Got reasonable IP info (can share if necessary)

(2) if you can't find the IP address with nslookup, neither can your browser, so investigate your DNS access

** DNS request timed out
timeout was 2 seconds
(can share that info, but I don't think it'd be helpful - but tell me if I'm wrong)

(3) if the site hosting company has not disable ping replies, then you should get timing information, otherwise it will just timeout and it means nothing.
A ping to the host is not the same thing as HTTP:// to port 80, so many
system will reply to the browser but not to a ping

**Should have mentioned in my original post that I am unable to get ping
results (or happy ones, anyway) when I can't reach the site via browser.

Today it said: ping felinewarrior.com
Ping request could not find host felinewarrior.com. Please check the name and try again.

Thanks!

 

[DelJo63]

ok, looks like your DNS access is the issue.

we need your physical network description

isp--(dial-up,cable,dsl)---(router?)---(systems) ??

if you're behind a router, then it's safe to post results from (1).
Also, access your router config page via the browser and get the
Gateway address and DNS addresses seen by the router.

 

[felinewarrior]

so as not to appear rude...

It turns out we're having a rather busy Sunday here - I am going to report all this info later today / this evening. My presence is required elsewhere today!

I *do* appreciate your time and assistance, JoeBeard!

-Franque

 

[felinewarrior]

DNS info & other such stuff

ok, looks like your DNS access is the issue.

we need your physical network description
isp--(dial-up,cable,dsl)---(router?)---(systems) ??

ISP = Cable
Router = Linksys Wireless-G Broadband Router
Systems -- not sure what you are asking for on this one.

if you're behind a router, then it's safe to post results from (1).

IP Config info:

Host Name . . . . . . . . . . . . : franki
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wowway.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : wowway.com
Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapt
er(LNE100TX v4)
Physical Address. . . . . . . . . : 00-03-6D-1E-93-83
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 64.233.222.2
64.233.222.7
Lease Obtained. . . . . . . . . . : Sunday, June 10, 2007 9:19:37 PM
Lease Expires . . . . . . . . . . : Monday, June 11, 2007 9:19:37 PM

Also, access your router config page via the browser and get the
Gateway address and DNS addresses seen by the router.

Tell me if this is what you're asking for:

Status / Local router:
Login Type: Automatic Configuration - DHCP
IP Address: 67.149.223.57
Subnet Mask: 255.255.252.0
Default Gateway: 67.149.220.1
DNS 1: 64.233.222.2
DNS 2: 64.233.222.7
DNS 3:
MTU: 1500

There's a setting under status for local network:
MAC Address: 00:18:39:48:3F:4E
IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0
DHCP Server: Enable
Start IP Address: 192.168.1.100
End IP Address: 192.168.1.149

I expect you'll tell me if I've not given you the proper information and await your next instructions.

Thanks, JoeBeard!

-Franque

 

[DelJo63]

this looks all correct. I would update the Linksys router firmware.

periodically, the ISP forces a release/renew cycle on the clients. MANY routers
will not function properly until updated.

 

[felinewarrior]

this looks all correct. I would update the Linksys router firmware.
periodically, the ISP forces a release/renew cycle on the clients. MANY routers
will not function properly until updated.

Well, I updated the Linksys router firmware. Cleared the cache. Restarted computer, even.

I'm still not getting in. And now my day/night theory is blown all to hell, because -look!- it's night and I'm locked out of my own stinkin' web site.

Any more ideas? I will send you a box of your favorite cookies if you can make this work!

-Franque

OH! I forgot to mention this: there is an email account associated with felinewarrior.com. When I cannot access the web site, neither can I download mail.I get the "failed to connect to server" message. Email sent to that address does not bounce during those times - it (the mystery problem) only affects my ability to download it.

Maybe important, maybe not.

 

[daniel161]

I also am thinking it is your DNS, so in your router, change the DNS settings to work with the site below, I use that service and it works great, just remember to write down you old settings first!


http://www.opendns.com/


And HOW do you get to your site? www. in front or not? I have come across a few sites that require www. or they don't work...

 

[felinewarrior]

Thanks Daniel - will try it!

Thanks, Daniel. I just looked at the site (opendns) and will do all that stuff on Tuesday. My eyes are a little blurry right now so best not to be changing settings! I'll definitely write down the current settings before changing them.

And... when I get into my site, I generally use http://felinewarrior.com - but honestly, it works *with* the www-prefix, too. So it doesn't seem to matter.

Thanks - I'll post my results on Tuesday!

**Breaking new! - I was previewing my post before submitting it and on a whim clicked the link to my site... and I got in! I'll keep my joyous dancing to a minimum because I have been able to access it randomly, so this might just be another random gift from the Internet.

-Franque

 

[DelJo63]

And HOW do you get to your site? www. in front or not? I have come across a few sites that require www. or they don't work...

This all depends upon HOW the domain name was registered.

... on a whim clicked the link to my site... and I got in! I'll keep my joyous dancing to a minimum because I have been able to access it randomly, so this might just be another random gift from the Internet.

You must understand that there are multiple systems between any user and some specific website, even the biggies like google.com and msn.com.

IF ANY one of them is not accessible at the very moment you attempt to access
the site, you get your symptom. Sites become inaccessible for many reasons,
including system maintenance, network issues (even such as too much traffic),
and DNS updates (btw: DNS is on a system and it too can become inaccessible).

The one issue you really hope is not true is that the WEBHOSTING company you've
elected to use is unreliable, poorly maintained, or massively under powered.

A big clue to specific site issues is a specific time of day when things run well
while other specific times are just DEAD. (hint-hint)

 

[felinewarrior]

Pondering JOBeard's reply...

You must understand that there are multiple systems between any user and some specific website, even the biggies like google.com and msn.com.

IF ANY one of them is not accessible at the very moment you attempt to access the site, you get your symptom. Sites become inaccessible for many reasons, including system maintenance, network issues (even such as too much traffic), and DNS updates (btw: DNS is on a system and it too can become inaccessible).

If this was just a random issue -like once in a while I type "www.google.com" into the address bar and it times out or something, that's just an odd timing thing; mine would have to involve the stopping of time altogether, I think, in order to be the same sort of coincidence of systems being unavailable at the same time. An entire morning and afternoon can go by and I can't access the site, then it gets dark and I can. (Although not even always at night, now.)

And really, I'm cute and funny and such, but I just don't think I'm drawing huge crowds that would keep me (and only me!) out.

The one issue you really hope is not true is that the WEBHOSTING company you've elected to use is unreliable, poorly maintained, or massively under powered.

A friend who designs and hosts sites also hosts mine. He uses GoDaddy for webhosting and hasn't had any trouble with them. All his other sites are operating when mine is inaccessible. And remember- it's only inaccessible to me at home. I could call you and say "JOBeard, try it NOW!" and you'd be looking at my site and I would not.

A big clue to specific site issues is a specific time of day when things run well while other specific times are just DEAD. (hint-hint)

As I mentioned earlier, the one and only pattern I could find with this problem is that during the daytime hours (literally daylight) I can almost never access it. During evening hours, I most often can. This was rocked a little in recent nights when I couldn't access it. That's why I wondered what could change between those times... maybe something is reset, refreshed, or something.

I can only think that it has to do with something on my end - but what? I mean, it can't be the hosting company if I can get to all the other sites my friend runs but *not* mine. (He's at www.webmaster3.com btw.)

Final clue, I think: Before posting this, I tried connecting directly to my cable modem (ie, bypassing the Linksys router) and am not able to connect that way, either. It's as if the universe says, "Franque cannot access her site until... 9pm!" and then it is so.

This has been going on for a few months and is only getting worse. "Worse" meaning that I can access it less and less frequently from my home. I'll ask Steven if he recalls when I first started complaining to him about it.

Does any of that do anything in terms of helping to solve?

Mopily,
Franque

 

[felinewarrior]

A potential new clue: Proxy gets me in

Hi there-

I've been wracking my brain... the problem can't be the router, since I still can't connect when directly plugged into the cable modem...

So then I Googled "banned sites" - found something about using proxies. I tried one and -voila!- FW came right up. In fact, I tried different pages (the login page, the add-a-post page, etc) and they all came up.

Here's my question to YOU: Is it safe to plug my username and password into those fields via the proxy?

I've got into the site (via proxy), so will can scour comments and such to see if perhaps there's url listed in a post or comment or something that could be causing the site to be blocked - presumably by my ISP. Would/could that be it? Surely not my humble little blog could be blocked by wowway...?

Does it follow that if I can get to this point (login pages) via the proxy that the block is coming from my ISP?

Oh, and the proxy I'm using is www.HideMyAss.com - mostly just because the name cracks me up.

Clues and questions... baited breath and all that stuff...
*PS: the proxy seems to generate some pop-ups!

 

[felinewarrior]

out of ideas?

Just checking in to see if anyone had more thoughts on my situation. Last night and early this morning, I was able to get on at home. Could get on any time from the office. Now at home at 8pm, I can't.

Do you think that what I've described points to my ISP? For example, I had instant access via proxy last night... but connecting directly to the cable modem still doesn't allow me access. It happens (apparently) only at my house.

One new thought I had comes from more Googling - and there's a dns trojan out there (fairly recent attacks, looks like) - the symptoms don't seem to match mine completely, but maybe...? I'm going to do another online scan, this time at BitDefender just to be sure. (Other suggestions on the scanning?)

I don't want to be a pest, so please don't get cross with me for checking in again. I'm sure there are more exciting problems to solve than mine!

Okay, now I will wait to see if anyone has more or final thoughts.

Thanks again!
Franque

 

[momok]

Hi,

If you think your system is infected, I would advise you to do the following.

Important: Please read this thread HERE before you decide whether to clean or reformat your system.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan


Regards,
Your friendly momok =)

This thread is for the use of felinewarrior only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[felinewarrior]

following momok's suggestions

Hi,
If you think your system is infected, I would advise you to do the following...
Regards,
Your friendly momok =)

Thank you, friendly momok. I am currently doing the TrendMicro scan. And have printed your instructions. I'll post results when it's all finished.

Thanks,
Franque

 

[felinewarrior]

HJT, AVG, Combofix logs (per momok)

...Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan

Greetings, momok-

Please find the following reports attached to this post:

* Hijack This
* AVG Antispyware
* Combofix logs (2)

The AVG Antirootkit found nothing.

I await your reply.

Thanks!
Franque

 

[momok]

Hi,

You logs actually look clean to me. Just have HijackThis fix the following entries though:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} -
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} -
O24 - Desktop Component 0: (no name) - (no file)


Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of felinewarrior only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[felinewarrior]

problem still exists, thanks for your help

Well, thanks to JOBeard and momok for their efforts - however, my problem still exists: I have long stretches of time (from hours to days) of not being able to access my own web site. That includes viewing it and logging in to make changes.

I just don't know what else to do. That I'm able to access the site via proxy may be indicative of *something* but who knows what? (I.E., it's not the router / it is the router / oh, it must be the ISP...)

I absolutely appreciate the efforts put forth, and if anyone awakens in the middle of the night with an "A-Ha" about this situation, please post it.

In the meantime, I will use a proxy - unless anyone says it's not safe (perhaps it's easy for someone to steal my log in information or something, I don't know).

Thanks tons-
Franque

 

[felinewarrior]

Last stab with the ISP / Network issue?

Well, an update, albeit not an uplifting one: I checked again with my ISP and they've assured me that they would never, ever block any web site or access to any email address. Of course, like the last time, the person I spoke with had no suggestions.

If the ISP people are right, then I think I'm left with only a mysterious network issue. Since connecting directly to the cable modem doesn't seem to matter, I'm not sure what that means, but if anyone checks this thread and has an idea, I'd be thrilled to hear it.

Wah!
-Franque