Overview

If you're being randomly redirected to sites like ours, www.norwich.edu, opensourcematters.org, www.paramiko.org, but also thousands of other sites[1], it means you are a victim of the Great Firewall of China (GFW).

Starting in January 2015, the Great Firewall was slightly modified and began to use DNS spoofing on a mass scale - for any "censored" DNS names like www.youtube.com or www.facebook.com, GFW sends fake DNS replies aimed at seemingly random IP addresses outside of China[2]. This results in massive disruptions for internet users in China and massive overload of random webservers outside of China. Some Hong Kong users are also reportedly affected.

Why the Government of China is doing it

Internet censorship in China is a known fact for very long. At least 18,000 websites are blocked from within mainland China, including 12 out of the Top 100 Global Websites.

DNS spoofing allows the Chinese censors to do the following:

• Block access to specific sites.
• It can cause users with specific IP addresses or locations (i.e. neighbourhood, city, district) to connect to "fake" websites and intercept their user credentials. Imagine a fake Facebook or Gmail page which looks identical to the original one, but captures login credentials. With that information, the Chinese censors can access or read your private data, emails, contacts without you noticing.
• Block SSL certificate verification queries sent by the browsers (Online Certificate Status Protocol, OCSP).
• Intercept emails.
• Intercept messages sent by internet communicators.
• Attack websites by directing mass traffic from many Chinese users.

Quick help for affected users

What can I do to prevent the Great Firewall of China spoof my DNS requests

• Ask your friend why the Government of China is manipulating DNS to block access to websites, obtain your passwords and private data.
• Ask a journalist, a local newspaper, radio or TV station, why the Government of China is manipulating DNS to block access to websites, obtain your passwords and private data.
• Write on your blog how dissatisfied you are with that!

We realise that the above method won't fix your issue immediately. The only technical way is to use a reliable DNS server located outside of China (for example, OpenDNS or Google Public DNS) *and* a reliable VPN provider. Please note that GFW can easily intercept DNS queries and fake the replies - this is why using a VPN is so important.

I'm using VPN, but my internet experience is still erratic

It's a common mistake to use a VPN service but send DNS queries locally. If you use a VPN connection, you should make sure your DNS queries are sent to a reliable DNS server - this excludes any public DNS located in China.

I'm outside of China, but I'm still randomly redirected

• your device (computer, laptop, mobile phone, tablet...) may be infected with malware
• your device may have DNS servers changed to Chinese ones
• your local router may be hacked / have DNS servers changed to Chinese ones

[1] Full list available to interested parties.

[2] List of affected IP addresses changes approximately once a month and consists of thousands of IP addresses with different weights assigned. Full list for every day from past months available to interested parties.