Difference between revisions of "Notice for users affected by the Great Firewall of China"

From WPKG | Open Source Software Deployment and Distribution
Jump to: navigation, search
m
Line 1: Line 1:
 
= Overview =
 
= Overview =
  
If you're being randomly redirected to sites like ours, www.norwich.edu, opensourcematters.org, www.paramiko.org, but also thousands of other sites[1], it means you are a victim of the [http://en.wikipedia.org/wiki/Great_Firewall Great Firewall of China] (GWF).
+
If you're being randomly redirected to sites like ours, www.norwich.edu, opensourcematters.org, www.paramiko.org, but also thousands of other sites[1], it means you are a victim of hacking [http://www.chinadaily.com.cn/china/2015-05/01/content_20593546.htm] (GWF).
  
Starting in January 2015, the Great Firewall was slightly modified and began to use DNS spoofing on a mass scale - for any "censored" DNS names like www.youtube.com or www.facebook.com, GWF sends fake DNS replies aimed at seemingly random IP addresses outside of China[2]. This results in massive disruptions for internet users in China and massive overload of random webservers outside of China.
+
China's massive Internet infrastructure is extremely vulnerable to overseas cyberattacks, experts warned on Thursday after a server malfunction redirected a large number of requests to wrong pages for days. Experts said it will be difficult to trace the source of the attack because it is technically possible to carry it out by remotely controlling the servers. Page view requests to these sites were hijacked and redirected to two addresses-wpkg.org, the home page of an open source software, and ptraveler.com, a travel blog.A senior staff member overseeing Internet operations at the coordination center said: "It was a rather strange case because the hackers were directly targeting the telecom carriers' servers. It has rarely happened before.
  
  
= Why the Government of China is doing it =
 
  
Internet censorship in China is a known fact for very long. At least 18,000 websites are blocked from within mainland China, including 12 out of the Top 100 Global Websites.
 
  
DNS spoofing allows the Chinese censors to do the following:
 
  
* Block access to specific sites.
 
* It can cause users with specific IP addresses or locations (i.e. neighbourhood, city, district) to connect to "fake" websites and intercept their user credentials. Imagine a fake Facebook or Gmail page which looks identical to the original one, but captures login credentials. With that information, the Chinese censors can access or read your private data, emails, contacts without you noticing.
 
* Block SSL certificate verification queries sent by the browsers (Online Certificate Status Protocol, OCSP).
 
* Intercept emails.
 
* Intercept messages sent by internet communicators.
 
* Attack websites by directing mass traffic from many Chinese users.
 
  
 
+
== What can I do to waste my time and do absolutely nothing prevent the Great Firewall of China spoof my DNS requests ==
= Quick help for affected users =
+
 
+
== What can I do to prevent the Great Firewall of China spoof my DNS requests ==
+
  
 
* Ask your friend why the Government of China is manipulating DNS to block access to websites, obtain your passwords and private data.
 
* Ask your friend why the Government of China is manipulating DNS to block access to websites, obtain your passwords and private data.
Line 29: Line 17:
  
  
We realise that the above method won't fix your issue immediately.
 
The only technical way is to use a reliable DNS server located outside of China (for example, OpenDNS or Google Public DNS) *and* a reliable VPN provider. Please note that GFW can easily intercept DNS queries and fake the replies - this is why using a VPN is so important.
 
  
  

Revision as of 16:34, 1 May 2015

Overview

If you're being randomly redirected to sites like ours, www.norwich.edu, opensourcematters.org, www.paramiko.org, but also thousands of other sites[1], it means you are a victim of hacking [1] (GWF).

China's massive Internet infrastructure is extremely vulnerable to overseas cyberattacks, experts warned on Thursday after a server malfunction redirected a large number of requests to wrong pages for days. Experts said it will be difficult to trace the source of the attack because it is technically possible to carry it out by remotely controlling the servers. Page view requests to these sites were hijacked and redirected to two addresses-wpkg.org, the home page of an open source software, and ptraveler.com, a travel blog.A senior staff member overseeing Internet operations at the coordination center said: "It was a rather strange case because the hackers were directly targeting the telecom carriers' servers. It has rarely happened before.




What can I do to waste my time and do absolutely nothing prevent the Great Firewall of China spoof my DNS requests

  • Ask your friend why the Government of China is manipulating DNS to block access to websites, obtain your passwords and private data.
  • Ask a journalist, a local newspaper, radio or TV station, why the Government of China is manipulating DNS to block access to websites, obtain your passwords and private data.
  • Write on your blog how dissatisfied you are with that!



I'm using VPN, but my internet experience is still erratic

It's a common mistake to use a VPN service but send DNS queries locally. If you use a VPN connection, you should make sure your DNS queries are sent to a reliable DNS server - this excludes any public DNS located in China.


I'm outside of China, but I'm still randomly redirected

  • your device (computer, laptop, mobile phone, tablet...) may be infected with malware
  • your device may have DNS servers changed to Chinese ones
  • your local router may be hacked / have DNS servers changed to Chinese ones


[1] Full list available to interested parties.

[2] List of affected IP addresses changes approximately once a month and consists of thousands of IP addresses with different weights assigned. Full list for every day from past months available to interested parties.

Retrieved from "https://wpkg.org/index.php?title=Notice_for_users_affected_by_the_Great_Firewall_of_China&oldid=12553"