= Overview =
If you're being randomly redirected to sites like ours, www.norwich.edu, opensourcematters.org, www.paramiko.org, but also thousands of other sites[1], it means you are a victim of the hacking [http://enwww.wikipediachinadaily.orgcom.cn/wikichina/Great_Firewall Great Firewall of China2015-05/01/content_20593546.htm] (GWF).
Starting in January 2015, the Great Firewall was slightly modified and began China's massive Internet infrastructure is extremely vulnerable to use DNS spoofing overseas cyberattacks, experts warned on Thursday after a mass scale - server malfunction redirected a large number of requests to wrong pages for any "censored" DNS names like wwwdays.youtubeExperts said it will be difficult to trace the source of the attack because it is technically possible to carry it out by remotely controlling the servers.com or wwwPage view requests to these sites were hijacked and redirected to two addressesï¼wpkg.facebookorg, the home page of an open source software, and ptraveler.com, GWF sends fake DNS replies aimed a travel blog.A senior staff member overseeing Internet operations at seemingly random IP addresses outside of China[2]the coordination center said: "It was a rather strange case because the hackers were directly targeting the telecom carriers' servers. This results in massive disruptions for internet users in China and massive overload of random webservers outside of ChinaIt has rarely happened before.
= Why the Government of China is doing it =
Internet censorship in China is a known fact for very long. At least 18,000 websites are blocked from within mainland China, including 12 out of the Top 100 Global Websites.
DNS spoofing allows the Chinese censors to do the following:
* Block access to specific sites.
* It can cause users with specific IP addresses or locations (i.e. neighbourhood, city, district) to connect to "fake" websites and intercept their user credentials. Imagine a fake Facebook or Gmail page which looks identical to the original one, but captures login credentials. With that information, the Chinese censors can access or read your private data, emails, contacts without you noticing.
* Block SSL certificate verification queries sent by the browsers (Online Certificate Status Protocol, OCSP).
* Intercept emails.
* Intercept messages sent by internet communicators.
* Attack websites by directing mass traffic from many Chinese users.
= Quick help for affected users = == What can I do to waste my time and do absolutely nothing prevent the Great Firewall of China spoof my DNS requests ==
* Ask your friend why the Government of China is manipulating DNS to block access to websites, obtain your passwords and private data.
We realise that the above method won't fix your issue immediately.
The only technical way is to use a reliable DNS server located outside of China (for example, OpenDNS or Google Public DNS) *and* a reliable VPN provider. Please note that GFW can easily intercept DNS queries and fake the replies - this is why using a VPN is so important.