Google Hijacked

[VancouverBC]

Does anybody know if this also happens in Laos or Cambodia? Does Maxnet cover these areas as a provider?

That would make Google even more angry!

[bazmlb]

interesting that the contact pages in google redirect back to the google.co.th search page, so cant even contact google to tell them

[dafool]

Just called 1103. Kind of felt bad for the guy. We had a friendly conversation but he sounded very flustered and said "Google will be fixed tomorrow, maybe 1 or 2 hours" whatever that means.

Dude, They work like that. I still remember i know someone was work same company and same position as Java Developer, she cannot wrote any java code (just hello word she cannot do that) and then she just went to work for 2 weeks after got salary half month she didn't at office anymore!!!! and next month she work at MAXNET as call center. she very proud for that I did try ask her about simply network she didn't know anything.

Absolutely, she just one of call center i knew , But let think if people like her work with maxnet how about the other?

Than mean when we call them(MAXNET CALL CENTER) they don't know anything but They hijacked Google that is very very wired. How they dare rude their customer with this. I think their should got email warning from Google.....

[MonPengCarabao]

You can try to contact maxnet at icare[a]ttt.co.th seems to get a better response than ringing them, possibly goes straight to the technicians rather than the call center where they cant even understand a line number when you give it to them.

[mcgriffith]

I would give them a chance to redeem themselves.

Like by tomorrow morning, first thing.

If it isn't fixed by then, I would guess all he_l will break loose....

As in no more expat customers of MaxNet.

[sbk]

I've just emailed google for you guys. With a link to this thread

**also posted on their help forums, don't expect many answers but maybe someone from google monitors their help forums.

[mcgriffith]

sbk, you're the best!

[psrchisholm]

Thanks, RitchieH! (And thanks to everyone who's provided data on this.)

If this is still happening, there's some information that would be helpful for Google to better understand the situation. For anyone who's interested in helping (and please change the underscores to periods in www_google_com below because I can't figure how to enter a hostname without being accused of entering a URL):

- What IP address are you seeing for Google? Run:

nslookup www_google_com

or if you have the dig command installed:

dig +trace www_google_com

- What's your route to that IP address? Run (Windows):

tracert www_google_com

or (Mac or Linux):

traceroute www_google_com

If you have mtr installed, the output from that would be even better.

- If you tell your computer or router to use third party DNS nameservers, such as offered by OpenDNS (208_67_222_222 or 208_67_220_220) or Level 3 (4_2_2_2), does the problem go away? (Sorry, change the underscores to periods again.)

Thanks. --psrchisholm

[sbk]

Ok, does the alternate work:

http://www.google.com/webhp

please click and let me know

[sbk]

newbies can't post URL's, its an anti-spammer thing.

[mcgriffith]

Well, for me at least (and I am currently on TT&T/Maxnet) it looks like the situation has been resolved.

I now go to my original Google and gmail settings, with no redirect to the above mentioned spam.

Thanks again sbk for your efforts!

[kudroz]

Well, for me at least (and I am currently on TT&T/Maxnet) it looks like the situation has been resolved.

I now go to my original Google and gmail settings, with no redirect to the above mentioned spam.

Thanks again sbk for your efforts!

The code injection has stopped. Google.com now works.

[-noodles-]

I've also had this problem today but looks like they've fixed it in the last 15 minutes.

[sbk]

here is a screenshot of the google forum response

[Jimjim]

Looks like it's over but I don't understand how this helped the owner of the "movie buffet" link. You clicked on his link and it simply redirected back to google, right? So what's the benefit of doing this? I suspect it's possible Maxnet may not have done this on purpose. Wayward employee or they were hacked and just wildly inefficient at getting it fixed fast.

[Jimjim]

Nevermind, I think I get it. If you clicked on the ad it took you to their promotion, and if you didn't you were redirected after a few seconds? Since it does say "maxnet" movie promotion either they did do it, somebody was impersonating them, or a wayward employee. Either that or the sad alternative that it was all completely intentional from the top down.

[VancouverBC]

Nevermind, I think I get it. If you clicked on the ad it took you to their promotion, and if you didn't you were redirected after a few seconds? Since it does say "maxnet" movie promotion either they did do it, somebody was impersonating them, or a wayward employee. Either that or the sad alternative that it was all completely intentional from the top down.

They DID do it, the URL is a subdomain moviebuffet.maxnet.co.th and moviebuffet.maxnet.co.th/google.html is a redirect.

This is absolutely deliberate and root access management, however...

....they are stupid enough so you never know...they probably have the most unsecure website in the world, probably even worse than Nigeria or something !!!

[RedCardinal]

Thanks, RitchieH! (And thanks to everyone who's provided data on this.)

If this is still happening, there's some information that would be helpful for Google to better understand the situation. For anyone who's interested in helping (and please change the underscores to periods in www_google_com below because I can't figure how to enter a hostname without being accused of entering a URL):

- What IP address are you seeing for Google? Run:

nslookup www_google_com

or if you have the dig command installed:

dig +trace www_google_com

- What's your route to that IP address? Run (Windows):

tracert www_google_com

or (Mac or Linux):

traceroute www_google_com

If you have mtr installed, the output from that would be even better.

- If you tell your computer or router to use third party DNS nameservers, such as offered by OpenDNS (208_67_222_222 or 208_67_220_220) or Level 3 (4_2_2_2), does the problem go away? (Sorry, change the underscores to periods again.)

Thanks. --psrchisholm

@psrchisholm - this is resolved now, but I sent the headers and HTML interstitial over to JohnMu. This was definitely an injection by Maxnet.

Thankfully fixed now

[Veazer]

I wonder if the movie promotion itself was actually legal. Does maxnet really have legal permission to be doing video on demand for all these movies?

At least the google fiasco seems to be over and we can all go back to hating them for having the worst service around. I am interested to see the next Database section in BKK post, i hope they have a good write up about this.

[Tywais]

Some of the Thai forums/blog sites have some choice words about the problem also - words like "sue" and "unethical" pop up.

[OxfordWill]

amazing Thailand

[wxpwzrd]

I doubt the redirect to google.co.th is an injection. ToT does it has done it and I think even my DTAC mobile internet connection does it. Tally that up to Google having a POP in Thailand and they do it in order to provide you closer server resources.

[jbhh]

I doubt the redirect to google.co.th is an injection. ToT does it has done it and I think even my DTAC mobile internet connection does it. Tally that up to Google having a POP in Thailand and they do it in order to provide you closer server resources.

Sorry you are wrong. When you were on google.co.th and clicked on the bottom on: "Go to google.com" you would get another ad popup and be redirected to google.co.th again, it was an endless loop and no google.com site was available using maxnet. This was deliberately done by maxnet to promote the new moviebuffet, a maxnet service offering VoD which I hope will cost them millions and wont bring in any money.

What amazes me is, how DUMB these guys maxnet must be, they forwarded any url that had "google.com" in it to "google.co.th" I guess they thought, hey google is only a search engine and you can use google.co.th in English, so you don't need google.com... what they didn't think about is all the OTHER SERVICES you can ONLY get at google.com.

I hope they get sued for this, this is really a blackhat technique as said earlier in this thread, and they should get punished for it... if they don;t I can see all ISPs jumping on the bandwagon. Can't wait to see a ad from my ISP popup every time I open thaivisa.com

[wxpwzrd]

I doubt the redirect to google.co.th is an injection. ToT does it has done it and I think even my DTAC mobile internet connection does it. Tally that up to Google having a POP in Thailand and they do it in order to provide you closer server resources.

Sorry you are wrong. When you were on google.co.th and clicked on the bottom on: "Go to google.com" you would get another ad popup and be redirected to google.co.th again, it was an endless loop and no google.com site was available using maxnet. This was deliberately done by maxnet to promote the new moviebuffet, a maxnet service offering VoD which I hope will cost them millions and wont bring in any money.

What amazes me is, how DUMB these guys maxnet must be, they forwarded any url that had "google.com" in it to "google.co.th" I guess they thought, hey google is only a search engine and you can use google.co.th in English, so you don't need google.com... what they didn't think about is all the OTHER SERVICES you can ONLY get at google.com.

I hope they get sued for this, this is really a blackhat technique as said earlier in this thread, and they should get punished for it... if they don;t I can see all ISPs jumping on the bandwagon. Can't wait to see a ad from my ISP popup every time I open thaivisa.com

I am not saying Maxnet isn't injecting you. I am saying a redirect to google.co.th is from google.

[Tywais]

I am not saying Maxnet isn't injecting you. I am saying a redirect to google.co.th is from google.

Actually, the redirect is coming from Maxnet ISP. There's a Thai web forum that a member showed the code with the ad and the redirect that was doing all the previous nonsense.

[bluesofa]

I am not saying Maxnet isn't injecting you. I am saying a redirect to google.co.th is from google.

Actually, the redirect is coming from Maxnet ISP. There's a Thai web forum that a member showed the code with the ad and the redirect that was doing all the previous nonsense.

Quite true. I was saved the maxnet url rubbish, their re-direct was:

moviebuffet(dot)maxnet(dot)co(dot)th/google.html

(avoiding posting a direct url there)

[sbk]

I am just curious what google had to say about all of this. I can't imagine they would take it lying down.

[pattygreenstar]

Also seeing this redirect at yahoo.com >> http://m.www.yahoo.com/

I have a feeling that maxnet is going to pay dearly for this

to solve google and m.yahoo.. problem please follow this step

1) go to your browser and click tool + internet option

2) in General tab there should be your default url if you found different just delete it and type the url you want

3) go to use current tab, there will be two url the first url is m.yahoo etc so delete it

[spaceshipcrew]

MAXNET has two faces, the ultimately dumb chicks at the callcenters who are not able to do their work professional, the troubled servers who lack fulltime automated linemonitoring and automatic resets, bad servers/serverports, bad cablenetwork etc. giving downtime every few days and short hickups few times a day. But also the very kind and helpful local manager of TTT Chiangmai mr. Thanakorn who really does his best to help you, I love this man. And the sweet and patient girls of local office of TTT @ Central KSK Chiangmai who again managed to cancel a monthly bill because May was really a trouble month.

Tip: bring a bag of candies for this girls and they will be on your side from then on !

[pattygreenstar]

Also seeing this redirect at yahoo.com >> http://m.www.yahoo.com/

I have a feeling that maxnet is going to pay dearly for this

to solve the google redirect and m.www.yahoo problem please follow this steps;

1) go to your browser

2) tools + internet options

3) in general tab there should be the url you want to defalt if found other url delete it

4) click use current button

5) delete the redirect url (all)

6) you also check other botton on use default button, if found redirect url delete it

7) click OK

solved.