Are there always ads when you surf the Internet? It turns out that your carrier and router may be cheating you

For me, the most annoying thing when surfing the Internet is this:

When you are surfing the Internet, a pop-up advertisement suddenly pops up. This advertisement may be a gambling advertisement from xx entertainment city, or it may be a web game advertisement that deceives you by saying "I am Zha Zha Hui, if you are a brother, come and kill me." In addition to the dog-skin plaster-like advertisements, there are also advanced operations that hijack software packages. When you browse the xx download site and go through layers of jumps, what you finally download is rogue software from another dimension.

I believe that you have experienced this kind of thing more or less. Today, I will tell you the mystery behind it. In fact, they all have a unified name: traffic hijacking. The so-called traffic hijacking is to use various malicious software, Trojans to modify the browser, lock the homepage or pop up new windows continuously, etc., to force users to visit certain websites, thereby causing user traffic loss.

[[439342]]

So what exactly causes traffic hijacking? This has to start with the classification of traffic hijacking.

1. DNS hijacking: Operators and routers may cheat you

A little-known fact is that the domain name we enter when surfing the Internet is not the real "house number" of the website. For a website, the IP address is the real house number, just like our home address. If you want to write a letter to someone, you must know his (her) address so that the postman can deliver the letter. The computer sending information is like a postman. It must know the unique "home address" to avoid sending the letter to the wrong person. It's just that our address is expressed in words, while the computer address is expressed in binary numbers. As shown in the figure below, Baidu's IP address is 182.61.200.7.

The emergence of domain names is essentially to solve the problem that IP addresses are difficult to remember. For example, www.baidu.com is the domain name of Baidu. After we enter the domain name, the computer will access the domain name system (DNS). DNS finds the IP address corresponding to the domain name and then returns it to the computer.

DNS hijacking is achieved by modifying the client's DNS primary server IP and backup server IP. It can hijack only the content while leaving the domain name unchanged, or it can jump to a new hijack, where both the domain name and content are changed. To put it simply, we want to visit website A, but hackers hijack DNS to cause navigation errors, which ultimately leads us to website B.

The target of the hacker may be the operator or the router.

Not long ago, the Daqing police arrested a criminal gang that used DNS hijacking as a means to hijack Internet users' traffic and illegally control computer information systems. The gang set up a mirror server at the operator's metropolitan area network exit, mirrored the Internet traffic data of all users, and then installed a "hijacking program" on this mirror server. By colluding with the operator's employees inside and outside, the traffic of Internet users was hijacked and jumped to gambling websites.

Routers can also become targets of hackers. They can attack routers through router vulnerabilities, gain control of the routers and change the DNS settings. When you visit a specific website, you will be redirected to a website controlled by the attacker, and then your personal information can be stolen.

2. HTTP hijacking: Operators may be blamed

Unlike DNS hijacking, when HTTP hijacking occurs, the IP address of the domain name resolved by DNS remains unchanged. Your request is hijacked during the interaction with the website, and the request is returned to you before the website sends you information.

Of course, if the user makes an HTTP request, and it is an HTML type request, then Http hijacking can also achieve operations similar to DNS hijacking and pop up another URL to the user.

Http hijacking is easy to identify. When you normally visit a page without advertisements, and an advertisement pop-up window appears on the page, it is most likely that the operator has hijacked Http. Why would the operator hijack Http on users? It is nothing more than making money. Through Http hijacking, you can add extra advertisements to normal websites, and you can also add promotional tails to normal websites and earn click fees through promotional links.

Of course, traffic hijacking is a very complicated behavior. In addition to DNS hijacking and Http hijacking, there are also other hijacking methods such as Hosts hijacking and mixed hijacking, which will not be introduced one by one here.

3. Hard to guard against! How can consumers prevent traffic hijacking?

So for ordinary users, how should we prevent traffic hijacking?

For users, the client operation is actually quite complicated, but as a consumer, we still have ways to prevent it. Ideally, we can avoid it by configuring all the IPs we need to use into the hosts file, but this is obviously impossible. Therefore, we must use a regular DNS server to avoid being hijacked by a fake DNS server resolution.

Secondly, for devices such as routers, we need to update their software and firmware regularly.

Also, when surfing the Internet, try to visit websites that have embraced the encrypted transmission protocol (HTTPS), and the probability of being hacked will be smaller.

Finally, once you find signs that your traffic has been hijacked, you must promptly provide feedback or complain to the operator. If that doesn’t work, you can also report the situation to the Ministry of Industry and Information Technology.