Hiccity-up! Comcast Phisher?
Okay, I guess “phisher” is probably not exactly the right word but it sure has been an interesting morning around here. I was merrily surfing around the ‘net a bit and I clicked a link that didn’t go where I expected it to. Instead, I was taken to this page, which proclaimed that there was a problem with my Comcast account and I couldn’t go anywhere else on the Internet until I had spoken with a Comcast rep. Say what? I knew it wasn’t a billing problem because I had seen the payment clear just a couple days ago. Could they be shutting me down over my rather ho-hum post about Paris Hilton? I had two options. I could chat with an on-line rep or call. I was 81st in the chat “queue” and the phone number led to a busy signal. Hmmm…
The GG (who is much better at deciphering waaaars and hubs and stuff than Kayak Woman) called the local Comcast office. At first, they were treating it as if it were a typical garden-variety connection problem but as the conversation progressed, the switchboard began lighting up with calls. It was tentatively decided that Comcast was being hacked or something and we hunkered down to wait it out.
We had three computers going (G4 iMac, G4 powerbook and MacBook) and for a while it was totally random whether we could access various sites or not. ababsurdo was almost always inaccessible, although I could sometimes get to the administrative side of the blahg. mousesnest and cliffsvic were always okay. Boingboing was on and off — the GG could get to it, I could not.
I shut down my computer and did some chores. When I got back to it, I could get to ababsurdo again (knock on wood). boingboing would load, sort of — no stylesheets — and there was some weird behavior as it loaded, involving messages from “comcastsupport.com” in the status bar. I randomly tried the WCC site. It appeared to load normally but I have firebug running and I noticed that there were two errors. Out of sheer, random curiosity, I clicked on the firebug error icon and encountered something very interesting. One of the errors related to a javascript file, “http://include.reinvigorate.net/re_.js,” which contains the html for the entire “comcastsupport.com” error page!
I do not have the expertise to know exactly what’s happening here, or even begin to explain it. But hang on to your hats. If you want to call Comcast, call the local number, not the number on the error page. They know about it and they seem to be working on it. Cheers!
Er, things are still pretty weird out there. Maybe this day isn’t over yet…
Update: knock on wood big time, all the hiccuping seems to be over now. We never got much out of Comcast but we are leaning strongly toward the theory that this was just an upgrade gone bad. No phisher or hacker attack. Sunday morning is a typical and logical time to implement changes to a real-time system, when fewer users are likely to be online, and we’re guessing that’s what this was.
June 10th, 2007 at 11:17 am
I had the exact same thing happen to me this morning. I called Comcast and they had no idea why it was happening or what I was talking about. I came to my office to see if anyone else was experiencing the same. Thanks for sharing. Now I know I’m not as crazy as the Comcast rep tried to make me out to be when I described the situation.
June 10th, 2007 at 11:24 am
No, you are *not* crazy. We’re still not totally sure what’s going on and it appears that Comcast is working on the problem now. It *looks* like someone has managed to insert a script (javascript) somehow somewhere that, when it is executed as a webpage loads, redirects to the “error” page. I’m in the midst of updating this entry. Stay tuned.
June 10th, 2007 at 12:05 pm
I’m in L.A. and I have the same problem this morning. I did a Google search and stumbled upon your blog. I have two laptops using two different ISPs. One is ATT and the other one is Time Warner Cable. The computer that accesses the Internet through TW was the one that had the problem. Neither computer goes through Comcast, which made it clear to me that something nefarious was afoot.
It’s not something on my hard drive, is it?
June 10th, 2007 at 12:07 pm
I had the same issue on ONE of my computers (the iMac). The PowerMac G5 and Windows XP computers had no issue.
I changed my network settings on the iMac to use a non-Comcast DNS (you can freely use 4.2.2.1 and 4.2.2.2) and my problem seems to have gone away. These settings are in your network settings/preferences. This might indicate their DNS server has been compromised.
June 10th, 2007 at 12:25 pm
Running on a Mac, that is not susceptible to the usual variety of PC viruses or browser attacks, the only thing I can think of that is causing this message to appear (yes, it hit me also today) is Comcast’s DNS servers. Here are the servers I have configured for my system:
68.87.66.196
66.87.64.196
Do these numbers look familiar to any of you? Also, only one of the six internet-enabled computers in my hope are currently being affected. The others are all using DIFFERENT DNS servers. (Hrm.)
June 10th, 2007 at 1:35 pm
I have been using 4.2.2.4 and 4.2.2.5 for DNS addresses.
The problems seem to occur almost at random on different computers.
Once an individual computer has a problem with an individual page, the problem seems to stick around.
I have experimented with restarting and resetting the DHCP lease between the computer and my local router(s). The behavior of an individual computer changes after restarting and establishing a new DHCP connection.
I called Comcast this morning and they didn’t know of any problems. While I was talking with a (helpful person) he noted that they were starting to get a flood of calls. I called Comcast again this afternoon. They are getting a flood of complaints – the problems seem to be concentrated on folks with routers.
I think either Comcast is getting hacked, or Comcast has installed some kind of update that has gone bad. Too bad they don’t provide any kind of status information on their web site.