IP Spoofing often causes commotion and confusion amongst those who become victims of such attacks. Generally speaking IP spoofing is used by unscrupulous individuals whose sole aim is to disrupt your website and to send your information to third parties. When your IP address is spoofed your website is not infected with any type of virus or any other types of dangerous software. Instead the parties responsible for the spoof mimic your IP address which may bring up what looks like your website and attempt to deliver malevolent materials to those who visit what they perceive to be your site. If you suspect a site is being spoofed it is advisable that you close your browser immediately as to avoid having your machine compromised. In order to better understand IP/website spoofing please review the following pages as their information will help shed some light on this subject.
If one is ever unfortunate enough to have been victim to such practices such a person will often find that when visiting their website they are warned of an impending infection. This infection may come in the form of such things as a virus, spyware, malware, or even trojan. In addition to this, once your IP address has been hijacked and spoofed some search engines may begin issuing warnings to users who find your site through their engines. This warning appears in the form of a page that will usually carry a message such as “warning the site you are trying to visit may contain malicious materials”. This can be damaging to your business as well as your standings within the search engines, and most users will turn away or close their browser upon receiving such a message. If you believe that your website or IP address has been spoofed you should contact your web host without any delay.
Google’s Warning
Before continuing let’s review what we’ve learned about IP spoofing thus far.
- When you visit a site and receive a warning from any antivirus or antispyware software you may be running, this does not indicate an infection within any portion of your website. Neither does it serve as an indicator that your web host or its servers has an infection.
- The purpose of IP/website spoofing is to circumvent any computer who may visit a site that is being spoofed. When visiting such a site a computer will likely receive some type of “virus” which will allow those spoofing to gain access to this machine.
- IP spoofers are sinister individuals who want access to your computer and aim to steal both your data and files and in some extreme cases, your identity. Any data that they successfully steal is usually sold to a third party, either for marketing purposes, or worse.
- Major search engines will begin issuing warnings to visitors who are about to enter a website they believe to contain malicious materials. If you receive this type of warning or message, call your web provider right away so that they can assist you in determining the exact cause of these warnings.
- If you visit your website and regularly receive warnings from antivirus programs upon arriving at your homepage neither your website nor its host servers are infected with any type of virus, your IP address and/or website has been spoofed.
Cal Coast Web Design recently experienced such circumstances with one of its clients. The client alarmed and distressed contacted us to make us aware of the problem. This client was under the false assumption that somehow a “virus” had been implanted into their homepage and that it was infecting any and all computers who might be visiting their site. When anyone receives such warnings from their protection software, a system scan should be performed immediately, which is what Cal Coast recommended this client do. Oddly enough system scans did not fix the problem and even more peculiar was the fact that not all who visited this clients site received such a warning. Upon further investigation Cal Coast found that as suspected the website was not infected with anything but that the site and IP address had become victims of spoofing.
After making this discovery we quickly contacted the company with which the clients site was hosted with in hopes of finding out exactly what had happened and how to remedy the situation. The host quickly verified our findings and suggested we contact Spamhaus.org and alert them to the issue. Spamhaus.org is an organization whose purpose is to track spam related activity as well as report on it and take action against those who spam. Once Spamhaus is notified of an issue such as this they can assist in having the warning removed once they verify you are indeed being spoofed. We are currently in the process of having this warning removed by Spamhaus and once the process completes all warnings will disappear when visiting this clients website.
To further help determine if your IP address and/or your website is being spoofed be sure to clean out your cache (temporary Internet files) at the end of every day. You will then need to run some sort of system scan using some type of antivirus/antispyware program. Don’t forget to keep your antivirus programs up to date as well, as neglecting this cause these programs to miss newer and more sophisticated threats. Keeping everything up to date and running daily scans can drastically reduce the number and type of threats you receive. This in turn helps to keep your information and computer safe. Should you follow this advice and find yourself receiving website warnings anyway it’s a safe bet the site you’re trying to access (even if it’s your own) has been spoofed. As always contact your web provider hastily.
We hope this sheds just a little bit of light on this troublesome topic. Should you have any further questions please contact us so that we may help.