Author Topic: Certificate errors. Was my firewall compromised or was it a glitch? Phished?  (Read 2778 times)

Offline alphaomega

  • Newbie
  • *
  • Posts: 10
I recently was having trouble accessing a deposit page online. I was getting certificate errors. the technical details were:

processor6.realtimegaming.com uses an invalid security certificate. The certificate is only valid for search.dnsadvantage.com (Error code: ssl_error_bad_cert_domain)

my firewall then was the COMODO Internet Security (Version: 5.5.64714.1383)

It was the first time i had run into this problem and was puzzled and alarmed. I really didnt know what to do.. i ran multiple virus/malware/rootkits scans using multiple programs and even reached out at bleepingcomputer.

then out of nowhere i decided to see if there were any upgrades to my firewall and there was. the update/install was very quick. less than a second. and it asked me to restart my computer and i did. everything loaded, but i thought it was too fast for an update. so i clicked update again and there was another update available. this one took a bit longer and again asked me to restart. i did (and i guess this is the most updated version).

So i tried the deposit page again, and this time im able to access it. No problems at all.

So my question is what was preventing me from accessing that page? was my firewall hacked? or was it just a glitch?

I've attached a copy of my comodo log. i zipped it because its an htm file. Hopefully someone can tell me if it looks ok.

my current version of the firewall is COMODO Internet Security (Version: 5.10.228257.2253).

thanks again.

Online EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19745
This message comes from your  browser not from the firewall. I checked the web site and the certificate is valid. It was just a temporary glitch on server side.

Offline alphaomega

  • Newbie
  • *
  • Posts: 10
i forgot to mention that i was able to access the deposit website through my laptop pc and my iphone during the same time. i just couldnt do it with my PC. this went on for about 2 weeks. I was only able to access the site after i made the update. I mean it immediately went through right after the update.

i scanned and scanned and scanned with every security software i had and that page just wouldnt load. i updated comodo and bam it went through.

Did you check out my log by any chance? did everything look ok?
« Last Edit: May 26, 2012, 09:09:53 PM by alphaomega »

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11947
If you're worried about whether there's malware on your computer please follow the advice I give in How to Know If Your Computer Is Infected.

This'll let us know for sure if your computer is clean or not.

Also, are you having trouble upgrading to the newest version? If you are the best option may be to uninstall yours and manually install the next. Advice about how to do that is given in this topic.

Please let me know if you have any questions.

Thanks.

Offline Ronny

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13438
  • Volunteer Moderator
i updated comodo and bam it went through.
I suspect DNS is the cause of this, both sites are serviced for DNS on UltraDNS but do resolve a different A record at my side of the world.
But one has a Time-To-Live of only 300 seconds so it's possible that it resolves other records also.

Do you know if you are or where using Comodo Secure DNS?
You can find this info by opening a command-box (Start, Run, cmd [ENTER]) and then type ipconfig /all [ENTER]
Just look for the DNS Servers . . . . . . . . . . . : entries

Quote
Did you check out my log by any chance? did everything look ok?
I had a quick look, at first sight it doesn't show any thing related to this issue.
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline alphaomega

  • Newbie
  • *
  • Posts: 10
Thanks for taking time out to troubleshoot.

I did the ipconfig / all and its showing two sets of DNS servers:

under Ethernet adapter Home Network:
DNS Servers:
8.26.56.26
156.154.70.22

under Tunner adapter Automatic Tunnerling Pseudo-Interface:
DNS Servers:
fec0:0:0:0:ffff::1%1
fec0:0:0:0:ffff::2%1
fec0:0:0:0:ffff::3%1

not really sure what those mean or whether im using Comodo Secure DNS.

Offline Ronny

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13438
  • Volunteer Moderator
Those are Comodo Secure DNS IP's.
http://www.comodo.com/secure-dns/switch/windows_vista.html

Can you PM me the output specifically of the Pseudo-Interface:?
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek