
Ask HN: is the California state park website leading to malware? - jph
California state parks use a reservation system that seems to be hacked by malware, by using a DNS typo masquerade, then tries to install Chrome extensions.<p>What do HN readers recommend to 1) stop the problem now, 2) protect the website for the future?<p>To reproduce:<p>1. Visit this California parks page: http:&#x2F;&#x2F;www.parks.ca.gov&#x2F;?page_id=616<p>2. Notice the highlight text: &quot;go to reservecaliforrnia.com to view available campsites&quot; and see the misspelling with the extra &quot;r&quot;.<p>3. Go to that misspelled domain name. It redirects to &quot;gogetsplendidapps&quot; and&#x2F;or to prompt to install Chrome extension &quot;Keep Safe Search&quot;. Google reports this as malware.<p>Update: I&#x27;m reporting the issue to the real website, and to the real domain name registrar.<p>What are approaches to terminate the hack website?<p>What are suggestions for long-term defense against this kind of attack? For example to install software for many users that would have blocked&#x2F;refused the hack website?
======
petee
It looks like a simple typo, double hitting the r. I would contact a couple
people from the website to alert them to the error.

If it were malware, they would have gone ahead and made it a real link

------
slater
Not for me. Check your browser's installed extensions/add-ons, and remove any
that might have been taken over.

~~~
jph
Thanks for helping! I just added more to the report above-- the problem looks
to be upstream, and due to a domain name error.

~~~
slater
oh yeah, it's a typo and someone is using the typo-squatted domain for
nefariousness!

1) correct: reservecalifornia.com

2) incorrect: reservecaliforrnia [dot com]

Note two 'r'

