I am trying to open Facebook, Yahoo!, Yandex, Tumblr, Google etc., and instead I am getting “Welcome to nginx!” page
Q: I am trying to open Facebook, Yahoo!, Yandex, Google, or some other well known web site and instead I am getting a blank web page with a message referring to nginx: “Welcome to nginx!” or “404 Not Found / nginx”.
I suspect something is wrong and there is probably a malicious attempt to direct me to a rogue web page (to break into my computer, do phishing etc.). Why is that, and what has nginx to do with my attempts to connect to Facebook (Yahoo!, Google, etc.) ?
A: First of all, the “Welcome to nginx!” page you see is NOT our website. At nginx, we write and distribute a free open source web server software. A web page saying “Welcome to nginx!” is just a diagnostics response that can be produced by any of the websites out there, running nginx web server. Currently, nginx is the 2nd most popular open source web server in the world, it’s being used by over 126,000,000 (or 14% of the Internet) websites. Most of these websites are legitimate, but some aren’t. Our software was created with a good reason of enabling performance and scalability on the Internet, it is licensed under popular open source license, and has nothing to do with any kind of threatening or malicious activity per se — nginx is NOT a malware, and it is NOT on your computer. But someone’s malware could have indeed tampered with your computer or router, redirecting you to a fraudulent Internet server.
We recommend running an anti-virus check on your computer, and we recommend to check and verify your entire system setup with the help of your ISP, or another support personnel:
(Disclaimer: at nginx we are not responsible for any negative impact or effects that the actions below might cause. Use the following recommendations at your own risk, especially if you aren’t an experienced user of your operating system and/or Internet applications. In no event shall nginx be liable for any direct, indirect, incidental, special, exemplary, or consequential damages, including, but not limited to loss of use, data, or profits; or business interruption).
- Check your TCP/IP settings and see if the DNS servers configuration matches the valid one (suggested by your Internet service provider or IT support personnel).
- Use Google Public DNS, and see if it fixes the problem. From Google’s description of its Public DNS — "Google Public DNS is a free, global Domain Name System (DNS) resolution service, that you can use as an alternative to your current DNS provider. [..] By using Google Public DNS you can: Speed up your browsing experience. Improve your security."
- Clear your DNS resolver cache. On Microsoft Windows XP go to Start > Run, and then type the following command: "ipconfig /flushdns". On Microsoft Vista, Windows 7, and Windows 8 click on Start logo, follow All Programs > Accessories, right-click on Command Prompt, choose "Run As Administrator", type in "ipconfig /flushdns" and hit Enter.
- Click the "page reload" button in your browser. Clear browser data (cache, cookies etc.). E.g. with Chrome find and click "Clear Browsing Data" (Settings > Under the Hood). With Internet Explorer find Tools > Internet Options > General. Caution: you may be deleting saved passwords information here, so do it carefully and check what exact actions you are performing.
- Check if the "hosts" file doesn’t contain entries other than "127.0.0.1 localhost", and if so — if these entries are for the web site you’re trying to reach. The "hosts" files is located in C:\WINDOWS\system32\drivers\etc directory. Typically there should be just one entry in it, for "127.0.0.1 localhost", that’s it. The "hosts" file can be viewed and edited with your standard Notepad application.
- Check the plugins and extensions installed with your browser. Re-install your browser or try an alternative one if possible.
Something must be wrong with your operating system settings, home router setup, or browser configuration, if you are trying to access a well known web site and what you get instead is “Welcome to nginx!”. This should NOT happen if your computers and network are clean and safe.
If changing DNS servers to Google Public DNS, flushing DNS resolver cache, fixing your browser configuration, or cleaning "hosts" file (when applicable) have helped, it might be that there’s a malware somewhere on your PC or around. Find and clean it using your preferred anti-virus and anti-malware tools.
Additional articles that might be helpful:
DCWG.org:
How can you detect if your computer has been violated and infected with DNS Changer?
How to clean up or fix malicious software (“malware”) associated with DNS Changer
Microsoft:
Malicious Software Removal Tool
How can I reset the Hosts file back to the default?
How to reset Internet Protocol (TCP/IP)
Firefox Help:
Tech-Recipes:
DNS Cache Flush, Clear, or Reset in Vista, Windows 7, and Windows 8