Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Credentials directed to wrong domain...?

  1. #1
    beeblebrox Guest

    Default Credentials directed to wrong domain...?

    The symptom is simple.
    When I try to logon to a site, it appears to succeed, but has not.
    Here is a brief resume:
    I enter a User Name and Password, then 'submit'.The system informs me that I am 'logging on'.When the Home Page opens, it appears to be a successful logon, as restricted content is visible.When I try to access the restricted content, it returns to the Home Page as if no log on had taken place (restricted content has disappeared etc).
    When I switch off Zone Alarm, the problem goes away.
    It does not happen with all sites, just those which I have hosted on a single server.
    The sites are all Postnuke CMS with controlled access through user accounts.
    Let us call them "SiteA.com", "SiteB.com", and "SiteC.com"
    I was not having much success in pinning down the cause until I added the passwords I use to the
    Identity Protection
    control in Zone Alarm.
    Let us say I have set up "Password1", "Password2", and "Password3" as protected entries in myVault.
    After doing that, when I tried to log in to SiteA.com, an Alert popped up saying "Internet Explorer is trying to send Password1 to SiteB.com".
    That made me sit up a bit!
    Obviously something was not quite right here?
    I then tried to Log in to SiteC.com, and again the Alert popped up saying "Internet Explorer is trying to send Password3 to SiteB.com".
    This happened with every site log in (I have several).
    IE seems to be trying to send the Password to the same domain, regardless of the one I was trying to log into.
    If I shut down Zone Alarm, the log in goes smoothly without problem on all sites.
    When I restart Zone Alarm, the log in goes smoothly only with the last site I tried to log into.
    Any other site results in IE trying to send the Password to that same site.
    Maybe I am jumping the gun a bit in pointing the finger a Zone Alarm, but it works when I switch it off; that's the logic...
    I like to
    have security ratcheted up quite high, and expect less convenience (and more configuration issues), but I have not had this before, and I have been using Zone Alarm for years.
    A
    piece of intel which may help is that all my sites/domains are hosted on the same server (therefore resolved IP# despite different domains).
    Can anyone offer some clues as to how I can prevent this from happening.
    Switching off Zone Alarm is not an option I have mucked about with the configuration without any success so far.
    System Specs:- Windows XP Pro SP2- Zone Alarm Security Suite 7.0.470.000Networking:- DSL Router (LAN with NAT, DHCP) to Wireless Broadband
    Happy to provide any other specs if needed.
    Cheers.



    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Credentials directed to wrong domain...?

    Sounds like a privacy issue. On my site, there is a page about using the privacy advisor. Try using it. If that doesn't work, can you give us an example of site a and site b? Unless they are not appropriate for underage folks.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  3. #3
    beeblebrox Guest

    Default Re: Credentials directed to wrong domain...?

    Hi Hoov.
    Thanks for the response.
    I took a look at your site and reviewed my configuration.
    No luck I'm afraid.
    I also decided to clean uninstall and re-install ZASS (you never know).
    Still the same.
    The Sites themselves are quite harmless, and apart from one of them have no 'User' Logons (and that one is optional), just Administrators (i.e. me for maintenance).
    If you need access to the Logon process I can set something up for you.

    Some of the
    Sites in question are:
    http://www.greenislejumps.ie (SiteA)
    http://www.horseandponycentre.org (SiteB)
    http://pcservices.thewizard.org (SiteC)
    http://www.patrickmoylan.com (SiteD)
    If you need Login Accounts for testing, then I can set these up for you, but I would have to give you the credentials privately as I don't want them available generally.
    Appreciate your help.
    Even if I switch 'Off' the Privacy Controls (Cookie Control, Ad Blocking, Mobile Code), and re-start ZASS, I still get the same symptoms.
    Whenever I try to Log onto a Site, I get the Privacy Advisor asking me if I want to allow sending the Password to the last Site I successfully logged in to.
    For example, If I switch off ZASS and then Log In to one of the SItes (say SiteA), it is successfull.
    I then switch on ZASS.
    If I then try and Log In to any of the other Sites (SiteB, SiteC, or SiteD), ZASS asks me if I want to send the Password to SiteA!
    Same happens if I switch off ZASS and then switch it back on.
    The first site
    I try to log in to succeeds, and then the other do not.
    Moreover, I did get a Privacy Advisor message asking me whether I wanted to send the Password to ftp.thewizard.org after I had done a session with CuteFTP on that Domain!
    Finally, this issue only seems to happen with the sites I have hosted on a single server (i.e. I don't get this problem when logging on to Yahoo or other Sites hosted elsewhere, like this Forum.
    The difference is that all
    my sites on the domains listed above resolve to the same IP# as opposed to different IP#'s.
    It's feels as though ZASS takes the last resolved domain and gets stuck with it for some reason, but then I don't know enough about it...

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Credentials directed to wrong domain...?

    The different domains on the same IP should not be a reason. Many IPs carry more than one domain and each IP is capable of offering 254 domains. sites.
    But if it is the possible issue then just add the IP of 74.86.31.56 in the ZA Privacy and maybe this helps.
    It maybe an issue with the IP itself and perhaps the web host.

    Oldsod.
    Best regards.
    oldsod

  5. #5
    beeblebrox Guest

    Default Re: Credentials directed to wrong domain...?

    Thanks Oldsod.
    I added the IP# to the Privacy list, allowed everything for it, but no change
    I am not sure that there isn't an issue with the ISP (DNS Services etc)
    or IP (Hosting etc), and will take the issue to them as well.
    The ISP support isn't very dynamic (diplomatic speak...), but the IP is excellent.
    When I discussed this with the IP, they were reasonably sure that it was a local issue (i.e. my PC).
    I have been using Computers and Networks long enough to know that everything is not always at it seems, but as the problem goes away with ZASS switched off completely presents a simple logic in the diagnosis as to where the problem lies...?
    I'll do whatever I can to help, and thanks for sticking with this.

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Credentials directed to wrong domain...?

    Maybe add the IP as Trusted in the Firewall of the ZA, if you really trust the sites.
    Also the Privacy Advisor has been set to Alert? The blocked content listed in the poups can be helpful.
    Another approach is disable the Privacy in the ZA and see if the sites still work okay.

    The private headers for the sites are allowed?

    Another thought. Check the Source of the web page when the ZA is on and with the Privacy in use. Look at the very bottom of the Source for a mention of a script with 127.0.0.1 I don't know if this is relevent any more, but the Privacvy of the ZA used to add this extra script to the page and perhaps the extra script is to blame. Just a thought.

    Also check the Logs in the Log Viewer and see if there is anything blocked when enagaged at the sites. L:ike ports or protocols or applications/processes blocked off.

    Hopefully Guru Hoov will have something to add or present the correct solution.

    Cheers.
    Oldsod.
    Best regards.
    oldsod

  7. #7
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: Credentials directed to wrong domain...?

    There are two things I can think of doing, the first probably won't be it, but try it anyway. Clear the browser cache. The second is to clear your DNS cache. open a command prompt and type in ipconfig /flushdns . Once both are done, reboot your computer for good measure, and try again.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  8. #8
    dbug Guest

    Default Re: Credentials directed to wrong domain...?

    Can be bug in Zonealarm.Websites/domain name
    is not correctly identified.You may verify this in Privacy/Site list.Empty the window by selecting Cookie Control off.Then again on Medium.Watch now
    the empty Privacy/Site list.Access one of your websites with your browser.Which
    domain name is now appearing on the list?
    If this is another one, Zonealarm treats/blocks your session cookies
    as being 3rd Party.You will need to check/allow 3rd party cookies for every single domain name/web site ...

  9. #9
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Credentials directed to wrong domain...?

    I wonder if the IP added as Trusted in the Zones should have the subnet 255.255.255.0 added to it.
    Oldsod.
    Best regards.
    oldsod

  10. #10
    dbug Guest

    Default Re: Credentials directed to wrong domain...?

    On the same shared server other websites are hosted, some I trust many not ...
    In fact don't know if it is a secure solution to have the IP added as Trusted in the Zones.
    By the way, another way to have normal access again on the website seems to be
    closing the browser and wait for half hour. Don't know exactly what happens,
    but Zonealarm could forget the 'memorized' domain name and ... accept the new correct one.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •