Well as Jeremy pointed out, your site is issuing redirects, he gave you the command to show it:
curl -e 'http://google.com' csulb.edu So if you're sure your server(s) haven't been hacked, your application appears to have been hacked. It only issues the redirect if the visitor comes in from a google search. > -----Original Message----- > From: Matthew Black [mailto:matthew.bl...@csulb.edu] > Sent: Wednesday, June 27, 2012 1:03 AM > To: Michael J Wise > Cc: nanog@nanog.org > Subject: RE: DNS poisoning at Google? > > Q:have you consulted the logs? > > Seriously? Our servers have multiple log files due to > multiple virtual hosts. Our primary domain log file on just > one server has over 600,000 records x 3 servers. > > Probably over 100,000 304 redirects in our logs. > > couchtarts.com does not appear in our log files. > > > matthew black > information technology services > california state university, long beach > > -----Original Message----- > From: Michael J Wise [mailto:mjw...@kapu.net] > Sent: Tuesday, June 26, 2012 9:56 PM > To: Matthew Black > Cc: nanog@nanog.org > Subject: Re: DNS poisoning at Google? > > > On Jun 26, 2012, at 9:35 PM, Matthew Black wrote: > > > Yes, we've used the Google Webmaster Tools a lot today. > Submitted multiple requests and they keep insisting that our > site issues a redirect. Unable to duplicate the problem here. > > ... have you consulted the logs? > If the redirect is there, it ... 1) might not be from the > home page, and 2) could be in ... user content? > > awk '{if ($9 ~ /304/) { print $0 }}' access_log. > ... or some such. > Granted, might be a storm of " " -> index.html redirects, but > they should be grep -v 'able in short order. > You might also look for the rDNS of the Google spider to see > exactly where it is looking, and what it sees. > > Aloha, > Michael. > -- > "Please have your Internet License > and Usenet Registration handy..." > > > > > >