localhost:8080 hijacked???

[rozner]

Hello,

This is probably the strangest thing I've ever seen and I'm out of ideas on this. I do a Java development but typically not on my Mac. Today I was decided to do a little web application test on my Mac. So I setup Tomcat (Java app server) and just tried running the default application. By default Tomcat uses port 8080. Now when I go to my web browser and type in

http://localhost:8080

I get directed to this neomailbox site. Strangely the address in my address bar still reads localhost but I wasn't aware that I was serving neomail. I'm a bit confused here, so really any ideas would help.

I did try switching Tomcat to port 8081 and it works fine. I tried a bunch of other random ports, all good, but 8080 takes me to neomail. Also I've stopped Tomcat and sure enough 8080 still shows me neomail.

Is there a command I can use to see if any process is bound to port 8080? That would at least be a starting point I guess? Any other ideas?

 

[Aea]

Are you by chance running MAMP?

 

[rozner]

well.. I'm not familiar with acronym, but I looked it up on google, if you're referring to this "Mac OS, Apache, MySQL, PHP" then I guess I am. Apache is already there and I was recently working on a PHP/MySQL project which is still running locally. Although I actually did just kill all the httpd processes that were running actually not sure why there was more than one, there were a few. So the PHP app I was recently working on is definitely not running, but localhost:8080 still takes me to neomail.

EDIT: Actually nevermind, I see MAMP is another whole thing on its' own, so no, I'm not running that.

 

[rozner]

Still have the same problem but got some new information.

It's not another process on my system since I can start Tomcat on port 8080 and it binds properly. So I thought maybe my local DNS cache is screwed. I did a bit of research into that and found a whole lot of blogs and info about lookupd, but the command doesn't exist on my system. After some further reading I discovered that as of Leopard lookupd is replaced with dscacheutil. So I flushed the cache, no help though. But what I found interesting was this:

matt-mbp:bin rozner$ dscacheutil -cachedump -entries host
DirectoryService Cache Overview:
    AAAA Queries  - Disabled (link-local IPv6 addresses)
    Buckets Used  - 6
    Cache Size    - 2

    Entry count by category:
        Host  - 2

Cache entries (ordered as stored in the cache):

      Category         Best Before         Last Access      Hits    Refs       TTL    Neg  DS Node
    ----------  ------------------  ------------------  --------  ------  --------  -----  ---------
          Host   11/08/08 14:32:36   11/08/08 13:32:36         0       4      3600         /BSD/local
                     Key: h_name:localhost ipv4:1 ipv6:1
                     Key: h_name:localhost ipv6:1
                     Key: h_name:localhost ipv4:1

          Host   11/08/08 14:32:38   11/08/08 13:32:38         0       4      3600         
                     Key: h_name:neomailbox.com ipv4:1 ipv6:1
                     Key: h_name:neomailbox.com ipv6:1
                     Key: h_name:neomailbox.com ipv4:1

I flush the cache, the try http://localhost:8080 in my browser and then run the command above. So somehow localhost:8080 is getting redirected to neomailbox.com. I've confirmed it's not the browser, tried bot Firefox and Safari, just to be extra sure I opened a local telnet session on 8080 and guess what happened:

matt-mbp:bin rozner$ telnet localhost 8080
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying fe80::1...
telnet: connect to address fe80::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
hello
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>501 Method Not Implemented</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
hello to /index.html not supported.<P>
Invalid method in request hello<P>
<HR>
<ADDRESS>Apache/1.3.29 Server at neomailbox.net Port 80</ADDRESS>
</BODY></HTML>
Connection closed by foreign host.

I know it says connected to localhost but I'm pretty sure I'm not running apache 1.3. In fact I'm not running apache at all at the moment.

So my knowledge of IP tables is a bit limited, is it possible that my IP tables are messed up? is there a way to reset them?

 

[mathcolo]

It could be getting redirected if a host is specifically applied to your computer.

There is a file in your system called hosts. Its location is /etc/hosts and it controls manual hosts for your computer that aren't in DNS.

I would go into Terminal (Applications>Utilities) and type sudo pico /etc/hosts

Type in an administrator's password and then look at that file. You might see a line that says something to do with neomailbox. Delete it. Don't delete anything else though. This might fix your problem.

 

[rozner]

Thanks for your help, I should have thought of that one, although the hosts file looks fine, I think. It doesn't have neomailbox in there.

I'm currently running a search via grep on my entire system for 'neomailbox', hopefully that'll turn up something useful.

 

[rozner]

so I ran this command from the root directory and got nothing useful

sudo grep -r 'neomailbox' . &

 

[mathcolo]

so I ran this command from the root directory and got nothing useful

sudo grep -r 'neomailbox' . &

Very strange. Are you by chance using a DNS server that is for some reason configured to loop localhost back out to neomailbox?