I constantly seem to have problems connecting to the Warrior Forum. In my opinion, it is one of the top websites and forums for Internet Marketers to hang out, learn, contribute, and even make money online. And I want to be there.
The problem is that I constantly receive “server too busy” errors — or even worse, I get redirected to Google.
I’ve heard all of the people who say, “You have spyware on your computer.” That doesn’t apply here. I’m a certified computer security professional and know how to detect and deal with all types of malware and viruses. In short, my computer is clean, so that is not the problem.
So I decided to handle the issue in a different way. I used my computer security knowledge and a tool called Wireshark to analyze the issue. Among other things, Wireshark will capture all traffic crossing a network interface on your computer. I can then use my skillset to analyze the traffic and (hopefully) come up with some answers.
DISCLAIMER: This is NOT a Warrior Forum “bash”. Like any place on the Internet, it has its good points and its bad points. I do get frustrated with the place at times — even when I can connect… 
— but I’m one of the people who thinks that the good far outweighs the bad. I want to participate and contribute, but I can’t — and neither can I find answers to the issue on the Internet. I created this blog post in hopes of helping others who experience the same issue.
In fact, as I write this, I haven’t even captured that data yet to analyze. I really have no idea what I’ll find when I analyze it. I’m simply trying to troubleshoot a problem using the professional tools I have at my disposal.
‘Nuff said. Let’s proceed…
Here’s what I’m going to do:
- Go to the home page.
- Log in.
- Click on notifications, then go to verify a friend request.
- Look up one of the posts that the person made to refresh my memory (I don’t recognize the name).
The first time I did the last step, I got a blank page; the second time, I got redirected to Google. So I’m going to fire up Wireshark, put it in Capture mode, then enter the URL a few times to see what happens. I’ll then analyze the output and report my findings, if any.
I also looked up the true IP address for the Warrior Forum (so that I could pick out that IP in the captured data; Wireshark captures EVERYTHING and you need to be able to pick out what you really want from the rest of the junk crossing your network), then ran a few more tests. While some things jumped out at me, I’m not going to mention them because it would be pure speculation on my part since I’m not familiar with how things are really set up (but it did raise additional questions — questions I’ll be happy to discuss with Mr. Says, the owner of the site — if he so desires).
NOTE: If you want to play with Wireshark at home, you’ll need to run it as an administrator or you won’t be able to control you network interfaces — and won’t be able to capture packets.
See you in a few minutes!
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
OK, all went well until I clicked to view the “Friend Request” link. At that point, I was sent to the “Server is too busy” page. I refreshed and got the proper page the second time.
When I clicked on the link to view the requestor’s profile, I got a blank page the first time. Refreshing the page again got me the result I wanted (or “didn’t” want) — a redirect to Google. I then turned off the capture and started analyzing, looking for the proverbial “smoking gun”…
But before we get to that, I’d like to add that, for whatever reason, my web browser thought that the TCP (transmission control protocol) session was complete and that all expected data had been received from the server when I got the blank page. This means that the server intentionally served me the blank page. Had the TCP connection timed out (i.e ran out of time to receive all of the data that was supposed to be on the page), I would have seen a different error message. In other words, what I saw in my web browser was sent to it, by design, from the Warrior Forum server. It never served me the proper page in the first place.
Again, “why”?
Getting back to the “smoking gun” — I found this in the captured data (and I have the packet data / PCAP file to prove this). When I attempted to get the profile a second time, I was redirected to Google via a 302 (temporarily moved) redirect. Here is the captured network traffic:
———————————————————-
GET /members/membername.html HTTP/1.1 < == Actual member name obfuscated for privacy
Accept: */*
Referer: http://www.warriorforum.com/profile.php?do=buddylist
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
Accept-Encoding: gzip, deflate
Host: www.warriorforum.com
Connection: Keep-Alive
Cookie: redacted
HTTP/1.1 302 Found < === A 302 (Temporary) redirect.
Date: Wed, 12 Aug 2009 13:34:36 GMT < === This is the destination for the redirect
Server: Apache/1.3.41 (Unix) PHP/5.2.6 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a
X-Powered-By: PHP/5.2.6
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
Location: http://www.google.com
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
———————————————————-
So this behavior is coded into the Warrior Forum’s web site.
The question, of course, is, “Why”?
But wait: It gets even more bizzare. I thought that I’d simply delete the cookie from my Internet Explorer hash, thus killing the session. I haven’t noticed these problems when I’m not logged in and wanted to test my theory.
However, there is no cookie to delete! In fact, nothing from my Warrior Forum session has been cached (except for the “favicon.ico” file), yet many of the responses from the server for page requests indicate that the files are cached (because I got “Not Changed” messages when I went to pages that re-used graphics and scripts).
Very interesting behavior. I have no idea why this happened (I used IE8 for this test so that I could “snoop” into the cache — but it didn’t work, and I’m not about to spend time figuring out why. If anybody knows the reason, could you please leave a comment? Thanks…).
So the bottom line is that the redirects are coming from the Warrior Forum server and appear to be by design.
Quite disappointing.
Everything I have said in here comes from my analysis of actual network traffic that I captured on my own computer and were the results of my own analysis. I am certified in intrusion detection (the GIAC GCIA, a certification that is “heavy” on network traffic inspection and analysis, analyst number 4444).
I do confess to having a bit of bias coming into this analysis because I was hoping to find a “smoking gun” (and appear to have found one). Then again, I normally do not look into things that don’t have a problem, so everything I investigate has a reason behind it. Nevertheless, I stand by my conclusion that there is a mechanism on the Warrior Forum site that temporarily redirects people to Google under conditions unknown to me. I do not know if this is intentional or if the server has been modified in an unauthorized manner to do this (in other words, it may have been hacked or a disgruntled insider may have sabotaged something. Again, pure speculation that only a proper forensic analysis of the server could even begin to resolve).
The packets don’t lie, and I hope that anybody who works with the Warrior Forum database and code (and would therefore know exactly what’s going on) might be able (permission-wise) and willing to leave definitive comments about the issue (and I’m more than willing to work with you, Mr. Says, to try to fix the problem. You can contact me via my profile page at the Warrior Forum — if it loads for you… ).
In closing, I want to mention that I encourage discussion and comments on this — but please stick to facts. I say this because I won’t approve any “Warrior Forum Bashing” comments (frustration is probably OK as long as it doesn’t get personal. Heck, I’m frustrated, which is why I wrote this post!). Go whine somewhere else.
I like the Warrior Forum and love the people that make it happen, from the owner to the moderators to the people who make the server too busy for me to use the site (hopefully this includes YOU if you have any type of online business presence at all). It’s a great place with great people, and if you want to bash the place, I recommend that you just forget about them and find some other constructive place to hang out. Hatred only destroys your ability to create and improve your lot in life because you spend your time thinking about that instead of thinking about creating and building. My motivation is simply to be able to access the Warrior Forum so that I can contribute and grow and help — and “create and improve my lot in life”.
Thanks,
Tom
