«

Hi,

Thanks in advance for any help or advise you may be able to give me!

Re: http://www.aimeebryant.com

A link for www.interneteraser.com has been surreptitiously placed on my
site (or referred from my site) and I can not determine how.

I work for a San Diego area webmaster. I created and am hosting this
site and it has been up for 5 months without incident. I recently
received an email complaining about not being able to access the images
on the thumbnails of the page listed below (along with all the others in
that level directory). When I went to the site using my Mac and IE, I
also was not able to receive the images. When I clicked on several links
nothing at all happened but when I clicked on another several I was sent
to the hijack page listed below. Two others I have asked to visit the
page who are using PCs have been able to receive and review the linked
photos with no problem. I can no longer access my site by ftp using the
site name, although my provider has no problem with my existing
password. I can however access the ftp site by using the DNS number
instead of the site name.


(referring page)

http://www.aimeebryant.com/gallery_p...s/IMG_0138.htm

1. The above page has links on it which are referring to the page below
containing the following code referring to Interneteraser.com

2. How is it that this code got on my site? I have no such page on my
server and no such code in any page I have created or uploaded? If it¹s
on my site why can¹t (or the provider) I find it on my ftp hierarchy?

3. If this page is not on my site then how is my page referring to it?

4. Is this a virus/Trojan on my machine rewriting html code I am
creating?

5. Is this an issue where my provider has allowed a virus/Trojan/attack
of some sort on their server which is serving up the page?

(hijack page)

http://www.aimeebryant.com/gallery_p...s/..\patio.htm


<p align="center"><font face="Verdana"><b><a
href="http://www.interneteraser.com/enter.html?ID=3727179">Don't
get busted with porn on your computer.</a></b></font></td>
</tr>


Has anyone run into this situation?

Thanks

Jared

On Mon, 13 Oct 2003 16:57:19 -0700, Jared <>
wrote:

>Hi,
>
>Thanks in advance for any help or advise you may be able to give me!
>
>Re: http://www.aimeebryant.com
>
>A link for www.interneteraser.com has been surreptitiously placed on my
>site (or referred from my site) and I can not determine how.
>
>I work for a San Diego area webmaster. I created and am hosting this
>site and it has been up for 5 months without incident. I recently
>received an email complaining about not being able to access the images
>on the thumbnails of the page listed below (along with all the others in
>that level directory). When I went to the site using my Mac and IE, I
>also was not able to receive the images. When I clicked on several links
>nothing at all happened but when I clicked on another several I was sent
>to the hijack page listed below. Two others I have asked to visit the
>page who are using PCs have been able to receive and review the linked
>photos with no problem. I can no longer access my site by ftp using the
>site name, although my provider has no problem with my existing
>password. I can however access the ftp site by using the DNS number
>instead of the site name.
>
>
>(referring page)
>
>http://www.aimeebryant.com/gallery_p...s/IMG_0138.htm
>
>1. The above page has links on it which are referring to the page below
>containing the following code referring to Interneteraser.com
>
>2. How is it that this code got on my site? I have no such page on my
>server and no such code in any page I have created or uploaded? If it¹s
>on my site why can¹t (or the provider) I find it on my ftp hierarchy?
>
>3. If this page is not on my site then how is my page referring to it?
>
>4. Is this a virus/Trojan on my machine rewriting html code I am
>creating?
>
>5. Is this an issue where my provider has allowed a virus/Trojan/attack
>of some sort on their server which is serving up the page?
>
>(hijack page)
>
>http://www.aimeebryant.com/gallery_p...s/..\patio.htm
>
>
> <p align="center"><font face="Verdana"><b><a
>href="http://www.interneteraser.com/enter.html?ID=3727179">Don't
> get busted with porn on your computer.</a></b></font></td>
> </tr>
>
>
>Has anyone run into this situation?
>
>Thanks
>
>Jared

QHosts?
http://us.mcafee.com/virusInfo/defau...virus_k=100719
Do you have a %systemroot%\help\hosts file?


Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.

In article <>,
Chuck <> wrote:

> On Mon, 13 Oct 2003 16:57:19 -0700, Jared <>
> wrote:
>
> >Hi,
> >
> >Thanks in advance for any help or advise you may be able to give me!
> >
> >Re: http://www.aimeebryant.com
> >
> >A link for www.interneteraser.com has been surreptitiously placed on my
> >site (or referred from my site) and I can not determine how.
> >
snip
>
> QHosts?
> http://us.mcafee.com/virusInfo/defau...virus_k=100719
> Do you have a %systemroot%\help\hosts file?
>
>
> Chuck

Chuck,

Thanks for your response. Here¹s what I have found out since I posted my
situation.

Seems at some point the client had entertained the idea of going with
another host who would split revenue for modeling. So the hosting was
switched and we were not notified. While the client had subsequently
changed her mind about the other arrangement the hosting was not
switched back.

This would account for why we couldn¹t find the referring source because
the entire site had been placed on another server. It is possible that
the other host was running MS servers and had a Qhost Trojan but I have
not been able to confirm this, as we lost the pointer when we switched
back to our own. It is also possible that the link was intentional as
the other provider was an adult oriented concept.

At any rate the situation has been resolved and the site is functioning
properly and we have learned a few lessons! Like, if you have a choice,
it¹s good to use Unix servers and never assume your client hasn¹t been
into the site doing something unannounced .

Thanks for the response. I think you were right on the money.

Jared