Surreptitious referrals in site html

Discussion in 'Computer Security' started by Jared, Oct 14, 2003.

  1. Jared

    Jared Guest

    Hi,

    Thanks in advance for any help or advise you may be able to give me!

    Re: http://www.aimeebryant.com

    A link for www.interneteraser.com has been surreptitiously placed on my
    site (or referred from my site) and I can not determine how.

    I work for a San Diego area webmaster. I created and am hosting this
    site and it has been up for 5 months without incident. I recently
    received an email complaining about not being able to access the images
    on the thumbnails of the page listed below (along with all the others in
    that level directory). When I went to the site using my Mac and IE, I
    also was not able to receive the images. When I clicked on several links
    nothing at all happened but when I clicked on another several I was sent
    to the hijack page listed below. Two others I have asked to visit the
    page who are using PCs have been able to receive and review the linked
    photos with no problem. I can no longer access my site by ftp using the
    site name, although my provider has no problem with my existing
    password. I can however access the ftp site by using the DNS number
    instead of the site name.


    (referring page)

    http://www.aimeebryant.com/gallery_patio/pages/IMG_0138.htm

    1. The above page has links on it which are referring to the page below
    containing the following code referring to Interneteraser.com

    2. How is it that this code got on my site? I have no such page on my
    server and no such code in any page I have created or uploaded? If it¹s
    on my site why can¹t (or the provider) I find it on my ftp hierarchy?

    3. If this page is not on my site then how is my page referring to it?

    4. Is this a virus/Trojan on my machine rewriting html code I am
    creating?

    5. Is this an issue where my provider has allowed a virus/Trojan/attack
    of some sort on their server which is serving up the page?

    (hijack page)

    http://www.aimeebryant.com/gallery_patio/pages/..\patio.htm


    <p align="center"><font face="Verdana"><b><a
    href="http://www.interneteraser.com/enter.html?ID=3727179">Don't
    get busted with porn on your computer.</a></b></font></td>
    </tr>


    Has anyone run into this situation?

    Thanks

    Jared
    Jared, Oct 14, 2003
    #1
    1. Advertising

  2. Jared

    Chuck Guest

    On Mon, 13 Oct 2003 16:57:19 -0700, Jared <>
    wrote:

    >Hi,
    >
    >Thanks in advance for any help or advise you may be able to give me!
    >
    >Re: http://www.aimeebryant.com
    >
    >A link for www.interneteraser.com has been surreptitiously placed on my
    >site (or referred from my site) and I can not determine how.
    >
    >I work for a San Diego area webmaster. I created and am hosting this
    >site and it has been up for 5 months without incident. I recently
    >received an email complaining about not being able to access the images
    >on the thumbnails of the page listed below (along with all the others in
    >that level directory). When I went to the site using my Mac and IE, I
    >also was not able to receive the images. When I clicked on several links
    >nothing at all happened but when I clicked on another several I was sent
    >to the hijack page listed below. Two others I have asked to visit the
    >page who are using PCs have been able to receive and review the linked
    >photos with no problem. I can no longer access my site by ftp using the
    >site name, although my provider has no problem with my existing
    >password. I can however access the ftp site by using the DNS number
    >instead of the site name.
    >
    >
    >(referring page)
    >
    >http://www.aimeebryant.com/gallery_patio/pages/IMG_0138.htm
    >
    >1. The above page has links on it which are referring to the page below
    >containing the following code referring to Interneteraser.com
    >
    >2. How is it that this code got on my site? I have no such page on my
    >server and no such code in any page I have created or uploaded? If it¹s
    >on my site why can¹t (or the provider) I find it on my ftp hierarchy?
    >
    >3. If this page is not on my site then how is my page referring to it?
    >
    >4. Is this a virus/Trojan on my machine rewriting html code I am
    >creating?
    >
    >5. Is this an issue where my provider has allowed a virus/Trojan/attack
    >of some sort on their server which is serving up the page?
    >
    >(hijack page)
    >
    >http://www.aimeebryant.com/gallery_patio/pages/..\patio.htm
    >
    >
    > <p align="center"><font face="Verdana"><b><a
    >href="http://www.interneteraser.com/enter.html?ID=3727179">Don't
    > get busted with porn on your computer.</a></b></font></td>
    > </tr>
    >
    >
    >Has anyone run into this situation?
    >
    >Thanks
    >
    >Jared


    QHosts?
    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100719
    Do you have a %systemroot%\help\hosts file?


    Chuck
    I hate spam - PLEASE get rid of the spam before emailing me!
    Paranoia comes from experience - and is not necessarily a bad thing.
    Chuck, Oct 15, 2003
    #2
    1. Advertising

  3. Jared

    Jared Guest

    In article <>,
    Chuck <> wrote:

    > On Mon, 13 Oct 2003 16:57:19 -0700, Jared <>
    > wrote:
    >
    > >Hi,
    > >
    > >Thanks in advance for any help or advise you may be able to give me!
    > >
    > >Re: http://www.aimeebryant.com
    > >
    > >A link for www.interneteraser.com has been surreptitiously placed on my
    > >site (or referred from my site) and I can not determine how.
    > >

    snip
    >
    > QHosts?
    > http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100719
    > Do you have a %systemroot%\help\hosts file?
    >
    >
    > Chuck


    Chuck,

    Thanks for your response. Here¹s what I have found out since I posted my
    situation.

    Seems at some point the client had entertained the idea of going with
    another host who would split revenue for modeling. So the hosting was
    switched and we were not notified. While the client had subsequently
    changed her mind about the other arrangement the hosting was not
    switched back.

    This would account for why we couldn¹t find the referring source because
    the entire site had been placed on another server. It is possible that
    the other host was running MS servers and had a Qhost Trojan but I have
    not been able to confirm this, as we lost the pointer when we switched
    back to our own. It is also possible that the link was intentional as
    the other provider was an adult oriented concept.

    At any rate the situation has been resolved and the site is functioning
    properly and we have learned a few lessons! Like, if you have a choice,
    it¹s good to use Unix servers and never assume your client hasn¹t been
    into the site doing something unannounced .

    Thanks for the response. I think you were right on the money.

    Jared
    Jared, Oct 15, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    422
  2. Replies:
    5
    Views:
    291
    Ray Fischer
    Feb 2, 2005
  3. Replies:
    2
    Views:
    306
    Dave Martindale
    Sep 16, 2005
  4. george

    Camera for surreptitious photography?

    george, Feb 19, 2007, in forum: Digital Photography
    Replies:
    57
    Views:
    1,807
    J. Clarke
    Feb 20, 2007
  5. Monima
    Replies:
    0
    Views:
    1,747
    Monima
    Dec 14, 2010
Loading...

Share This Page