Surreptitious referrals in site html

Discussion in 'Computer Security' started by Jared, Oct 14, 2003.

  1. Jared

    Jared Guest


    Thanks in advance for any help or advise you may be able to give me!


    A link for has been surreptitiously placed on my
    site (or referred from my site) and I can not determine how.

    I work for a San Diego area webmaster. I created and am hosting this
    site and it has been up for 5 months without incident. I recently
    received an email complaining about not being able to access the images
    on the thumbnails of the page listed below (along with all the others in
    that level directory). When I went to the site using my Mac and IE, I
    also was not able to receive the images. When I clicked on several links
    nothing at all happened but when I clicked on another several I was sent
    to the hijack page listed below. Two others I have asked to visit the
    page who are using PCs have been able to receive and review the linked
    photos with no problem. I can no longer access my site by ftp using the
    site name, although my provider has no problem with my existing
    password. I can however access the ftp site by using the DNS number
    instead of the site name.

    (referring page)

    1. The above page has links on it which are referring to the page below
    containing the following code referring to

    2. How is it that this code got on my site? I have no such page on my
    server and no such code in any page I have created or uploaded? If it¹s
    on my site why can¹t (or the provider) I find it on my ftp hierarchy?

    3. If this page is not on my site then how is my page referring to it?

    4. Is this a virus/Trojan on my machine rewriting html code I am

    5. Is this an issue where my provider has allowed a virus/Trojan/attack
    of some sort on their server which is serving up the page?

    (hijack page)\patio.htm

    <p align="center"><font face="Verdana"><b><a
    get busted with porn on your computer.</a></b></font></td>

    Has anyone run into this situation?


    Jared, Oct 14, 2003
    1. Advertisements

  2. Jared

    Chuck Guest

    Do you have a %systemroot%\help\hosts file?

    I hate spam - PLEASE get rid of the spam before emailing me!
    Paranoia comes from experience - and is not necessarily a bad thing.
    Chuck, Oct 15, 2003
    1. Advertisements

  3. Jared

    Jared Guest


    Thanks for your response. Here¹s what I have found out since I posted my

    Seems at some point the client had entertained the idea of going with
    another host who would split revenue for modeling. So the hosting was
    switched and we were not notified. While the client had subsequently
    changed her mind about the other arrangement the hosting was not
    switched back.

    This would account for why we couldn¹t find the referring source because
    the entire site had been placed on another server. It is possible that
    the other host was running MS servers and had a Qhost Trojan but I have
    not been able to confirm this, as we lost the pointer when we switched
    back to our own. It is also possible that the link was intentional as
    the other provider was an adult oriented concept.

    At any rate the situation has been resolved and the site is functioning
    properly and we have learned a few lessons! Like, if you have a choice,
    it¹s good to use Unix servers and never assume your client hasn¹t been
    into the site doing something unannounced .

    Thanks for the response. I think you were right on the money.

    Jared, Oct 15, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.