[Hidden-tech] Web URL hijack
Jan Werner
jwerner at jwdp.com
Tue Nov 6 23:06:34 EST 2007
Likewise, when I clicked on the link in his email yesterday, I was taken
to the bogus site. Today, it worked properly.
I checked the history log in Seamonkey to see where the link took me
yesterday and came up with the following 404 message:
------------------
Not Found
The requested URL /buy/national/wireless/cellular/national_wireless.htm
was not found on this server.
------------------
I'll let the more savvy web folk here try to figure out whether this was
an innocent DNS error or something more nefarious.
In any event the site involved is definitely a scam of the sort that is
increasingly causing serious havoc with web searches for many products.
I'm not ready to short Google stock yet, but I wonder how long it is
going to take for this kind of thing to begin to raise serious alarms.
Jan Werner
__________
Michael Giles wrote:
> ** The author of this post was a Good Dobee.
> ** You too can help the group
> ** Fill out the survey/skills inventory in the member's area.
> ** If you did, we all thank you.
>
>
>
>
> ------------------------------------------------------------------------
>
> In Jim's defense, I have to say that I saw the domain squatter site as
> well when I visited the nationalwireless.com domain name this morning.
> But when I returned later in the day, it was behaving correctly (i.e.
> showing his site). Not sure what happened there, but definitely not
> limited to his machine.
>
> -Mike
>
> David Ruderman wrote:
>> ** The author of this post was a Good Dobee.
>> ** You too can help the group
>> ** Fill out the survey/skills inventory in the member's area.
>> ** If you did, we all thank you.
>>
>>
>> Jim,
>>
>> Actually those two 'bogus' domain names are registered to you. Perhaps you
>> set this up long ago. Like Chris below, the work for me.
>>
>> I suspect you may have some adware running on your machine and your browser
>> may be compromised. You should run something like 'ad-aware' on your machine
>> and make sure it's behaving well.
>>
>> Those two URLs behave like redirects which can be done in your DNS entry.
>>
>> Running 'whois' on those domains you mentioned return info similar to this:
>>
>> Domain name: national-wireless.com
>>
>> Registrant Contact:
>> NA
>> Ussailis Engineering (lleifert at conquestconsulting.com)
>> NA
>> Fax:
>> 221 Pine Street
>> Suite 1G3
>> Florence, MA 01062
>> US
>>
>> Meanwhile rf-wireless.com is registered here:
>>
>> Registrant Contact:
>> CONQUEST CONSLTING LLC
>> Lance Leifert (LLEIFERT at CONQUESTCONSULTING.COM)
>> +1.5555555555
>> Fax: +1.5555555555
>> P.o. Box 416
>> Avon, CT 06001
>> US
>>
>> I hope that helps.
>>
>> -dave
>>
>> David Ruderman
>>
>> david.ruderman at gmail.com
>> http://play.blogspot.com (Blog)
>>
>>
>> -----Original Message-----
>> From: hidden-discuss-bounces at lists.hidden-tech.net
>> [mailto:hidden-discuss-bounces at lists.hidden-tech.net] On Behalf Of Chris
>> Duncan, GISmatters
>> Sent: Tuesday, November 06, 2007 2:01 PM
>> To: ussailis at shaysnet.com
>> Cc: hidden-discuss at lists.hidden-tech.net
>> Subject: Re: [Hidden-tech] Web URL hijack
>>
>> ** The author of this post was a Good Dobee.
>> ** You too can help the group
>> ** Fill out the survey/skills inventory in the member's area.
>> ** If you did, we all thank you.
>>
>>
>> They all 3 are identical for me when I click on the URLs you provided in
>> your email... the contents are identical - only the addresses in the
>> browser address bar reflect the different URLs. Corresponding links on the 3
>> sites take me to corresponding matching pages... in short, I don't see any
>> hijacking going on - just 3 identical web sites at 3 similar URLs... So
>> perhaps your browser or your web service has been altered/"hijacked" in some
>> way?
>>
>> Chris
>>
>>
>> ussailis at shaysnet.com wrote:
>>
>>> ** The author of this post was a Good Dobee.
>>> ** You too can help the group
>>> ** Fill out the survey/skills inventory in the member's area.
>>> ** If you did, we all thank you.
>>>
>>>
>>> Something new to me, and perhaps something for us to watch out for...
>>>
>>> My URL has been hijacked. There is a new site up on it
>>> (www.nationalwireless and www.national-wireless.com). The new site is
>>> strictly advertising. It pretends to be a search engine, but it only
>>> searchs among a limited number of advertisers.
>>>
>>> As I understand it the "pointing" to the URL has been changed. It appears
>>> that www.NuSeek.com is also involved. I have found several other emails
>>> complaining about this.
>>>
>>> For us that are very busy, we should take (find?) the time to check our
>>> websites. I have no idea how long this has been going on, nor how many
>>> clients I may have lost.
>>>
>>> If any are interested, www.rf-wireless.com is a representation of my real
>>> site. The other two 'pointed' to this one.
>>>
>>> Jim Ussailis
>>> ussailis at shaysnet.com
>>> ussailis at verizon.net
>>>
>>> --------------------------------------------------------------------
>>> myhosting.com - Premium MicrosoftR WindowsR and Linux web and application
>>> hosting - http://link.myhosting.com/myhosting
>>>
>>>
>>> _______________________________________________
>>> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
>>> Hidden-discuss at lists.hidden-tech.net
>>>
>>> You are receiving this because you are on the Hidden-Tech Discussion list.
>>> If you would like to change your list preferences, Go to the Members
>>> page on the Hidden Tech Web site.
>>> http://www.hidden-tech.net/members
>>>
>>>
>>
>>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
More information about the Hidden-discuss
mailing list