Two different blogs show up on my stats as linking to my personal site. When I go to the blog, the url of my control panel shows up under their lists of links. Their link list goes to sites all over the world, but there is no explanation of what the links are for or why they're there.

I can trace the site owners with Whois, but haven't approached either one. Is that a good Idea? If so, how would you do it? Email, phone?

I reported it to my web host and all they said was "change your password."

But I'm still wondering:
Why did these people link to me? What are they trying to do?
If it happened twice, it will happen again. How can I stop it?

Suggestions appreciated!

Judith

See this thread started by JMac:

Now for something completely different

and the site she cited:
Porn Sites Hiding Behind Blogs

__________________
Psychology Mental Health & Self-Help Forum
Online Counseling & Therapy | Mental Health Directory

Thanks for the most helpful information, Minstrel. I'm now up to 4 of these fake blogs referring to my site. I went to their blogs and viewed the source for each site. Every one contained a link to an adult webcam.

Check your logs. My list includes jennifersblog.com, wr18.com, worldnewslog.com, and saulem.com. Others are listed on the link cited by JMac and provided again by Minstrel in this thread. If this is happening to you, you'll find a lot of useful info there.

If they are linking to your site, apparently all of the ones identified so far come from the same IP address: 141.85.3.130 (and the user agent is : MSIE)

So IP banning might work, at least until these crooks figure out something else.

It's worth a try.

Judith

Hi there-

When I originally noticed this link to my control panel (which will be gone in the next 10 visits or so since it's some weird rotating links system) I started a pretty low-key email to the webmaster. And this is how I got his (maybe I'm showing a gender bias here but cloaking a porn site behind a blog - well....) email address: I hacked the URL to get a 404. On the 404 page it gives the following email address:
ddalex@cyclop.net
The email I ended up sending was not as friendly but it has not been returned - wouldn't it be returned if it were a non-functioning address?
So just now I went to cyclop.net, thinking I'd be able to lodge a complaint and lo and behold, it appears to be a personal site, somehow forwarded or subdomained or however these people do it, to another site called horia.com - now as unappealing as the name is, it really does seem to be a family photo album with pictures of a woman, her daughter, and statues... and no porn - just cute kid pictures... ah-hah there's one with Daddy - maybe HE is the culprit!
I hope I didn't scare this woman, if indeed the email address was a phony one.
BUT... as many of you now know, these sites have been tracked, not to the US as stated in their Whois info, but to Bukarest (spelling?) - and this woman's site seems to be located there, too.
Maybe my gender bias was unfounded!

More sleuthing needed.

And maybe MInstrel could help me overcome this "blame it all on a man" thinking, with some therapy! :-)

I'll let you know how it goes!

JMac

__________________
Moving company in Vancouver

If you're asking if I know how to get women and children to stop blaming men (especially me) when things go wrong, no... this was underscored for me during that recent East Coast blackout - the first thing that happened after the lights went out was a message on my cell phone from my oldest son (whose video game had I think been interrupted) saying, basically, "dad - you idiot - did you forget to pay the Hydro bill?"

__________________
Psychology Mental Health & Self-Help Forum
Online Counseling & Therapy | Mental Health Directory

Minstrel - I KNEW it was your fault! Spread the word everyone!!! :-)

So, I did a Whois on this horia.com - this is their administrative contact info:
*dns*major*jackoff*janitor*-**rgroza@GMX.NET*
********cyclop.net*
********22*Transilvaniei*
********,**Bucharest*
********RO*

Ah yes, that name rings a bell - I was just thinking that about them...
Unfortunately, another company comes up as their technical contact and <shudder> here it is:
*Technical*Contact*-*
*********Tera-byte*Network*Operation*Centre*-**hostmaster@TERA-BYTE.COM*
********Tera-byte*Dot*Com*Inc.*
********Suite*900,*10004*-*104*Ave.*NW*
********Edmonton,*AB*T5J0K1*
********CA*
********Phone*-**+1-780-413-1868*
********Fax*-**-*+1-780-413-1869*

I don't think that's a Canadian area code...

More info - better battle plan.

JMac

__________________
Moving company in Vancouver

There appear to be four domains hosted through this IP number. They are:

www.Dianaandreea.com
www.Horia.com
www.Qozi.com
www.Thecyclop.com

There's got to be some way to track these people down...

And a new site to add to the list of not-quite-right sites:
websearchus.com - I've found that each of these sites has transparent pixels which are links to the porn section of the site. And beware (REALLY) of clicking on them - it will launch a stream of popups that can't be controlled at all. I'm lucky to be working on a Mac and I just have to quickly do a force quit on my browser. On the PC, it eventually crashes the whole system - not before you've more than an eyeful though!

Anyone working from home with their kids around should not even visit one of these sites in case it inadvertently sets of the popups - what people do in the privacy of their own homes is fine with me but hijacking people's computers is wrong, wrong, wrong. If it takes me 'til the end of time (or even the end of today!) I will find out where these people are. The odd thing is that the family to which I referred earlier seems to really play some sort of role in this. There are multiple references to them and albums devoted to their daughter. Could it really be that they don't know enough to not host their legitimate family site on the same DNS as their other activities? Or is this an innocent family that has no knowledge of what's happening behind the scenes?

Curiouser, and curiouser....

We're beyond the looking glass here...
:-)

JMac

Yes, JMac, that is an Edm. number, or at least area code. Seeing I can't get them to move here, I still call my family there often - unless the calls are being redirected to Transalvania as well! I've not visited lately.

__________________
What I am is what I am, are you what you are, or what.
Eddie Brickel

Hi MikMik -

You're just the guy I thought would already be tracking these people down! All the research you've done has turned up impressive results so far! (Did you get my email "thank you" for the info on the auto launch presentation? Once again, thank you!!)

Maybe this company has more information than I'd thought - I HAd thought it was just another false front - maybe, even if they are, they need a little email from the not so friendly desk of....

JMac

More info, JMac - I've read that certain host's , that are set up in Bucharest (I think, will check), are like the famous Swiss banks - they are a haven for hackers etc and will NOT release any information to do with compromising any 'alleged' clients right to secrecy!

I will check out my poorly rememberd source, pretty sure it was "The Globe and Mail" in stories related to internet viruses.

__________________
What I am is what I am, are you what you are, or what.
Eddie Brickel

Thanks for the thanks! I have some incredible freeware that I'm just learning to use that is used for this sort of thing. I will get to work!
I'll also get the links to downloads.
One day soon, I'll also work on my site!

__________________
What I am is what I am, are you what you are, or what.
Eddie Brickel

MikMik -

I am hoping that this company in Canada has more ... regulations? Morality? Ethics? More to lose? .... one of those.

If they have anything to do with this besides being the unwitting scapegoats, I'm sure they will soon regret it!

What's cooler than being cool? Ice cold...
Sorry, singing along with some tunes! Seemed appropriate when I typed it!

Hahahaha....

JMac

just ran Judith's, = Bucharest!

17.) 156 172 156 - 217.73.164.7 r-bb7-g0-0.bucharest.roedu.net

18.) 156 156 157 - 141.85.3.130 -

Trace complete

__________________
What I am is what I am, are you what you are, or what.
Eddie Brickel

I've emailed the Tera-Byte company to question their involvement, unwitting or not.
And, as suggested above, I've added the IP associated with the traffic to my IP deny list.
Tell us more, MikMik! :-))

JMac

I wrote an email to Steve at Tera-Byte in Edmonton and, I'm happy to say that I got a pretty rapid response. Albeit a short one that doesn't really get us any closer to the solution.
He said that, and here's the quote:
"ccclop.net {sic} used to have a server here so that is why we would be the tech
contact on the domain name - Steve"

I think he meant cyclop.net since that's the site I mentioned in my original email.
This doesn't help much - but it's a step in some direction - right?

JMac

Here is the quoted most recent and most unhelpful email I've received from the company in Edmonton.

"being a tech contact on a domain name means a person or company registered
that domain name through our service, domian name registrations have noting
whatsoever to do with the content of their site or their business practices,
to which i really dont care what they do, as im not about to visit their
porn sites in the first place i dont have an issue with popups crashing my
browser. - Steve " Ahem... Steve, my concern was not for your browser crashing but rather the other cloaking issue and linking to people's control panels.

Hmmm. Me thinks thou dost not protest enough, Steve.
I guess there's not much to do except not send any business in the general direction of a company that does absolutely no research into who they host. If it's all about the cash, there are plenty of hosting companies willing to take it and look the other way. Tera-Byte.com seems to have joined those ranks. Sad, so sad... just gives the whole internet a bad name.
On to finding who is hosting them now - not who registered their domain name.

JMac

__________________
Moving company in Vancouver

I noticed this morning that I was linked to Jennifersblog.com... I went to her site, but really didn't pay too much attention to the link that she had there...
After reading this, I went back to investigae and sure enough, she had a link to my control panel...so I clicked on the link... no password was asked for, it went directly to my control panel... scary!!!
I went back to jennifers again, and now my link is no longer there.... any explanations?? (although I am thrilled that it's not there anymore, I'm still concerned...
I found out that the site is supposedly owned by Brian Mcwatters in Bloomington, MN ... is there any point in emailing him?
Help!!!

__________________
Mary Ann
Affordable Websites Designed - www.m-goret.com

I don't think you have anything to be scared about. It is highly possible that you have your Control Panel settings set to automatically log you in when you (and just you) visits it. Other people who would have clicked on the link to your Control Panel should have received the normal login screen.

__________________
Web Design & Development News
The BoG Reborn

I usually log into my control panel with my sitename and /cpanel... which opens a login box... I have never gone to my control panel with the link that I found on the blog site... it had my domain name, followed by a colon and the server name (number)...
this is what scares or, at the very least, Pi&&es me off....
I have contacted my hosting company because this server was hacked into last weekend...

__________________
Mary Ann
Affordable Websites Designed - www.m-goret.com

Hi again,

Since so many people think they're using this technique to affect their rankings, I've reported the sites I've seen in my logs to Google.
Here's a link to the page on Google where you can report such sites. They stress that they will not become involved in hand-to-hand conflicts between webmasters but will use the information to improve their algorithm. I believe that if enough of us complain and we all have different sites, IPs and content, we won't be considered a webmaster who wants to hurt the competition.
http://www.google.com/contact/spamreport.html

It's a start, right?

And don't forget to click through to the other thread here at WPW called "And now for something completely different" - bummer that there are two threads going and I can't keep track of one, never mind two... I'm too busy watching my access logs since over at http://www.idly.org/2003/11/14/porn_...hind_blogs.php they are listing a new IP number and other blog sites that have been linking to control panels and so on... I want to see how long it takes to spread out!

It's a Mad, Mad World...

JMac

__________________
Moving company in Vancouver

info202-
As mentioned above, don't worry TOO much - I just tried to get into your control panel and was met with the sign in box with user name and password. I used the colon number combination associated with most control panels.
(Not that I'd have done anything malicious had I been able to access your site, of course!)

:-))

JMac