I'm horrified - is this spyware????

[webmidwife]

I hope it's okay I'm posting this here - I wasn't sure where to post it - but I'm totally preplexed!!!

I just spoke with my Brother-in-law on the phone, he called me because he was on my Web Midwife site. I had a bulleted list in the middle with all the options I offer - and one of them was "Complete Web Hosting Packages" - well he said everytime he clicked on it he was taken to a completely different site, offering web hosting packages, but with a different look, different prices, different shopping cart.

I was horrified because I didn't put a hyperlink on that bulleted list - AND I couldn't see the hyperlink at all on my computer. He said that the browser still said http://www.webmidwife.com - but that the bottom part had a different name - and the site was totally different. So this leads me to believe that someone has either somehow gotten on my site and duplicated it to theirs - OR he had some type of sypware on his hard drive that took certain keywords and redirected to another site while masking the current site in the browser address window.

Is this possible????? And now I'm wondering how many of us have this happening and we don't have a clue?? This is horrifying - because I really try to cultivate new clients/customers, and to think that someone is stealing them right out from under me - it's a horrible thing to do!!!

I changed my home page and now the hyperlink is gone, according to my BIL - what's the freaking internet coming to????

Thank you for letting me vent - but I thought you all would like to know this too, as this could affect all of us in one way or another.

[EJRS.COM]

Wow that's really bad that it happened to ya. I really hope that it quits happening. Someone must be hacking into your server and messing with you.

It's not spyware. Spyware can be rid of with http://ejrs.com/spybot

I hope you win the war against your hacker. Might wanna change to a more secure host.

[ldyguique]

Webmidwife --

It's hard to know just exactly what happened; however, I do know that if the URL was yours, there is only one place that the browser can attempt to go -- to the URL listed. Without going deep-tech, it's "how the net works." The following is the public record about the domain, "WEBMIDWIFE.COM." I "assume" that this is YOUR information. Since the registration is mid-cycle for the year, there is no recent renewal or potential lapse in renewal; therefore, it's unlikely that someone else bought your domain while it was lapsed. There IS a webmidwife.org registered; however, it's dormant and has an "under construction" type of page -- perhaps, your BIL failed to type the *.com and the browser autofound the *.org?

RTSDNS.NET = the server where the website is located, OR where the hosting is taking place. There CAN be a repoint from that server to somewhere else, which would keep YOUR URL in the browser and would go elsewhere. But, you would have to specially request this particular action with your WH company, either through a tech support phonecall or through an action in your control center with the WH company.

Quote:

Please note: the registrant of the domain name is specified in the "registrant" field. In most cases, Go Daddy Software, Inc. is not the registrant of domain names listed in this database.

Registrant:
Beyond Fertility.com
P. O. Box 201
Heber Springs, Arkansas 72543
United States

Registered through: GoDaddy.com
Domain Name: WEBMIDWIFE.COM
Created on: 19-Sep-03
Expires on: 19-Sep-05
Last Updated on: 18-Dec-03

Administrative Contact:
Ramsey, Lori
Beyond Fertility.com
P. O. Box 201
Heber Springs, Arkansas 72543
United States
5013622858 Fax --
Technical Contact:
Ramsey, Lori
Beyond Fertility.com
P. O. Box 201
Heber Springs, Arkansas 72543
United States
5013622858 Fax --

Domain servers in listed order:
NS.RTSDNS.NET
NS2.RTSDNS.NET

There is a process called hijacking and this link will take you (or your BIL) to a site that gives a good explanation of this particular type of malware (have to scroll down a bit). But, it will show the URL to the site that you've been hijacked to.

Hope this clarifies things a mite.

[EJRS.COM]

With Godaddy.com you can register privately and it may help reduce the spam by a bit. At $9 it's pretty reasonable.

PRIVATE REGISTRATIONS
Protect yourself from spam, scams, prying eyes and worse.
Only $9.00

[ldyguique]

Jeremy --

I just responded elsewhere in the Forums about public vs private for a business. I truly believe that if one is planning on operating a business, that part of one's credibility is to be public. Does it make me nervous? Oh yeah! But, I do think that it's critical information that is "technically" available to a potential customer if they know how to use whois.

I have to admit that I'm uncomfortable with being this public; however, it's part of the price of doing business on the internet. If I expect a total and complete stranger to spend their money with me, they have a right to know who I am as much as is feasible. If I ran a storefront, they could drop by and I'd only be dealing locally.

I think that making one's domain private is counterproductive to good business practices.

[ronniethedodger]

It was probably hacked into. I noticed that he uses Front Page Extensions and down toward the bottom there is some MSnavigation links (where the ToodleBug.com anchor is).

I am not an expert on any of this, but it seems to me that anyone can easily "publish" or update to your pages if they are not secured well. Since you have already taken down the bulleted list, I could not see how you actually had it set up. But my feeling is that someone may have access to your site right now and you may want to go over the security of it....or do away with the extensions altogether and not use them.

Also I do not know what this BIL is in reference to. But if that is your main go to guy or service, you may want to direct your questions to him/her/it. It is also possible that whomever did hack the site, is using some type of browser detection or detecting your particular IP address so that YOU will not see the links...but we can....n'est pas?

[ptellep]

Brother In Law

[stugre]

Hmmm... I got some spam the other day offering to do just this kind of thing. It basically said you could select keywords, which when they came up in browsers with their particularly venemous software installed, would underline and make a hyperlink your keywords whatever page they appeared on.

The spam was image based, and opening it now their site has been taken down so I cant provide any more details sadly. I remember it very clearly though, it was offering to put some kind of brown underline under the words you chose. It stuck in my mind because I recently managed to get some spyware installed that inserted kanoodle results at the top of Google and Yahoo searches, was amazed at how it worked and just thought this was another variation on a theme.

Of course you could have been hacked, but it would be hard work for a hacker to do for just one website...

[cyanide]

Hi Lori,

Sorry to hear that happen to you...
Hard to know exactly what happened, however, I would lean towards ronniethedodger's suggestion, that someone found an exploit, could be from FrontPage, and modified your home page.

[lorikelley66]

we had the same if not similar problem about a year ago and inserted some code in the meta tags of all our pages that prevented this problem for us. Here it is:

<meta name="MSSmartTagsPreventParsing" content="TRUE">

Good luck!

[paulhiles]

Quote:

Originally Posted by lorikelley66

we had the same if not similar problem about a year ago and inserted some code in the meta tags of all our pages that prevented this problem for us. Here it is:

<meta name="MSSmartTagsPreventParsing" content="TRUE">

Although there are certain similarities in the way the link has been "hi-jacked" with those of Smart Tags. The rest of the description, that the 'linked' page had different content, yet shared the same address would seem to point to the site being accessed via some exploit (perhaps via FrontPage extensions).

[palfreymedia]

It sounds like adware to me. I ended up with adware on my computer not very long ago. This can happen very easily if you download a lot of shareware ... adware is often bundled with it. If you download adware most of the time you won't even know you've installed it.

The one I had was called "Ezula." I probably won't get the technical specifics correct but how I understand it: Ezula runs with Internet Explorer, and when IE loads a page Ezula goes through that page and adds its own advertising. For example, if someone has paid Ezula for the keyword "Web Hosting," that keyword will always appear as a link to that advertiser's page (to anyone running Ezula) regardless of where on the Internet it appears. In other words, if you have the keyword "Web Hosting" on your page, everyone with Ezula will see it as a link to that advertiser's website.

If your brother in law had Ezula or something similar on his machine, that would explain why he could see the link but you couldn't. In my opinion, this is stealing and it's very very unethical. But apparently, it is legal.

Adware is often difficult to remove. You can uninstall it, but it may keep mysteriously coming back. If you have adware on your computer, you may need to use a removal tool such as Adaware to get rid of it.

A good site about Adware: http://www.thiefware.com

Good luck ...

[ste-bo]

I don't mean to be negative but as a proffesional web hosting / designing company it seems funny you should be posting such a question. Are you not supposed to be up on these things if you are desinging and selling web sites to clients?


Would it not have been better to save the code for the last web site so we could see what you are referring to? it seems people are just posting thier random thoughts.......

[Marilyn]

I heard something similar years ago, that when a client selects a certain key word on your site, they could be led to another site.
The solution to that is to include this in your meta tag area:
<meta name="MSSmartTagsPreventParsing" content="TRUE">

You should put this on every page on your site.

[DosDog]

Marilyn has the answer, it's smart tags.

[palfreymedia]

Quote:

Originally Posted by Marilyn

The solution to that is to include this in your meta tag area:
<meta name="MSSmartTagsPreventParsing" content="TRUE">

You should put this on every page on your site.

It's my understanding that that won't actually help ... that's something you could do back when Microsoft was talking about putting adware-type functionality in Internet Explorer. The idea was so controversial that they ended up not doing it, so using MSSmartTagsPreventParsing won't do you any good.

Since adware like Ezula isn't built in to the browser and isn't related to Microsoft at all, it won't recognize that meta tag.

[chelle60]

Quote:

Originally Posted by ste-bo

I don't mean to be negative but as a proffesional web hosting / designing company it seems funny you should be posting such a question. Are you not supposed to be up on these things if you are desinging and selling web sites to clients?


Would it not have been better to save the code for the last web site so we could see what you are referring to? it seems people are just posting thier random thoughts.......

do you think someone who's got a midwife web site intended to have a link advertising web hosting? i think that's the root of the problem - it wasn't her link.

[luvdavy]

Quote:

Originally Posted by stugre

I recently managed to get some spyware installed that inserted kanoodle results at the top of Google and Yahoo searches, was amazed at how it worked and just thought this was another variation on a theme.

I picked up something that is inserting things into Google as well. It seems to have something to do with the Google Toolbar, but I've removed it and even downloaded it again, and I can't make it go away. None of my spy programs will pick it up, either..I've tried Spy Blaster, Spy Guard, Swat It, and Spy Blocker? I think...all the top ones. Nothing will detect it. Is this what you are talking about? I'd give anything to get rid of this parasite...drives me nuts.

Jan

[stationaryobserver]

Did you people read his post? Hackers..rofl.

His page loads differently on his brother-in-laws computer. It's not a hacker. As some people have said, it sounds like spyware. It wouldn't be that difficult to do. The trojan simply puts itself between incoming data and your browser. It can then load whatever it wants, tag key words with links etc.

If I were you or your brother in law, I would document all of it and contact ANY companies whose products were linked to by the site. They are paying some guy to advertise for them, and this is how he is doing it.

A hacker would just change your site to say CULT OF THE DEAD COW OWNZ YOU. HACK THE PLANET!@ PROPS MY MAH BOY CHEDDAR AND jMan. Most hackers could give a f*ck about the contents of your site and would only be interested in having something to show off to their friends and add to the list of 'Sites I've hacked'. If you have something valuable on your site and the hacker wants it, they won't be silly enough to let you know that you've been hacked- that's how you get caught, called a 'terrorist' and thrown in jail.

If I were you, I'd tell your brother in law to a) Format his hard drive and install Linux, or b) Donate the computer to someone else, or charity or sell it on ebay and get a new Mac.

Believe it or not, Linux and Mac folk don't have to deal with lame things like 'Popups' or the dumb ad messages that appear because Microsoft Windows has un patched security holes, we don't worry when 'the massive killer virus attacking PC's' is released because it won't affect us.

The sooner you realize Microsoft Windows is a p.o.s, and stop wasting your time trying to figure out how to prevent getting a new virus, trojan, or spyware, the better.

It doesn't have to be this way. Get a clue. Microsoft Windows is good for one thing. Games. Above and beyond that there's a better solution for absolutely everything :D


I would also like to add, that some of you have absolutely no idea what you're talking about. Some guy down there in the thread attacked this guys professionalism because some spyware is taking over his relatives computer. ROFL. And the people with the smart tags. lol ! LOL. As if the spyware programmer CARES about your tags. lol.



THROW AWAY YOUR OPERATING SYSTEM.