[TriLUG] Is this a hijack?

James Jones jc.jones at tuftux.com
Sun Aug 17 06:47:39 EDT 2008 

Thanks to all who replied. I found this on the internet:

===================================================================

Here is the code to check your web server referer and then redirect
the visitor to your custom sales page. Simply take the two lines of
code and put them in your .htaccess file and you're done.

RewriteCond %{http_referer} ^http://([^.]+\.)*(elliotsblog)\.com
RewriteRule ^$ special.html [R=302,L]

In this example, we look for referer's from elliotsblog.com and we
direct them to a page on our site called special.html.

You should change the domain and the page to anything you like.

NOTE: You need to have the apache module mod_rewrite installed on your
web server.

=====================================================================

jcj

On Sat, Aug 16, 2008 at 3:43 PM, Carl Crider <c.crider at gmail.com> wrote:
> It's on the Malware list.
>
> http://www.malwaredomainlist.com/update.php
>
> On Sat, Aug 16, 2008 at 3:19 PM, James Jones <jc.jones at tuftux.com> wrote:
>
>> All,
>>
>> Not sure if I understand what a hijacked web page is, but I have run
>> into something that is baffling me.
>>
>> Recently, I need some battery information so I use my favorite search
>> engine, Google on my favorite browser, Firefox 2.0.0.14, with the key
>> search being "battery reference chart" ( without the quotes ). As
>> usual, Google responds quickly with  "Results 1 - 10 of about 307,000
>> for battery reference chart. (0.07 seconds) ". Not finding exactly
>> what I was looking for in the first 10, I went to the second page ( 11
>> - 20 ).
>>
>> Number 13 was listed as follows:
>> ==========================================================
>>
>> Battery cross reference chart, toshiba laptop battery, acid ...
>> Submenu Item A; Submenu Item B. Nice battery cross reference chart ...
>> Battery cross reference chart, how to test a battery isolator, lawn
>> mower battery, ...
>> www.scottsimmons.tv/media/cpdky/battery-cross-reference-chart.html - 10k -
>> Cached - Similar pages
>>
>> ==========================================================
>>
>> As I usually do when going to links on google, I clicked on the first
>> line -- "Battery cross reference chart...." I am sent to:
>>
>> http://scan.free-antispyware-scanner.com/100627/3/
>>
>> The page that popped up was designed to look like winxp as if you had
>> clicked on "My Computer". For C and D hard drives, red lettering was
>> underneath it "Hardware error". A horizontal progress bar with
>> indication of "scanning". Of course, my browser is now locked so I
>> have to open a terminal window and kill Firefox.
>>
>> If I use the link at the bottom of Number 13 :
>>
>> www.scottsimmons.tv/media/cpdky/battery-cross-reference-chart.html
>>
>> I go to the website without interference from the "hijacker".
>>
>> How did they do this????
>>
>> jcj
>> --
>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>

More information about the TriLUG mailing list