hacked domain names - hosts file
Posted 20 May 2004 - 02:03 PM
I accidentally stumbled across:
www . neoptes . com
... obviously mistyping www . neopets . com.
What happened was, I was suddenly on a re-directed search engine page
that felt eerily similar to the CWS hacks!! complete with miriads of pop-ups.
Fortunately, I had my Sun Java thing installed and, if it tried, I wasn't infected.
However, I hadn't heard this method used before,
I always see a lot of "HOW DID THIS HAPPEN ?!?!!"
Maybe one of you brave admin souls can visit this site and
confirm this suspicion and we can get this site included in
the spy-bot hosts file, and others like it.
Posted 27 May 2004 - 05:04 AM
Okay, I don't care cos I'm at a Library
Upon reaching the page www.neoptes.com...
Popup 1 -
Popup 2 -
Source code shows several references to
Popup 3 -
This site was blocked by restriction list: RM Offensive Material Filter List
Edited by Mere_Mortal, 27 May 2004 - 05:06 AM.
Posted 27 May 2004 - 09:03 AM
or... You're saying that the redirected links should already be blocked
by the S&D hosts file ?
Or... You're saying that the popups were blocked by the Library's own
RM filter program ?
All of the above ?
Thanks for answering!
Posted 27 May 2004 - 04:35 PM
I used hjt and cws to examine the system before and after.
Posted 29 May 2004 - 04:00 AM
Only one of them was.
Or... You're saying that the popups were blocked by the Library's own RM filter program ?
The library host won't allow any such changes to the homepage or registry in any case, so I can't conclude whether the address and/or the popups are malicious.