Results 1 to 8 of 8

Thread: Hijacked??

  1. #1
    Thinkin' out loud again Builder's Avatar
    Join Date
    Nov 2002
    Location
    Illinois
    Posts
    2,088
    Rep Power
    19

    Hijacked??

    http://troop53.net goes to grapeshot.co.uk, a place I've blocked via .htaccess from crawling my site -- revenge?

    But if you go to http://troop53.net/index.htm it resolves correctly.

    Checked DNS, all's well and pointing to PW servers, Why does my domain name without specifying the filename going somewhere else?

    Kevin
    A good friend will come and bail you out of jail...
    but a true friend will be sitting next to you saying,
    "Damn... that was fun!"

  2. #2
    target='_blank' snowmaker's Avatar
    Join Date
    Nov 2002
    Location
    Not in Solomons anymore.
    Posts
    3,440
    Rep Power
    21
    Check for any other index files, I mean, index files with other extensions. I'm not sure of the order, but Apache (the web server program) looks for index files with several different extensions if one is not specified. Some of the extensions are .html, .htm, and .php. There is a few different filenames that will be searched for too, they are home and default I believe. There is an entry in the knowledgebase here that has the list, I'm sure you could find it with Google or DuckDuckGo too.

    edit: here's the list - http://www.powweb.com/product/defaultPagesList.bml, and index.htm is the first file so don't waste your time trying what I suggested.. You might want to check for a .htaccess file (in which one can specify an index file). Maybe somehow an 'evil' one has been uploaded.
    -bruce /* somdcomputerguy */
    'If you change the way you look at things, the things you look at change.'

  3. #3
    Thinkin' out loud again Builder's Avatar
    Join Date
    Nov 2002
    Location
    Illinois
    Posts
    2,088
    Rep Power
    19
    Only index.htm. I re uploaded it and checked for nasties that might have been injected, but since going to index.htm resolves, that can't be it.

    FYI, I checked with Chrome, Opera, and my iPhone just in case it was a browser thing or an infection of some sort on my computer. All show the same thing.
    A good friend will come and bail you out of jail...
    but a true friend will be sitting next to you saying,
    "Damn... that was fun!"

  4. #4
    target='_blank' snowmaker's Avatar
    Join Date
    Nov 2002
    Location
    Not in Solomons anymore.
    Posts
    3,440
    Rep Power
    21
    I did edit my post, and you may have already been viewing it while I was, so this post is mainly to just send you another notification email.. Hope you get this sorted out..
    -bruce /* somdcomputerguy */
    'If you change the way you look at things, the things you look at change.'

  5. #5
    Thinkin' out loud again Builder's Avatar
    Join Date
    Nov 2002
    Location
    Illinois
    Posts
    2,088
    Rep Power
    19
    I did also check .htaccess, no changes there either.

    But.... now all of a sudden, with no input on my part, everything is good again. Go figure...

    Many thanks for your suggestions Bruce!

    Kevin
    A good friend will come and bail you out of jail...
    but a true friend will be sitting next to you saying,
    "Damn... that was fun!"

  6. #6
    PowWeb Staff
    Join Date
    Jun 2012
    Location
    Phoenix
    Posts
    122
    Rep Power
    5
    Hi Kevin,

    The fix may have been a clean version of the main page being uploaded, but it took a moment to work due to cache clearing on the server side. Definitely sounds like a default page, .htaccess, or code injection issue so you guys were troubleshooting right along the lines that I would have. As you aren't 100% sure what cause the issue I would strongly recommend updating every password relating to your account from main login to webmail and any databases as a security precaution. I will PM you my email in case of this issue occurring again and if you like I can reach out to verify security and scan the account for any malicious content.
    Melissa
    Technical Support

  7. #7
    Thinkin' out loud again Builder's Avatar
    Join Date
    Nov 2002
    Location
    Illinois
    Posts
    2,088
    Rep Power
    19
    Thanks Melissa!

    You may be right about a clean version of the main page being uploaded, but the date stamp hadn't changed. I looked through the code of what was there on the "original" and nothing was out of sorts. As I first posted, as long as "index.htm" was specified the URL resolved correctly.

    It's all really weird to me. I banned grapeshot a couple months ago after they scraped my site. They kept coming back and hammering me again and again for a couple of weeks. All they got was 403s.

    If the DNS is correct and there's no redirect code injected into the page how does http://troop53.net get redirected but not http://troop53.net/index.htm? I'm not smart enough to know. I do know that for some reason my domain was not "locked". I thought it was but maybe I was thinking of the privacy dealy. Now that things are back as they should be I have locked it.

    Ahh well, I'll be changing passwords tonight. Although they were already pretty strong. And I guess all's well that ends well.

    Thanks to both of you,
    Kevin

    [EDIT]I tried to give rep points to both of you but apparently haven't "spread the joy around" enough. Suffice it to say I really appreciate your efforts.[/EDIT]
    A good friend will come and bail you out of jail...
    but a true friend will be sitting next to you saying,
    "Damn... that was fun!"

  8. #8
    Rick
    Join Date
    May 2002
    Location
    Minneapolis, MN
    Posts
    1,752
    Rep Power
    19
    Remember to do a thorough scan of your computer BEFORE you change your passwords to eliminate the possibility of a key-logger virus watching you make the changes and defeating the purpose. It's best to use a second anti-virus program - one that you don't run regularly - in order to get a "second opinion". Good luck!
    Rick Trethewey

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •