Hi Geoff,
First off, I make no claim to be a web hosting guru - so forgive me if I
miss the point or state the bleedin' obvious
However, I do manage the website for Gilbert's potoroo Action Group (GPAG)
which I have set-up to direct 2 different URLs to the same website. In our
case, I set-up www.potoroo.org as our website and then we later decided to
also capture the Australian www.potoroo.org.au domain and point it to the
same site. This was easily done using the parked domain feature of our
hosting package - basically I log into the primary domain using cPanel and
go to parked domains under the domains section of cPanel, where it says:
Parked domains allow you to ³park² additional domain names to your existing
hosting account. This allows users to reach your website when they enter the
parked domain in their browsers.
In our case, I have not set-up any redirection - I have just set the
existing public html folder as the domain root for the parked domain which
means that the site just works whichever URL you enter by and whichever page
you enter by. The basic domains default to the index page but all pages
continue to show the appropriate URL depending how you entered the site.
Your situation is slightly different situation in that the two domains do
not both point to the same top level in the site. Now, I don't know how this
has all been set-up but it looks like they have set-up a subsection
www.greenskills.org.au/ecojobs - with a redirection from the secondary (old)
domain ecojobs.org.au to a specific page in this subsection
http://www.greenskills.org.au/ecojobs/ecohome.html.
The first thing I noticed about the rogue page was that below the flashy
box, over the picture, it says:
Copyright, 100daily.host56.com All Rights Reserved
And the URL 100daily.host56.com leads to a page that looks exactly like the
page that www.ecojobs.org.au/index.html apparently redirects to.
Now host56.com appears to be part of a a free web-hosting service provided
by 000webhost.com as on www. host56.com, it says:
Welcome to the free web hosting provider www.000webhost.com
We use subdomains under domain HOST56.COM to setup free web hosting accounts
for our clients. Each subdomain *.HOST56.COM is managed by different customer.
To report abuse click here.
So, assuming that 000webhost.com is a good web-hosting company, you COULD
try reporting the 100daily.host56.com sub-domain as having hijacked traffic
from www.ecojobs.org.au/index.html
HOWEVER I am not sure that the problem here is that the URL
www.ecojobs.org.au/index.html is actually being redirected. I tried using
the Web Page Test from the test tools at WebSitePulse
http://www.websitepulse.com/help/tools.php which shows the page as loading
correctly and, interestingly shows the red-animated.gif file as loading with
an address of http://www.ecojobs.org.au/images/red-animated.gif
I must admit, I am punching way above my weight here in terms of
understanding what is going on - but I wonder if the culprit has actually
managed to infiltrate the public_html folder for the original
ecojobs.org.au hosted site and put his stuff in there and that the redirect
to www.greenskills.org.au/ecojobs has only been set-up to capture the main
URL www.ecojobs.org.au but requests to individual files/pages are still
going through to the old (now hijacked) hosted site.
As you have noted, both domains greenskills.org.au and ecojobs.org.au have
the same DNS lookup of 198.38.82.169 (as do 1,543 other sites) and use the
same nameservers:
ns2000.mochahost.com
ns1000.mochahost.com
So what I would be looking at doing first would be to log-in to the control
panel for the ecojobs.org.au website and seeing what is there. In the past,
I have found the cPanel log-in to be typically domain:2082 though, on my
site, this now redirects to domain:2083. I note that:
http://www.ecojobs.org.au:2082/
http://www.ecojobs.org.au:2083/
Both bring up a cPanel log-in panel - so entering the site administrator
user name and password should let you into cPanel and let you look around at
what is happening - I would first go to the public_html folder and see if
there is an index.html file there that shouldn't be (as in one for the 100
days offer).
Mochahost do have and extensive online knowledge base:
http://www.mochasupport.com/kayako/index.php?_m=knowledgebase_a=view
including various tutorials:
http://www.mochasupport.com/kayako/index.php?_m=knowledgebase_a=viewparen
tcategoryid=74pcid=0nav=0
These may provide further guidance.
HTH
Cheers
Neil
--
Neil R. Houghton
Albany, Western Australia
Tel: +61 8 9841 6063
Email: n...@possumology.com
on 22/1/15 15:24, Kaye and Geoff at k...@kgweb.org.au wrote:
Hello Muggers
I have an interesting problem which someone might recognise and be able to
explain. It is a version of a web page hack, but with specific symptoms. It
involves an environmental organisation called Greenskills - we do their web
page support for them.