Hello Muggers I have an interesting problem which someone might recognise and be able to explain. It is a version of a web page hack, but with specific symptoms. It involves an environmental organisation called Greenskills - we do their web page support for them.
They own several domains, in particular greenskills.org.au and ecojobs.org.au. Ecojobs.org.au is being phased out so if you point a browser at it a page is displayed which immediately redirects to an "ecojobs" page on the main site. Or at least this is what happens if you enter the URL www.ecojobs.org.au/. With this format you rely on the default HTML file name, which in this case is index.html, as is standard for most sites. However if you enter www.ecojobs.org.au/index.html, you get a flashy page which wants you to sign up for what I suspect is a pyramid selling scheme. The html source is for this flashy page, it has not done a redirect and the ecojobs URL is the one displayed in the window at the top of the browser. The nameservers for ecojobs.org.au have not been corrupted - they point to the correct place. A search of the net has, surprisingly, shown no pertinent information about this scam. The source code has some links in the header which suggest that someone in the Ivory Coast might be behind it. The source code does not appear to have any actual nasties in it; ie. any code or links which look like they might be trying to download a virus or something along those lines. Has anyone got any insights into this? In particular at what point in the process of retrieving the web page does the "switch" occur? I have informed the hosting company which Greenskills use but so far have no comment from them. Thanks Geoff ----------------------- Kaye and Geoff k...@kgweb.org.au -- The WA Macintosh User Group Mailing List -- Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> Settings & Unsubscribe - <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>