Blog page

Charles Dye

Super Moderator
Staff member
May 20, 2008
4,689
106
Albuquerque, NM
prospero.unm.edu
Rex, are you aware that clicking on non-link text on your blog page opens a new browser tab to a strange, presumably non-affiliated, site?

(No, I have no logical reason for doing this. Just a peculiar nervous habit; don't ask.)
 
May 20, 2008
12,171
133
Syracuse, NY, USA
On Sun, 06 Nov 2011 11:46:07 -0500, Charles Dye <> wrote:

|Rex, are you aware that clicking on non-link text on your blog page opens a new browser tab to a strange, presumably non-affiliated, site?
|
|(No, I have no logical reason for doing this. Just a peculiar nervous habit; don't ask.)

Do you mean http://jpsoft.com/blogs/? What text? I clicked all over the place
and went nowhere.
 

rconn

Administrator
Staff member
May 14, 2008
12,557
167
> Rex, are you aware that clicking on non-link text on your blog page
> opens a new browser tab to a strange, presumably non-affiliated,
> site?

Not reproducible here. And since there isn't any link text in the blog
entries, I suspect this would be more likely due to a temporarily deranged
browser than anything in the blog.
 
Jun 2, 2008
380
6
I saw it too, in both Firefox and Chrome, but then it quit when I started trying to pinpoint the source. Then I got pulled away and couldn't post my findings, but I'm back now.

It could have been a DNS hijack on the domain of one of the included JavaScripts, which could explain why nothing showed in the jpsoft.com logs.

In case it helps, it was a popunder that initially went to "http://s1w. us/sketchytest2" (space added to purposely break the link because it still does its thing), which then forwards through a couple iterations of Google search looking URLs, and ultimately landing at shoemoney .com (space added again).

It's no big surprise that ShoeMoney is a money making scheme, and a search for the words "shoemoney scam" results in a plethora of hits on the subject. Who'da thunk, being scammed by the site that's supposed to help you scam others.
 
May 20, 2008
12,171
133
Syracuse, NY, USA
On Sun, 06 Nov 2011 21:58:28 -0500, vefatica <> wrote:

|I see it right now! On http://jpsoft/blogs/, at the top, hover on "Home", FireFox shows Take Command (http://jpsoft.com/blogs). But click on it and I get a new, tab-less window at Shoemoney - Skills to Pay the Bills (http://www.shoemoney.com). I did it twice; now it has stopped.

And much of what I typed above was translated into anchor text in the email I
received.
 
May 20, 2008
12,171
133
Syracuse, NY, USA
And what does facebook have to do with it?

When I "http://jpsoft/com" I get 38K of incoming data on port 80.

If I subsequently click "Blogs" I get another 680K of incoming port 80. A little less than half of that is what I see in the browser and comes from a "privatesystems.net" server. The rest, about 388K, from a facebook server and is in a non-human-readable form.

What's it all about?
 
Aug 9, 2009
293
1
: If I subsequently click "Blogs" I get another 680K of incoming port 80. A little less
than half of that is
: what I see in the browser and comes from a "privatesystems.net" server. The rest, about
388K, from a
: facebook server and is in a non-human-readable form.
:
: What's it all about?

Most if not all twitter blogs have BOTS that post the same ole BS they all want traffic
 

Charles Dye

Super Moderator
Staff member
May 20, 2008
4,689
106
Albuquerque, NM
prospero.unm.edu
In case it helps, it was a popunder that initially went to "http://s1w. us/sketchytest2" (space added to purposely break the link because it still does its thing), which then forwards through a couple iterations of Google search looking URLs, and ultimately landing at shoemoney .com (space added again).

Yes -- that "shoemoney" is where I was ending up, too.
 

Similar threads