Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > Web Programming > HTML > HTML Code Clinic
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
HTML Code Clinic Do you have some HTML code you'd like to share and get suggestions from others for tweaking or improving it? This discussion is the place.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the HTML Code Clinic section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old June 4th, 2006, 08:11 AM
Registered User
 
Join Date: Jun 2006
Location: , , .
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Hacker Attack

Hi,
Can any one help decode the meaning of the following code, basically I :(have hackers who are redirecting web pages to steal bank accounts, I guess that it is a server, anyway here it is:

http://www.google.com/search?q=cgtal...utf-8&oe=utf-8

they seem to have redirected a google serch

Help if you can
thanks in advance.
Reply With Quote
  #2 (permalink)  
Old June 4th, 2006, 09:56 AM
Friend of Wrox
Points: 1,315, Level: 14
Points: 1,315, Level: 14 Points: 1,315, Level: 14 Points: 1,315, Level: 14
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: , , .
Posts: 425
Thanks: 0
Thanked 3 Times in 3 Posts
Default

Don't search from the addressbar or searchbar in Opera then.

Those extra parameters are just telling Google that you searched from Opera, how many hits you want displayed and the and the character encoding.

Here's what the Google toolbar for IE produces.
http://www.google.com/search?sourcei...LG:en&q=cgtalk

And here's what I get when I type "g cgtalk" on Operas addressbar.
http://www.google.com/search?client=...utf-8&oe=utf-8

Maybe they track us, but I don't think it's worse than that. :)

--
http://yupapa.com
Reply With Quote
  #3 (permalink)  
Old June 4th, 2006, 10:09 AM
Registered User
 
Join Date: Jun 2006
Location: , , .
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks,
but in Opera browser I get a "302 moved' message, I found that odd as I rarely get Google offering a moved search page, the pages that were found might have moved but it's odd fot the actual search to have moved, afterall the search result was not created before the searc request, how can something that does not exist prior to the search give a 302 moved?

Reply With Quote
  #4 (permalink)  
Old June 4th, 2006, 10:17 AM
Friend of Wrox
Points: 1,315, Level: 14
Points: 1,315, Level: 14 Points: 1,315, Level: 14 Points: 1,315, Level: 14
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: , , .
Posts: 425
Thanks: 0
Thanked 3 Times in 3 Posts
Default

Do you gte that when you do that search from Opera? I don't. No idea, I never search from Opera (more than testing, that is), but I've never seen a redirected search either.

--
http://yupapa.com
Reply With Quote
  #5 (permalink)  
Old June 5th, 2006, 12:58 AM
Registered User
 
Join Date: Jun 2006
Location: , , .
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Apparently oprea is a very secure browser, so it knows that the web page has been redirected (the other browsers do not know this has happened and show the redirected page as normal so the owner of the IP never usually knows - the earlier logic of how something that does not yet exist can then be redirect is correct - it has to exist before it can then be moved), someone grabbed it before then sending it on to me, thats why it says redirected. The hackers have grabbed my IP and are sending me a copy. How I catch them now is the problem. :(

Does anyone know how to view the raw data of the opera page because that might give a clue.
thanks
Reply With Quote
  #6 (permalink)  
Old June 5th, 2006, 01:08 AM
Friend of Wrox
Points: 1,315, Level: 14
Points: 1,315, Level: 14 Points: 1,315, Level: 14 Points: 1,315, Level: 14
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: , , .
Posts: 425
Thanks: 0
Thanked 3 Times in 3 Posts
Default

So how does my Opera differ from yours? Exactly what do you do when you get this redirection?

How do you mean someone has stolen your IP number?

--
http://yupapa.com
Reply With Quote
  #7 (permalink)  
Old June 26th, 2006, 06:05 AM
Friend of Wrox
 
Join Date: May 2004
Location: , , .
Posts: 212
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Check out NETSED on Google. Its an on-the-fly packet modder, meaning you can find out for sure where your security holes are. I think you can use it to spoof your IP as any packets leave your system too. If you're running a Linux system of any kind, try NMAP'ing yourself to look for vulnerabilities, (I wouldn't even begin to trust the Windows port of NMAP).

A couple of good sites:

www.packetstormsecurity.org
http:\\distrowatch.com

Cheers
Joe
Joe

Reply With Quote
  #8 (permalink)  
Old July 12th, 2006, 06:04 AM
Friend of Wrox
 
Join Date: Jan 2006
Location: San Francisco, CA, USA.
Posts: 198
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Very puzzling! All I can think of is to check your proxy settings and C:\windows\system32\drivers\etc\hosts file to see if your computer's configured with a man-in-the-middle attack. Maybe you're not talking to google.com at all, but either a service running on your local system or a proxy that spyware has installed for you.

Jon Emerson
http://www.jonemerson.net/
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off




All times are GMT -4. The time now is 06:10 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.