[Web4lib] random link replacements

Pons, Lisa (ponslm) PONSLM at UCMAIL.UC.EDU
Wed Sep 6 07:47:29 EDT 2006


Has the code on the page actually changed? If so, you should find some file information as to when the file was last modified. From there, you could see who was logged in at the time using the apache logs.
 
Also, do you edit the pages directly, in their live directory, or are they updated from another directory?
 
 
Lisa Pons-Haitz
Webmaster
University of Cincinnati

________________________________

From: web4lib-bounces at webjunction.org on behalf of John Fereira
Sent: Tue 9/5/2006 6:08 PM
To: Courtney Stephens; Tyson Tate
Cc: Web4Lib
Subject: Re: [Web4lib] random link replacements



At 03:53 PM 9/5/2006, Courtney Stephens wrote:
>We use Dreamweaver, but no CMS.  AFIK, there are only 3 people who are
>allowed to edit - me, the reference librarian (who pointed out the problem)
>and the tech guy.   Possibly, there is one other librarian allowed to edit
>(the head of TS), but she doesn't generally do anything to the website.
>She's more concerned with the OPAC.

Shared passwords?


>We run an Apache server, but I don't know what kind of security it has on it
>as a whole.  The website is password protected, though.
>
>The problem is localized to one folder, and replaces only one phrase -
>teach.belmont.edu:2048? - with www.apple.com.  It replaces things at random,
>and just because they are wrong on one page does not mean they have been
>changed on another.  I have never seen anything like this happen before.

Have you tried different browsers to see if you get the same
behavior?   'I've seen routers set up to intercept HTTP requests and
randomly forward to a vendor page.  I've got one at home that all of
sudden started intercepting requests (doesn't matter which site
you're going to) such that it goes to the vendors page which sells
the router.  The page "offers" an add-on product and suggest a
firmware upgrade.  I tried downloading the upgrade once and it blew
away my configuration.  I'll never buy another product from that
company again.

A similar behavior that you may have seen manifests itself when
trying to access a site that has a domain name that isn't
valid.  It'll often bring up a site which sells domain names similar
to the one you've tried to access.  Occasionally, when the network is
busy a DNS timeout will result in render one of these sites even when
a valid domain was used.


>~Courtney S.
>
>On 9/5/06, Tyson Tate <tysontate at gmail.com> wrote:
>>
>>Could you give us more information? What CMS or editing tools do you
>>use? What kind of security do you have on the pages (i.e. who's
>>allowed to edit it?).
>>
>>Most likely, it's being edited by someone who doesn't know what
>>they're doing. (Ok, let's not get in to the "gatekeeper" discussion
>>again! ;)
>>
>>-Tyson
>>
>>On 9/5/06, Courtney Stephens <court1824 at gmail.com> wrote:
>> > Has anyone ever had links randomly be replaced on their webpages?
>> >
>> > My library's website has had this happen 2x in the last month - our
>>proxy
>> > address is replaced with http://apple.com/ in random links on our
>>website.
>> > See this for examples: http://library.belmont.edu/SubGuides/english.html
>> >
>> > The tech guy claims it's not a virus.  Whatever it is, it's annoying....
>>and
>> > I'd appreciate any leads on how to get it to stop
>> >
>> > ~Courtney S.
>>_______________________________________________
>>Web4lib mailing list
>>Web4lib at webjunction.org
>>http://lists.webjunction.org/web4lib/
>_______________________________________________
>Web4lib mailing list
>Web4lib at webjunction.org
>http://lists.webjunction.org/web4lib/

John Fereira
jaf30 at cornell.edu
Ithaca, NY

_______________________________________________
Web4lib mailing list
Web4lib at webjunction.org
http://lists.webjunction.org/web4lib/




More information about the Web4lib mailing list