Dodgy Domain Scams

Occasionally you see something that is so dodgy, so sleazy, so … brilliant, that you just have to sit up and applaud. Today I found one of these.

Anyone who spends a bit of time on the net are familiar with the idea of domain name scamming. The idea is to raise traffic to your site by capturing user who actually want to be going somewhere else.  You can do this by stealing domain names of course, but its a bit hard and the true owners of http://www.coke.com have a hell of a lot more money that you and are quite willing to sue you into oblivion.

However, http://www.ckoe.com might not be registered.. or cok.com or cokee.com..  or any other of a thousand misspellings.  This is a much used and highly looked down on practice that many companies have, often unsuccessfully, tried to fight.

Today, I found the ultimate.  Someone entered a link into our intranet site, a simple link to another place on the site. Clicked on it to test and BAM!  Porn site. http://www.ratedx.com.au to be precise.  I tracked the problem to the system adding a superfluous http:// to the beginning of the link, resulting in two http://’s in the link.

It would appear then that this ratedx site has somehow managed to get http://http:// to redirect to their site. It wont work if you put just http://http:// because thats an invalid url, but add any alpha numeric character after that (whether it be http://http://a or http://http://www.google.com) and you’ll find yourself in porn central.

Adding an extra http is a common problem of automated link systems.  I must applaud this incredible rort of the system, well done ratedx.

Also, welcome to our website blockers. We don’t want staff visiting you by accident.

Advertisements

3 thoughts on “Dodgy Domain Scams

  1. It’s because windows is adding .com.au to your search path. These people own http.com.au and if you go to http.com.au with a host header other than http.com.au it gives you the ratedx page. If you go there with http.com.au it gives you some, possibly bogus, search engine.

  2. Ahhhh that makes sense. Thanks Richard 😉

    I’ve also noticed however that this doesn’t happen from my parents house (I was trying to demonstrate to my brother.)

    Is it likely to be a windows setting that does this? All machines in my organisation are homogeneous so it’s likely they would all have the setting if it was set in our soe.

  3. under the dns tab in advanaced tcp/ip settings (windows machine), if “append parent suffixes of the primary dns suffix” is not ticked, it will cause the above mentioned problem

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s