[Nottingham] A Google Webmaster Scam?

Martin martin at ml1.co.uk
Wed Dec 19 17:42:46 UTC 2012

>>> Poking around in the js, you can see that there are src parameters
>>> to http://ozecqnxm.qhigh.com/terafegwqegwg.cgi?5
>> Indeed so! A quick grep has soon found that. Looks damned suspicious.
>> Thanks for that. So how did you find that one?
> Probably quite easily if anyone else has used Chrome to try an access
> the NLUG web page.  It popped up a giant red warning page telling us all
> to steer well clear of it, and referenced the above URL as the source of
> malware.
> (Sorry, I was too lazy to send a screenshot at the time and was pretty
> sure it would result in a rant and an uproar on here eventually anyway.)
> ;-)

Duhh... I'm using Firefox and got no such thing... Likely stopped by my
DNS blocking and NoScript?...

So how long has that been flashing up?!

(Before I start searching all the backups to find the hit date...)


- ------------------ - ----------------------------------------
-    Martin Lomas    - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from   hkp://subkeys.pgp.net   or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg

More information about the Nottingham mailing list