Blog page

Charles Dye · Nov 6, 2011

Rex, are you aware that clicking on non-link text on your blog page opens a new browser tab to a strange, presumably non-affiliated, site?

(No, I have no logical reason for doing this. Just a peculiar nervous habit; don't ask.)

vefatica · Nov 6, 2011

On Sun, 06 Nov 2011 11:46:07 -0500, Charles Dye <> wrote:

|Rex, are you aware that clicking on non-link text on your blog page opens a new browser tab to a strange, presumably non-affiliated, site?
|
|(No, I have no logical reason for doing this. Just a peculiar nervous habit; don't ask.)

Do you mean http://jpsoft.com/blogs/? What text? I clicked all over the place
and went nowhere.

Charles Dye · Nov 6, 2011

vefatica said:
Do you mean URL='http://jpsoft.com/blogs/?']http://jpsoft.com/blogs/?[/URL] What text? I clicked all over the place and went nowhere.

I'm not seeing it anymore myself. But, honest Injun, it was acting weird earlier.

rconn · Nov 6, 2011

> Rex, are you aware that clicking on non-link text on your blog page
> opens a new browser tab to a strange, presumably non-affiliated,
> site?

Not reproducible here. And since there isn't any link text in the blog
entries, I suspect this would be more likely due to a temporarily deranged
browser than anything in the blog.

Charles Dye · Nov 6, 2011

rconn said:
Not reproducible here. And since there isn't any link text in the blog entries, I suspect this would be more likely due to a temporarily deranged browser than anything in the blog.

Well, I can't reproduce it now....

TEA-Time · Nov 6, 2011

I saw it too, in both Firefox and Chrome, but then it quit when I started trying to pinpoint the source. Then I got pulled away and couldn't post my findings, but I'm back now.

It could have been a DNS hijack on the domain of one of the included JavaScripts, which could explain why nothing showed in the jpsoft.com logs.

In case it helps, it was a popunder that initially went to "http://s1w. us/sketchytest2" (space added to purposely break the link because it still does its thing), which then forwards through a couple iterations of Google search looking URLs, and ultimately landing at shoemoney .com (space added again).

It's no big surprise that ShoeMoney is a money making scheme, and a search for the words "shoemoney scam" results in a plethora of hits on the subject. Who'da thunk, being scammed by the site that's supposed to help you scam others.

vefatica · Nov 6, 2011

I see it right now! On http://jpsoft/blogs/, at the top, hover on "Home", FireFox shows Take Command. But click on it and I get a new, tab-less window at Shoemoney - Skills to Pay the Bills. I did it twice; now it has stopped.

vefatica · Nov 6, 2011

On Sun, 06 Nov 2011 21:58:28 -0500, vefatica <> wrote:

|I see it right now! On http://jpsoft/blogs/, at the top, hover on "Home", FireFox shows Take Command (http://jpsoft.com/blogs). But click on it and I get a new, tab-less window at Shoemoney - Skills to Pay the Bills (http://www.shoemoney.com). I did it twice; now it has stopped.

And much of what I typed above was translated into anchor text in the email I
received.

vefatica · Nov 7, 2011

And what does facebook have to do with it?

When I "http://jpsoft/com" I get 38K of incoming data on port 80.

If I subsequently click "Blogs" I get another 680K of incoming port 80. A little less than half of that is what I see in the browser and comes from a "privatesystems.net" server. The rest, about 388K, from a facebook server and is in a non-human-readable form.

What's it all about?

Kachupp · Nov 7, 2011

: If I subsequently click "Blogs" I get another 680K of incoming port 80. A little less
than half of that is
: what I see in the browser and comes from a "privatesystems.net" server. The rest, about
388K, from a
: facebook server and is in a non-human-readable form.
:
: What's it all about?

Most if not all twitter blogs have BOTS that post the same ole BS they all want traffic

Charles Dye · Nov 7, 2011

TEA-Time said:
In case it helps, it was a popunder that initially went to "http://s1w. us/sketchytest2" (space added to purposely break the link because it still does its thing), which then forwards through a couple iterations of Google search looking URLs, and ultimately landing at shoemoney .com (space added again).

Yes -- that "shoemoney" is where I was ending up, too.

vefatica · Nov 7, 2011

And today it's happening on my computer at work ... jpsoft.com ... Blogs ... Home ... Shoemoney.

Charles Dye · Nov 7, 2011

vefatica said:
And today it's happening on my computer at work ... jpsoft.com ... Blogs ... Home ... Shoemoney.

Right now, that 'Home' link just takes me back to the Blogs page. But weirdly, it appears to go by way of Google and Facebook, judging by the browser's status line....

rconn · Nov 7, 2011

> Right now, that 'Home' link just takes me back to the Blogs page. But
> weirdly, it appears to go by way of Google and Facebook, judging by
> the browser's status line....

That's normal. It has to query Facebook and Google to get the "Like" and
"+1" numbers.

Search

Welcome!

Blog page

Charles Dye

Super Moderator

vefatica

Charles Dye

Super Moderator

rconn

Administrator

Charles Dye

Super Moderator

TEA-Time

vefatica

vefatica

vefatica

Kachupp

Charles Dye

Super Moderator

vefatica

Charles Dye

Super Moderator

rconn

Administrator

Similar threads