Weird - spam appearing in website content

  Pollik 12:50 04 Jun 2014
Locked

This is a really weird problem that I have.

On one particular website, click here, I am seeing the body text interspersed with spam links for viagra, cialis and others.

The site owner said that he cannot see them - this is an entirely legitimate site, by the way.

Next step was to trying different machines, myself. I tried on a Win 7 machine, using both Firefox and Chrome browsers. I tried on a Ubuntu machine with Firefox. I tried on an Android smartphone using the native browser.

On all those machines, I can still see the spam... here is a screen grab - click here asked some friends to check...they cannot see the spam either.

The only things that the three machines had in common were router and ISP. The problem only arises on that one domain. It is not a machine specific problem. It is not a browser specific problem. It is not an operating system specific problem.

It is seemingly router specific and it is seemingly ISP specific, but I cannot see how.

It is domain specific...but no one else appears to have the problem. And I don't have the problem on other domains.

It is not an ad block problem, either.

One last thing...I have looked at the page source, and I see mark up language for the links I see displayed...I can't post them because it initiates the forum's anti spam.

Does anyone have any ideas what could be going on here? I have run out of ideas.

I

  spuds 13:01 04 Jun 2014

Have you contacted the ISP, to see if they have received similar reports of the intrusion?.

Have you run any type of malware or security programmes to see if something that perhaps should not be, is present on your machines?.

  Woolwell 15:21 04 Jun 2014

Are you logging in to that site?

Try deleting the cookie for the site.

  Secret-Squirrel 15:48 04 Jun 2014

"It is seemingly router specific................but I cannot see how."

A simple malicious script is sometimes all it takes to change your router's DNS settings so that you get the same ad-infested webpages on all devices that use the same router.

Log into your router and look in the WAN section. Make sure that the DNS servers are assigned by your ISP.

It is puzzling though that this only seems to affect the one site. I would have expected most sites to be the same if your router has indeed been hijacked. There's no harm in checking its DNS settings though.

  Pollik 14:16 06 Jun 2014

In order:

  • I haven't checked my ISP yet. It is on my list, but the nature of the problem, limited to a single site, seem so perverse, I wanted to see if others had come across something similar before I did. Good though they are (Xilo), I am doubtful that many of their customers are visiting this particular site. Even so, it is on my list to ask.

  • Yes...I have both Avast and Spybot installed and recent full scans.

  • It is not my own personal site. It belongs to a casual friend. Also, the problem only lies within my own household. No one else can see the spam unless they are connected to my wi fi. I don't think it is the hosting service at fault.

  • Maybe I have been hacked...yes possible. It is unlikely to be the four different devices in my household, I think, so if I have been hacked, it would be the router which is passworded under WPA-Personal. I have no idea how to check this and remove the hack, because I don't understand, at all, the nature of the hack.

  • No, not logging in to the site. Deleting cookies makes no difference.

  • DNS - ah, that is something I hadn't though of, thank you. Now checked - the router is set to obtain DNS automatically. And yes, it is very weird indeed to only affect one site, from four very different devices sharing a connection.

Thanks for all your input. I think my next step is ask my ISP (not hopeful a good outcome from that). And then to decide whether to replace my router, and demote my current one to a spare. I don't have a spare, at the moment, so I am reluctant to risk a firmware update. I need to decide whether this most peculiar bug is worrying enough to fork out for another router. My router is about 5 years old and I live in a low bandwidth area...maybe I should research what routers are about which might, just, bump my signal up into the next bandwidth...that would increase my speed by 50%, so there is an additional incentive, but decent routers aren't cheap. :/

Thanks again, everyone

Polly

Sigh.

  Secret-Squirrel 15:49 06 Jun 2014

"Now checked - the router is set to obtain DNS automatically."

I wasn't expecting that. This is indeed a mystery. Here are a couple of further tests you can try:

1) Take your smartphone to a friend or neighbour's and connect to their WiFi. Do you still see those nuisance ads?

2) From your Windows PC connected to your usual router, open a Command Prompt window, type ping www.tmcto.org then hit enter on your keyboard. The first line of the output should look like this:

Pinging www.tmcto.org [64.90.45.171] with 32 bytes of data:

What IP address (the numbers in square brackets) do you get?

  wee eddie 16:12 06 Jun 2014

I think that I would download and run as many of the Free Anti malware Programs as I could find.

Malwarbytes, Superantispyware, Spybot S&D and any others that I could find until the culprit is revealed.

  Secret-Squirrel 16:31 06 Jun 2014

Eddie, Polly gets the same problem on a Windows PC, a Linux PC and an Android smartphone so it's extremely unlikely to be a malware problem.

  Pollik 17:57 06 Jun 2014

Thanks for responses.

@Secret-Squirrel

1) Haven't tried someone else's wifi, but on 3G, there are no ads (took about 4 minutes to load - my area is not good for mobile signals). Not the phone then and probably not a problem on any of the devices.

2) Ping test returns the same address as you got (good thought, though)

3) Following a hunch...I went to tmcto.org through Hidemyass, proxy. No ads.

4) Following another hunch...I changed my DNS to Google's public one. I still got ads

5) Clearly the issue is either with my router or my ISP. I don't know if the fact that I have a static IP is an issue. And I have no clue at all why the problem is limited to one site.

@eddie - thank you for the suggestion, but as SS noted, this is a problem across four devices with four different platforms (Win 8, Win 8 Starter, Android and Ubuntu). I don't think this is an issue on the devices.

The game is afoot, as a famous fictional detective is fond of saying.

  Secret-Squirrel 18:22 06 Jun 2014

"3) Following a hunch...I went to tmcto.org through Hidemyass, proxy. No ads."

That's an interesting result. I'm puzzled as to why you only see those ads when you use your regular fixed IP address. It's almost like something is recognising it's you and injecting those pests into the webpage.

I'll need to do some more thinking although I don't believe now it's a router issue.

  Woolwell 19:04 06 Jun 2014

It seems that the fixed IP address is being recognised. I wonder if the problem lies with the host for the website?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Alienware 17 R4 2017 review

These brilliant Lego posters show just what children's imaginations are capable of

Mac power user tips and hidden tricks

Comment réinitialiser votre PC, ordinateur portable ou tablette Windows ?