Rogue Advert?

[legume]

Just tried to get on phoronix and was redirected to this crap -

www.andyqos.ukfsn.org/antiv-2.png

Edit heres one that showes the site name.

www.andyqos.ukfsn.org/antiv.png

I must admit I was booted into an old setup with an out of date seamonkey, but It's only phoronix that did it, so I don't think it was anything my end as such, but as I don't normally use that partition anymore I could be wrong.

What do you think - if it wasn't me but one of Phoronixes ad "partners" that did it I think it's deceitful and unacceptable for a responsible site to be associated with such an ad - or maybe one of them has been hacked?

[legume]

Just tried to get on phoronix and was redirected to this crap -

www.andyqos.ukfsn.org/antiv-2.png

Edit heres one that showes the site name.

www.andyqos.ukfsn.org/antiv.png

And again - same ad different names - I've been using this browser over the weekend and not one other site has been affected - I go on phoronix today and it happens again, after I did forums -> login -> index.

It offered me an exe this time, which I have. I also have a partial tcpdump and more screens if you are interested - which I would hope you are as it's now far more likely to be a Phoronix problem than an old browser one don't you think?

Edit: the exe is MalwareDefender2009.exe.

[deanjo]

Since this is only happening to you, I was just wondering if you have tried another DNS server (such as openDNS)? You may be a victim of DNS hijacking.

[legume]

Since this is only happening to you, I was just wondering if you have tried another DNS server (such as openDNS)? You may be a victim of DNS hijacking.

It's possible I suppose, but it's only ever happened twice and both times Phoronix + old browser.

There are three other PCs on this LAN using the same DNS and I normally use a more up to date setup and this or anything similar has never occurred.

I'll have to remember to start a tcpdump before I go on phoronix on the few occasions I am booted into this old setup.