September 13th, 2011, 09:58
Bobchillingworth
Unregistered
I don't know if anyone else has encountered this, but when I click on the link to the Realms Beyond main page from the first result of a Google Search, I get a redirect to some site called "twowayserf", which my anti-virus blocks as a known threat. This usually isn't an issue since I generally navigate to RB using tabs (which don't encounter the redirect), but it's still fairly concerning.
Anyone have any idea what's going on? I don't get redirected by any other sites, and it has happened to me on multiple computers.
September 13th, 2011, 10:00
Posts: 5,633
Threads: 30
Joined: Apr 2009
Yeah, I've had that same problem from Google searches, myself.
September 13th, 2011, 10:02
Posts: 23,441
Threads: 132
Joined: Jun 2009
Ditto.
Current games (All): RtR: PB80 Civ 6: PBEM23
Ended games (Selection): BTS games: PB1, PB3, PBEM2, PBEM4, PBEM5B, PBEM50. RB mod games: PB5, PB15, PB27, PB37, PB42, PB46, PB71. FFH games: PBEMVII, PBEMXII. Civ 6: PBEM22 Games ded lurked: PB18
September 13th, 2011, 12:42
Posts: 15,214
Threads: 111
Joined: Apr 2007
I can't help but wonder if this could be related to the forum downtimes that seem to be happening frequently? Some sort of minor server breach?
September 14th, 2011, 03:00
Posts: 1,922
Threads: 68
Joined: Mar 2004
What search words did you use? I'm unable to reproduce the problem, but would like to investigate.
EDIT: In addition to the search words, the actual link you're following which leads to the malicious site would be cool as well.
This really sounds like RB might be infected; it's a standard technique to hack servers which then deliver malicious sites to users coming from Google, and the normal site to all others. That way, it's less likely to get noticed by admins, for example.
There are two kinds of fools. One says, "This is old, and therefore good." And one says, "This is new, and therefore better." - John Brunner, The Shockwave Rider
September 14th, 2011, 04:14
Posts: 2,417
Threads: 23
Joined: Oct 2009
I have had this too.
just typed "realmsbeyond"
September 14th, 2011, 05:13
Posts: 1,780
Threads: 16
Joined: Jan 2006
Is this google.com specific? I can't replicate it from google.co.uk & google keeps being "clever" and sending me back to .co.uk when I try to go to .com.
September 14th, 2011, 05:16
Posts: 1,922
Threads: 68
Joined: Mar 2004
Hrmpf, still cannot reproduce this behavior. Maybe the bad guys shut me out, via country, subnet or whatever.
Could someone do me a favor and post/PM me the link you're actually following from Google to get to the bad site? Instead of clicking on the Google result, use right click->copy link. Thanks!
There are two kinds of fools. One says, "This is old, and therefore good." And one says, "This is new, and therefore better." - John Brunner, The Shockwave Rider
September 14th, 2011, 05:17
Posts: 1,922
Threads: 68
Joined: Mar 2004
pling Wrote:Is this google.com specific? I can't replicate it from google.co.uk & google keeps being "clever" and sending me back to .co.uk when I try to go to .com. I encountered the same problem. On google.de, there's a link at the bottom "use Google in English" which sends me to google.com; maybe there's something similar on .co.uk?
There are two kinds of fools. One says, "This is old, and therefore good." And one says, "This is new, and therefore better." - John Brunner, The Shockwave Rider
September 14th, 2011, 05:26
Posts: 2,521
Threads: 26
Joined: Oct 2010
Kylearan Wrote:Hrmpf, still cannot reproduce this behavior. Maybe the bad guys shut me out, via country, subnet or whatever.
Could someone do me a favor and post/PM me the link you're actually following from Google to get to the bad site? Instead of clicking on the Google result, use right click->copy link. Thanks! The links come as completely legitimate ones with no additions, funny variables or base64 encoded characters, so there's nothing really to copy here. If you want to see for yourself go to http://www.google.com/ncr ( which will overrule country detection and redirection to regional sites ), query for anything on RB like [ Kylearan site:realmsbeyond.net ] and just follow the link. My firewall ( Norton ) detects the attack as malicious cookie.
|