Tim G
member
Reged: 12/10/07
Posts: 77
Loc: Atlanta, GA
|
|
I'm a frequent visitor of the clear sky clock and find the information on the site very useful. But on several occasions now, I click the link from Google search and get redirected to some other site that tries to download something called "Bloodhound". Fortunately, my virus protection catches and blocks or deletes the intruder.
Most of the time, this doesn't happen, but it's happened several times on my home and corporate computers in the last two months.
Is anyone else familiar with this problem?
Thanks,
--------------------
Tim G.
Astrotech 80ED
CGEM 800
Orion XT10
Orion 4.5 Starblast
Bushnell 90mm Mak
Canon Xsi unmodded
Meade DSI Color
|
bicparker
Carpal Tunnel
Reged: 02/07/05
Posts: 1701
Loc: Plano, TX
|
|
What link are you clicking on? And what search terms are you using?
First, the title is now Clear Sky Charts. The name was changed a while back due to some naming conflicts, apparently. So it would be better to Google Clear Sky Chart or Charts.
When I Googled Clear Sky Clock, the top of the list was an advertising site (won't list the domain here), which certainly might set off spyware/adware alarms.
The URL is www.cleardarksky.com. Using a Google search will give you other pages that may or may not be dependable.
--------------------
Bic Parker
17.5" f/5 dob
10" f/10 SCT
5" f/8 refractor
80mm f/6 refractor
66mm f/6 refractor
Plus a few others out of the rotation
Edited by bicparker (04/16/09 07:43 PM)
|
groz
Pooh-Bah
Reged: 03/14/07
Posts: 1071
Loc: Duncan, BC
|
|
That's not a problem with the csc, that's a problem with your method of getting there. I just googled 'clear sky clock' on both google.ca and google.com, got correct links in both lists. The only links to anything other than the correct site were in the 'paid adds' on the right.
Are you using the google website, or, some little web browser toolbar add-on to do the search ? If the latter, your problem is most likely in the browser add-on.
|
rmollise
Post Laureate
Reged: 07/06/07
Posts: 4557
|
|
Quote:
I'm a frequent visitor of the clear sky clock and find the information on the site very useful. But on several occasions now, I click the link from Google search and get redirected to some other site that tries to download something called "Bloodhound". Fortunately, my virus protection catches and blocks or deletes the intruder.
Most of the time, this doesn't happen, but it's happened several times on my home and corporate computers in the last two months.
Is anyone else familiar with this problem?
Thanks,
If Google is returning something you don't like, as the doctor said, "Don't do that." 
Next time you are at CSC, why not just bookmark it as a "favorite"?
--------------------
Uncle Rod
Rod's New Book:
Choosing and Using a New CAT
Available now!
|
Tim G
member
Reged: 12/10/07
Posts: 77
Loc: Atlanta, GA
|
|
Quote:
What link are you clicking on? And what search terms are you using?
Below is an image of my search terms and the results. I click on the link shown in red. It goes to www.cleardarksky.com/csk/. 90% of the time no problem. But every once in a while, that odd site gets inserted.
I don't think the clear sky folks are responsible, just don't understand how it happens.
As Uncle Rod suggested, I'm going to add the link to favorites and see if this works better.
Clear Skies,
--------------------
Tim G.
Astrotech 80ED
CGEM 800
Orion XT10
Orion 4.5 Starblast
Bushnell 90mm Mak
Canon Xsi unmodded
Meade DSI Color
|
Mike K
professor emeritus
Reged: 04/01/07
Posts: 626
Loc: Central Texas
|
|
That would make me very suspicious of the possibility that you may have some "malware" installed on your PC. Do you have Anti-Virus and Anti-Spyware software? When is the last time you ran a scan?
--------------------
Clear skies,
Mike K.
30°31" N 97°44" W, LP: Red
Observe: Once or twice a week back yard, once a month under dark skies
Favorites: Globulars, planets, face-on spirals
Equipment: CPC925/XT10i/TMB-92SS/Lunt LS60THaDS
Eyepieces: Naglers, Ethos, UO HDs, Hyperion Zoom
|
desertstars
Please stand by...
Reged: 11/05/03
Posts: 34551
Loc: Tucson, AZ
|
|
Just for the heck of it, I used Google to find my way to the CSC just now. I searched for the current name, Clear Sky Chart. I selected "by region" to get in and Norton immediately halted the process and reported blocking an attempted intrusion. When I used the favorites link I normally use to get to the CSC, there is no problem. It definitely has something to do with using Google to do the search. (Just ran a full scan and found nothing on my computer.)
--------------------
Tom W.
Collinder's Catalog
Jewels in Dark Settings
|
Old Dinosaur
Pooh-Bah
Reged: 05/08/07
Posts: 1255
Loc: Out in the sagebrush
|
|
I just tried the same thing. My AV immediately blocked something.
"wmpburn.biz" was shown as a culprit, I guess.
--------------------
WRS Observatory
|
desertstars
Please stand by...
Reged: 11/05/03
Posts: 34551
Loc: Tucson, AZ
|
|
That's what I saw as well.
--------------------
Tom W.
Collinder's Catalog
Jewels in Dark Settings
|
daev
Graveyard Shift
Reged: 03/10/04
Posts: 4978
Loc: On the edge of the desert
|
|
Did it end up directing you to the CSC site or somewhere else entirely? DNS poisoning, perhaps? I've been trying for a while and can't seem to trigger anything unusual from here (running linux, if that makes any diff) after a couple dozen attempts....
edit: some info regarding the site in question... http://google.com/safebrowsing/diagnostic?site=wmpburn.biz/&hl=en
dave
--------------------
"Yes, I know it's flat here. When the seeing is good you can stand on a beer can and see Toronto...."
Edited by daev (04/18/09 09:10 PM)
|
desertstars
Please stand by...
Reged: 11/05/03
Posts: 34551
Loc: Tucson, AZ
|
|
Someplace else entirely, and immediately.
--------------------
Tom W.
Collinder's Catalog
Jewels in Dark Settings
|
Olivier Biot
Amused
Reged: 04/25/05
Posts: 16328
Loc: 51°N (Belgium)
|
|
Shouldn't we contact Mr. Danko (the owner of CSC) about this? Maybe his ISP or his server got infected with malware.
Or the domain is targeted by DNS poisoning (problem with many popular sites).
Either way, this bears watching.
--------------------
Prediction is very difficult, especially about the future. Niels Bohr
Tal-200K (#199) with JMI NGF-Mini2M focuser on GEM3 • Astro-Tech AT80ED • Orion Sirius EQ-G with wireless EQDIRECT • Astro-Tech Voyager • Celestron Regal LX 10x42 • Helios 15x70
ATM 14" f/5 (redesigning) • ATM 10" f/6 Portable Truss (polishing) • ATM 10" f/25 Dall-Kirkham (optics)
AstroForecast
|
desertstars
Please stand by...
Reged: 11/05/03
Posts: 34551
Loc: Tucson, AZ
|
|
I just did.
--------------------
Tom W.
Collinder's Catalog
Jewels in Dark Settings
|
Attilla Danko
member
Reged: 02/02/07
Posts: 10
Loc: Ontario, Canada
|
|
Hmm. I don't see anything wrong with my servers. But i'll keep looking. I'd you'd like to help, you might want to know:
I actually have two webservers from different companies. The probability that both of them are comprimised is unlikely. So when you see a cleardarksky.com url taking you to the wrong place try resting with
http://server1.cleardarksky.com/ ... rest of the url
and
http://server2.cleardarksky.com/ ... rest of the url
and let me know if you can get one of them to repeatably fail.
Otherwise, i agree it's probaly some kind of DNS issue.
attilla danko
--------------------
http://cleardarksky.com/csk
|
Olivier Biot
Amused
Reged: 04/25/05
Posts: 16328
Loc: 51°N (Belgium)
|
|
Looks like there's a problem with Google indexing cleardarksky.org. Maybe Attilla should try reindexing his site by Google or contact Google about this problem as I believe it may also affect others.
Doing exactly as Tom W describes, gets me to a page on wmpburn.biz instead of www.cleardarksky.com with a warning.
FWIW here are the DNS replies for both domains:
Name: wmpburn.biz
Address: 220.196.59.23
Name: cleardarksky.com
Address: 66.225.213.67
--------------------
Prediction is very difficult, especially about the future. Niels Bohr
Tal-200K (#199) with JMI NGF-Mini2M focuser on GEM3 • Astro-Tech AT80ED • Orion Sirius EQ-G with wireless EQDIRECT • Astro-Tech Voyager • Celestron Regal LX 10x42 • Helios 15x70
ATM 14" f/5 (redesigning) • ATM 10" f/6 Portable Truss (polishing) • ATM 10" f/25 Dall-Kirkham (optics)
AstroForecast
|
panhard
Mongo
Reged: 01/20/08
Posts: 5191
Loc: Markham Ontario Canada
|
|
Attilla: I just tried doing a google search for cleardarksky. The first time I got a warning about a malicious website. I tried again a couple of minutes later and got through ok, but there was something running in the background. So I assume there is a program attaching to your site if the person clicks on the google link to your site.
--------------------
|
H_M
newbie
Reged: 04/22/09
Posts: 1
|
|
I had this issue with my site as well, the fix was to replace the Apache files. I previously tried removing the site from the google index, then letting it re-add, and the redirect was still present. Eventually I removed all the content from the site, with no luck. Finally convincing the host to reinstall Apache fixed the problem.
The thread I used as a reference was here:
http://www.google.com/support/forum/p/Webmasters/thread?tid=38c9f47d8f39afa1&hl=en
|
Olivier Biot
Amused
Reged: 04/25/05
Posts: 16328
Loc: 51°N (Belgium)
|
|
If you're on an *NIX OS you can try locating the Apache binaries and search for wmpburn.biz in them by means of the following command (replace FILENAME with the name of the Apache binary/library/config file you want to check):
$ strings FILENAME | grep -i wmpburn.biz
--------------------
Prediction is very difficult, especially about the future. Niels Bohr
Tal-200K (#199) with JMI NGF-Mini2M focuser on GEM3 • Astro-Tech AT80ED • Orion Sirius EQ-G with wireless EQDIRECT • Astro-Tech Voyager • Celestron Regal LX 10x42 • Helios 15x70
ATM 14" f/5 (redesigning) • ATM 10" f/6 Portable Truss (polishing) • ATM 10" f/25 Dall-Kirkham (optics)
AstroForecast
|
panhard
Mongo
Reged: 01/20/08
Posts: 5191
Loc: Markham Ontario Canada
|
|
H M Welcome to Cloudy Nights.     
--------------------
|
panhard
Mongo
Reged: 01/20/08
Posts: 5191
Loc: Markham Ontario Canada
|
|
Well I am glad I have it bookmarked there is no problem going through my bookmark.
--------------------
|
daev
Graveyard Shift
Reged: 03/10/04
Posts: 4978
Loc: On the edge of the desert
|
|
For what its worth, I've seen that same site insinuated into other links lately.... my money's on DNS poisoning that hasn't been run to ground yet.
dave
--------------------
"Yes, I know it's flat here. When the seeing is good you can stand on a beer can and see Toronto...."
|
Brian Gibson
member
Reged: 10/17/07
Posts: 49
Loc: Brampton, Ontario
|
|
If you use Windows Vista try my sidebar CSC gadget.
http://gallery.live.com/liveItemDetail.aspx?li=48917ad4-e1a9-4121-8713-bd4e0716a035
Apple iPhone and iPod Touch users can try this version.
http://www.apple.com/webapps/weather/skycharts.html
No need to use Google every time!
Brian Gibson
|
Stardaug
professor emeritus
Reged: 08/03/08
Posts: 528
Loc: Ontario, Canada
|
|
This is malware. A google redirect virus. One of many out there. Most of these google redirect virus only function under the standard/basic search method. If you select "advanced search" and try again chances are it will work fine. There are a number of tools out there to try and remove these stubborn redirects. I've found the more popular scanners don't see it though. Are you using IE or Firefox?
Cheers.
--------------------
"Keep looking up!"
Shawn / Ontario, Canada
Celestron CPC800 SCT w/XLT & GPS // Skywatcher Equinox 80ED F6.25 500mm APO // Canon Rebel 350XT unmodded // Milburn EQ Wedge (a Meade model modified to fit my CPC)
|
SanDiegoPaul
Pooh-Bah
Reged: 07/22/05
Posts: 1328
Loc: San Diego
|
|
Quote:
I'm a frequent visitor of the clear sky clock and find the information on the site very useful. But on several occasions now, I click the link from Google search and get redirected to some other site that tries to download something called "Bloodhound". Fortunately, my virus protection catches and blocks or deletes the intruder.
Most of the time, this doesn't happen, but it's happened several times on my home and corporate computers in the last two months.
Is anyone else familiar with this problem?
Thanks,
Tim, why would you be doing a Google search for a website you already KNOW? Just type the web address in the browser, not in to a search engine. Then save it as a favorite.
--------------------
Meade 10" Lx200-R with Mitty Evolution Wedge
Moonlight SCT Focuser
Stellarvue Raptor 90 Triplet
SBIG ST2000 XM Imager
SBIG ST402ME CCD Guider
Canon Digital Rebel DSLR
Meade DSI-c CCD Guide Cam
Please visit my gallery!
http://www.pbase.com/sandiegopaul/
|
Man in a Tub
Not Retired!, But a little cranky!!!
Reged: 10/28/08
Posts: 2020
Loc: San Francisco, CA
|
|
A few days ago, my IE8 browser suddenly started blocking some members' clear sky charts in their signatures. I've changed no settings, and don't plan to do so. I do see the chart gifs. What's happening?
--------------------
Todd
Brunton Eterna 15x51 ° Garrett Optical Signature Series 15x70
Nikon Action EX 12x50 ° Oberwerk 15x60 and 20x80 Standard
Orion Paragon Plus Mount and Paragon XHD Tripod
Garrett Optical Series 2000 Grip-Action Monopod
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
[Re: 
