Even owner may be unaware site has been hijacked

Peter Vogel

Mentioned several times in this space over the past few years is the Soople www.soople.com search site that repackages much of the powerful functionality in the Google search engine into a user-friendly format.

A couple of weeks ago my principal sent me a note to say that his shortcut tab (he uses Internet Explorer version 7) to Soople no longer worked. He had been a devoted Soople user for a couple of years and found his inability to use the site quite frustrating. Specifically, his attempts to use Soople were being redirected to an American Internet service provider’s Web site.

I thought about the matter for a while and decided it had to be a “hijacking” of sorts, either at the browser level, or of the special “hosts” file that resolves Internet addresses when no “name server” is present. For most of you reading this column your “hosts” file is probably little more than a curiosity. In most cases your Internet service provider runs a name server to take care of such matters.

Windows XP users can check out their hosts file in windows\system32\drivers\etc. The hosts file can be examined or opened with a program such as Notepad. Generally it will consist of several lines of comments starting with the # character. The last line is usually the so-called universal or local loop-back IP address, 127.0.0.1. In hijacking cases this may not be the case.

For instance, a commonly visited site might be rerouted in the hosts file to an alternative location. That was my suspicion in this case. Spyware and computer virus distributors will sometimes force a change to the hosts file that blocks all traffic to anti-virus product distributors.

However my principal reported the next day that his hosts file was clean. Back to the drawing board. Fortunately, a little later a student came to ask me why Soople was no longer working (students in our Grade 11 and 12 computer classes are taught to use the service). Why, he wanted to know, was he being served content from lunarpages.com?

Just the break I needed (plus it made up for my stupidity in not checking the site earlier myself) and a teachable moment at that. I shared the principal’s experiences, my failed suggestions, showed him a temporary work around using Google’s cached pages, and then set about contacting Soople’s owner to let him know, in case he wasn’t aware of it, that his site had been hijacked.

Soople started out, and in fact still operates as a Dutch site at www.soople.nl, but it too had been hijacked. Off to www.allwhois.com, the fine site that lists available registration information for a huge number of web sites for just about any extension and country code. Soople’s registrant is listed there by name and e-mail address.

A quick e-mailed note to the owner did the trick. By the following morning soople.com was back in business, soople.nl a few hours later. My principal was happy, and so were my students.

If you feel adventurous, you can use the hosts file to block sites, say certain advertising sites you encounter frequently. For instance, adding the line 127.0.0.1 http://ads.cnn.com will nicely drop many of the popunder ads served up on the cnn.com web site by redirecting the advertisement lookup to your own computer.

Fraud alert of the week

It seems that Internet fraudsters will stop at nothing, not even the hallowed ground of the Canadian tax refund.

Consider the following phishing e-mail posted on the Department of Finance’s web site www.fin.gc.ca/fraud_e.html recently.

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $112.80. Please submit the tax refund request and allow us 6-9 days in order to process it.

A refund can be delayed for a variety of reasons, for example, submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here.

Regards,

Department of Finance Canada

The department is emphatic: “The e-mail is not from the Department of Finance Canada. There is no such refund. Do NOT fill in the form, as it will compromise your credit card and social insurance information. If you receive this e-mail, simply delete it. We have already notified appropriate law enforcement authorities.”

Reader question:

A reader asks, can a school or third world organization put his old computer to good use?

Short answer: no. Longer answer: still no. Unless the computer is at least a Pentium-3 class machine, most schools will turn you down.

Computers for Schools, the local group that redistributes used computer gear, has a minimum requirement of P3-800 MHz. Some community organizations such as Rotary ship containers of refurbished computer gear to schools in Africa from time to time. They may have less stringent requirements.

Interesting site of the week

A Bible atlas which harnesses the technology of Google maps: www.biblemap.org.

Peter Vogel is a Physics and Computer Sciences teacher at Notre Dame Regional Secondary School (www.ndrs.org). Suggestions and comments may be sent via e-mail to peterv@portal.ca.