CWS WARNING: Don't Use Fortune$HITty as a Webhost Please!

[Einhander Sn0m4n]

I just had a real nasty run-in with an extremely dirty, scummy, underhanded tactic whilst browsing on a site hosted by FortuneCity. Apparently their worship of the Almighty Dollar extends to funneling 404 errors to ABCSearch.com, a variant of CoolWebSearch...

Here's how the bullshit happens:

Click a link to a fortune$HITty page that doesn't exist:

Redirect to +http://www.fortunecity.com/error/errorredir.html

Redirect again to +http://157.22.32.141/js?ClickId=<some-r ... tring-here>

Which redirects to such wonderful sites as +http://www.wizardofloan.com/pages/lendi ... review.htm, +http://www.healthcareshopper.com/humana.htm, +http://www.heranswer.com/Rebal_Crms.asp, +http://www.cheapfares.com/, and +www.abcsearch.com.

These sites I've seen advertised in spam emails, and the last one has the CWS homepage hijacker.

Code of Offending page for analysis:

Code: Select all

HTTP/1.1 200 OK

Date: Sat, 06 Mar 2004 11:28:20 GMT

Server: Apache/1.3.26 (Unix)

Last-Modified: Fri, 31 Oct 2003 18:26:12 GMT

ETag: "1608a3-124-3fa2a944"

Accept-Ranges: bytes

Content-Length: 292

Connection: close

Content-Type: text/html



<html>
<head>
<script language="Javascript">
<!--
if(document.cookie.indexOf('fcid=') != -1) {
 document.location = 'http://www.fortunecity.com/marketplace/404.shtml';
}
else {
 document.location = 'http://error.fortunecity.com/?url=' + document.referrer;
}
// -->
</script>
</head>
</html>

The +http://error.fortunecity.com/?url= string redirects to the IP address above, which then redirects to the offending websites, all the while launching popups at EVERY stage like a cheap porn site if the popup blocker's turned off.


Summary: Get CWShredder and STAY THE FUCK AWAY FROM FORTUNE$HITTY!

[Vertigo1]

yay.....

And you'd think they'd learn from the backlash when the CWS hijack was made public....

[Einhander Sn0m4n]

The Fortune$HITTy sons-of-bitches need all the ill will they can have chucked at them...

BTW subscribers to the SpywareInfo Newsletter can expect to hear about this as well...

[Einhander Sn0m4n]

Update: The fuckers are still at it. error.fortunecity.com redirect to +http://rd6.galaxysearch.com/js?clickId=B6573Ceyqny redirect to +http://www.stoneclinic.com/avoiding_kne ... cement.htm, +http://www.adultdvd.com/image/daisy/ (PORN SITE), +http://www.cleanking.com/, c.enhance.com (a pay-per-click site), include.com, epilot.com, +http://www.citationsoftware.com/Solutio ... aPandP.htm, and looksmart.com.

I think Mike at Spywareinfo definitely needs to hear this shit...

[Crayz9000]

I didn't get redirected from their redirect page, oddly enough, but I've monkeyed around with Mozilla's DOM controls so maybe that's it.

Anyway, here's a tidbit from Fortunecity's privacy policy:

VI. Links to Third Parties
FortuneCity's web sites contain links to other web sites. When accessing the web sites of third parties, including through ad banners and other links, you will be accessing sites that are not operated or controlled by FortuneCity. These sites may collect anonymous and personal information by various methods, including the use of cookies. The privacy policies of these web sites may not be the same as those of FortuneCity and may not afford visitors and citizens the same level of protection. Visitors and citizens should contact these advertisers to verify the privacy policies of these web sites and their terms of use when accessing them and prior to providing any anonymous or personal information.

[Shinova]

When I get my new internet connection (hopefully soon) I won't have to rely on Fortunecity for non-image hostine anymore. Good thing, looks like.