There is a wordpress site hosted at http://www.vibrantneo.org and is currently being cloned at http://vibrantneo.123productpages.com/ somehow . It is very strange that this particular domain ( http://www.123productpages.com ) seems to do this with A LOT content, but there are no messages on the Internet.
This service has not been selected. This was done without consent. I checked Firebug and the link to the source site server is not mentioned. Is this a malicious site? Why is there no discussion of this βserviceβ affecting others?
* UPDATE * It turns out that this 123productpages actually refers to the actual http://www.vibrantneo.org host files. For example: changing wp-config to invalid credentials will delete both sites.
Probably a Trojan. It is still confusing how this domain and its practice have not become more public. Hope this post finds its way to people with the same problem, as long as I pinpoint the point of failure.
* UPDATE # 2 * Thus, it seems like this is not as malicious as I suspected. Although still very unethical. It looks as simple as pulling content and changing all the links to their domain. All content is still hosted on a real server.
For example: http://blah.123productpages.com will reflect www.blah.com. Of course, they will have to "configure" this particular domain at their end. It seems.
My current fix involves adding a simple js snippet to check the encrypted psuedo domain and find out if it is a proper domain and redirected if it isn't.
The following is an example of blah.com. domain is just a domain, blah.com, shared by a simple 123 (of course, a more complex key can be created).
<script type="text/javascript"> var u = top.location.toString(); var domain = 'b123l123a123h123.123c123o123o123m'.toString(); var domain_decrypted = domain.replace(/123/gi, ''); if (u.indexOf(domain_decrypted) == -1) { top.location = 'http://' + domain_decrypted; } </script>
source share