A fix for strange search results

Something looked broken with Web search on my computer yesterday, and it took me only about 18 hours of detours to figure out the problem. To spare you all the trouble of repeating my troubleshooting, here’s how things worked out.

search redirect network activityEverything started when I was doing a routine search for a post I’d written last winter on CEA’s blog. I clicked on Google’s link, saw a random address appear and then another, and found myself looking at a sketchy page with ads for some casino instead of my analysis of exemptions to the Digital Millennium Copyright Act’s anti-circumvention provisions.

My first thought–both frightened and angry–was that I’d finally gotten hit with a virus like DNSChanger on my own computer. But the same hijacked search happened in another Mac and on the Chromebook I’d just reviewed.

Maybe my wireless router had gotten compromised somehow? I had covered one reader’s experience with that two years ago, and my fellow tech journalist Glenn Fleishman (I’d say he’s forgotten more about WiFi than I’ll ever know, but he forgets nothing) thought that was likely too.

But the router had nothing amiss with its domain-name-server settings. Meanwhile, doing the same search in the browser on an AT&T Android phone (another recent review) didn’t yield any spurious results. Two replies on Twitter also suggested this issue might be specific to Internet providers.

My last move before getting distracted by our daughter was to try the same search on other sites. At Bing, the result also got hijacked; at DuckDuckGo, it did not.

This morning, as I was using Safari’s Web Inspector to see if I could get any more insight on the mechanics of the hijack (and take the screengrab you see above), another Twitter reply suggested that it could be an issue with CEA’s installation of WordPress. There is a history of exploits for that popular blogging platform that target incoming referrers from popular sites to send those clicks elsewhere; see, for instance, this Q&A thread.

(WordPress.com, this blog’s host, is a commercial service that runs WordPress; one of its selling points is having professionals stay on top of patches and security so I don’t have to.)

Sucuri LLC’s malware-checking site didn’t find any malware at CEA’s blog. But when I e-mailed somebody at the Arlington, Va., trade association, they did find a malicious script on the site that’s since been removed. And now, my original search takes me to the right page.

So I guess reporting this counts as this week’s good deed for the Internet… and maybe a start on next weekend’s USA Today column. But before I do that: Have you run into anything like this? Were you able to get it resolved? What else would you like to know about search hijacking?

About these ads

Weekly output: blog hosts, QAM, Kojo Nnamdi, iPad rumors, Web chat

This week involved more real-time interaction with readers than usual.

2/12/2012: Tip: For a personal Web page, keep it simple, USA Today

First a reader e-mailed to ask about the easiest way to host a blog under a personal domain name; then, between my filing this piece and USAT posting it, two friends asked me the same question. I guess the timing was right for the topic. The column also offers a tip that emerged from a comment thread here: You can recharge an iPad over any random charger with a USB port, not just a higher-powered model labeled as iPad-compatible.

2/14/2012: Qualms Over QAM, CEA Digital Dialogue

Here I discuss the cable industry’s proposal to encrypt the local, public, educational and government channels that “QAM” (Quadrature Amplitude Modulation) tuners in digital TVs can receive without a box. Would you trade that–cable operators say encrypting QAM will free new customers from having to wait for the cable guy to show up–for the Federal Communications Commission making its “AllVid” proposal for box-free reception a standard for both cable and satellite? For further reading: The National Cable & Telecommunications Association’s Paul Rodriguez explains why cable operators don’t like the “traps” they now use to control access, while venture capitalist Fred Wilson argues for keeping clear QAM and providing the broadcast channels for free.

2/14/2012: Our Love/Hate Relationship with Email, The Kojo Nnamdi Show

I discussed ways to tame an overloaded inbox with WAMU host Kojo Nnamdi and two other guests, etiquette author Anna Post and IBM social-computing evangelist Luis Suarez. You hear more of me in the second half of the show, after Suarez’s call-in segment ended. (Tip: You can speak in paragraphs on public radio, but they have to be newspaper paragraphs.)

2/17/2012: The Only ‘iPad 3′ Story You Need To Read, Discovery News

The headline I wrote may oversell this story a bit–but, really, the feature set on the next iPad should not be that hard to figure out. And if this post isn’t the only next-iPad piece you elect to read, it’s certainly the only one I plan to write, just as I only wrote one next-iPhone post last year.

2/17/2012: Living a Connected Life (Web chat), CEA Digital Dialogue

My second monthly chat for CEA started a little slow, but I wound up getting enough questions from readers to stick around for an extra 15 minutes. One query I got confirmed my decision to devote next week’s CEA post to the upcoming reallocation of some spectrum from TV to wireless data mandated by this week’s payroll tax-cut bill. Another may yield an item for my USA Today column: how to connect an ’80s-vintage Nintendo NES (no, really) to an HDTV.