As a further follow up to the post above, I've now discovered the hijacking has been done by nuseek.com (I found a link to an image on their site in the source code of the link farm page, and a few searches found they'd done this elsewhere too).
Some searches on the web seem to only bring back results that they've been hijacking websites since at least late last year, and have done it hundreds of thousands of times. It's a weird intermittent hijack to help seemingly skim off some of the traffic, some of the time (ie not all day every day). But then, as I thought last week when it had been cleared, it's now back again.
The fault also seems linked only to some ISPs (ie viewing the website on orange broadband at the moment is as it should be, but viewing it through a BT broadband brings up the link farm). Which does lead me more to the DNS (as this can take a few days to fully propagate around the web, as differing ISPs pick up the new records, whereas html updates are instant).
The actual website is www.puritypoledancing.com (if you get the blonde woman with the rucksack, and all the targeted links, that's the link farm. If however you get a pole dancer.. that's of course the right site!)
Although I have around 30 other domains on the same VPS, all the DNS pointing in the same way, this is the only site affected.
This particular site was also recently transferred between domain providers, from British Telecom, to 123-reg, but none of the other sites I have hosted, or have transferred in the past had been effected).
Of course full scans for malware, etc. on all the PCs all come up clean.
I'm even hearing of people with brand new PCs getting the same problems with which site they get.
So can anyone help me:
- Is this a virus that can't be seen, somehow on a bunch of PCs, that only affects certain websites?
- Is it infected via an ISP?
- Did they hijack part of the domain during the transfer (but still leave all the whois records indicating the right stuff)
- Or what can I do to stop this?
I really look forward to someone hopefully being able to enlighten me on this challenge!