I've identified hundreds of websites hosted by DreamHost that contained a PHP page redirecting to hxxp://www.otvetvam.com/. Here are a few examples:
- http://www.lciva.com/wp-content/plugins/extended-comment-options/gyrewnv.php
- http://honorboundphoto.net/photos/10007-mankato_habitat_for_humanity_golf_tournament/agtruje.php
- http://ryanmasters.ca/wp-content/gallery/our-kingdom/thumbs/tyiueg.php
- http://treatmentofpanicattacks.com/wp-content/cache/supercache/www.treatmentofpanicattacks.com/category/anxiety-support/polzin.php
- http://r4theband.co.uk/content/wp-content/themes/agregado/includes/cache/gyrewnv.php
- http://dedehaluk.com/cache/hakkinda/fgjke.php
- http://www.agustindondo.co.uk/yellowbrick/wp-content/files_flutter/modules/fgjke.php
- http://dcstavclub.org/wp-content/themes/newzen_2.0_build_105/images/fgndnju.php
- http://camtarn.org/gizmoblog/content/06/03/entry060305-180312/comments/fgjke.php
- http://derek.hinchy.org/MT-5.031-en/mt-static/support/theme_static/professional_website/themes/professional-green/polzin.php
- http://ojosdelmundo.dreamhosters.com/images/comprofiler/gallery/tghreig.php
otvetvam.com promotes a common "get rich working from home" scam. On the left side, all links point to the same collection of fake testimonies from people purporting to have made plenty of money using the system.
![]() |
hxxp://www.otvetvam.com/ |
Fake Russian YouTube site http://www.tvoitube.com/ |
www.otvetvam.com copied the layout of the popular Russian site, mail.ru. The source code actually reveals that the page was created from http://otvet.mail.ru/question/59882991/, which has now been blocked by mail.ru.
The hijacked sites now redirect to other websites including ru-0tveti.com, ru-0tveti1.com, etc. These domains were registered on 01/25/2012, but no websites are yet hosted at the domains.
I'm sure this is just the beginning of massive abuses on websites hosted by DreamHost.