Having recently transferred a domain name from BT, to 123-reg (where I already have nearly 80 other domains), one of my client's domain name seems to have somehow been hacked/hijacked by nuseek.com to be replaced occasionally by a link farm.

The website is hosted on a VPS server (where I have a bunch of other domains without a problem). There’s not been any PHP or SQL uploads, and no other website on the VPS is affected.

Similarly, I've scanned three computers encountering the problem, and all have come back clean of viruses, etc.

Essentially, when someone types in my client's domain www.puritypoledancing.com, quite often (but not all the time), the site appears to be a link farm, all with appropriate links based on the domain name (ie belly dancing, etc.), and a picture of some blonde woman with a rucksack (of which the image is hosted on nuseek.com). However, this link farm has nothing to do with the actual pole dancing website (which has a picture of a pole dancer, and various standard internal links to getting classes, gallery, etc.), and has nothing to do with me either.

All the DNS settings on both the domain control, and the VPS are showing as they should (and just like all the others hosted with the same domain name reseller & VPS).

The problem appears to come and go, so when I think I've ‘fixed it’, or when my VPS provider, or domain provider 'claim' to have resolved it (ie by trying to reset the DNS again, etc.), a few days, or a week later, the link farm appears again in the same way, and all the tertiary domains (ie the domain’s mail, etc) are also blocked and replaced by the link farm.

So far, my searches around the web don't seem to prove too fruitful. As far as I can gather, it seems nuseek.com have hacked/hijacked loads of websites late last year: http://www.techworld.com/security/ne...S&NewsID=10798

I’m also finding other people who agree that the link farm is just skimming off traffic temporarily at various times of the day/week, as I've experienced, without taking permanent control of the domain.

I'm finding that depending which ISP I'm using at the time (ie if I symultaniously look at the site through two ISPs), one picks up the link farm, the other picks up the real site.

So I assume it must be something down to the nameserver or DNS settings, as these can take a few days to propagate around the web (ie hence why two ISPs would see different sites) rather than of course html updates which are instant.

So has anyone come across this type of thing before, and can anyone suggest how I can get around it and stop it happening again, when all the nameserver, DNS, and domain whois records show the site as it should be?

I look forward to trying to find an answer so I can stop this incredibly annoying (but strangely impressive) challenge!