Malware keeps redirecting from one of my URLs

Hi all

Hoping for a little help or guidance how to stop the spam/malware running redirects from my site, in particular https://www.example.com/venue/somename

I have hundreds of links similar to the below displayed in my google console, with some creating serious errors [Server Error(5xx), Redirect error]

http://www.example.com/venue.php?url=http://cleantalkorg2.ru/article?yez-147256-ihtda
http://www.example.com/venue.php?url=https://www.zzzxxxres.info%810%842

I also added

http://www.example.com/venue.php?url=https://www.bbc.co.uk/news/uk

…which redirects to bbc.

What/how can I stop this?

Some of my .htaccess rules for venue.php

RewriteCond %{SERVER_PORT} 80
RewriteRule ^/?venue/([a-zA-Z-]+)$ https://www.example.com%{REQUEST_URI} [L,R=301]
RewriteRule ^/?venue/([a-zA-Z0-9-]+)$ venue.php?venue_id=$1 [L]

Many thanks,
Barry

Sorry if I’ve misunderstood, but surely what you need to do is find and remove the malware?

Your right, this is not malware sorry for confusion.
I should of used spam instead of malware.

Ok, simple question.
How do I stop/prevent the urls executing from my domain?

Example using bbc url:
http://www.example.com/venue.php?url=https://www.bbc.co.uk/news/uk

How do I stop them?

Thanks,
Barry

It looks like the easiest fix would be to remove the venue.php file.

OK, I know that isn’t an option. You have this now?

RewriteCond %{SERVER_PORT} 80
RewriteRule ^/?venue/([a-zA-Z-]+)$ https://www.example.com%{REQUEST_URI} [L,R=301]
RewriteRule ^/?venue/([a-zA-Z0-9-]+)$ venue.php?venue_id=$1 [L] 

Can you edit the venue.php file or must this be done with htaccess ?

Thanks @Mittineague

Correct.

Though I do need venue.php which is the template for displaying each and every venue. I run some PHP and SQL which generates the data based on the venue_id

I tried adding the count so only venues inside the DB would return, though this didn’t fix the redirecting issue.

venue.php

$hello = $_GET['venue_id'];

if(isset($hello)) {
  $stmt = $mysqli->prepare("
    SELECT count(1)
    , v.id
    , v.venue_id
...

I can edit any: venue.php or htaccess, or both?

I also tried changing

^/?venue/([a-zA-Z0-9-]+)$
to
^/?venue/([a-z-]+)$

Which limits what parameters can be used, again this didn’t help.
Every venue is char based with - for spacing, meaning no numbers or special chars will ever be needed.

Update
Also wondering.

As it stands, venue.php can load on its own which shows a blank template in the browser. Not good practice I don’t think. Maybe something I need to refactor or change, redirect maybe if no venue_id is present?

I have lots of indexed files:

https://www.example.com/venue/venue-one
https://www.example.com/venue/venue-two
...

venue.php is redundant on its own.

https://www.example.com/venue.php

Barry

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.