My site being used for phishing attacks? Deleted old script

Hi, there was an old script called AXS that I used for tracking clicks for external links from my site. It became compromised/hacked at one point long after I stopped using it when I realized it was being used for phishing/scams/illicit links. I deleted the script from my server, but lately have been getting several emails from people saying this code is being used to forward to people malware, scams, SEO spam, etc.

This is the link they provided:

They said you put any URL after the question mark and it still redirects. This is the old path to the AXS script I had. My problem is I deleted that /cgi-bin/axs/ folder literally years ago and it doesn’t exist on my server (I even am showing hidden files in FTP). So how is this redirect still happening when that URL path doesn’t exist on my server? It should show a 404 error, right?

Thank you…


It’s certainly puzzling that the redirects from your deleted AXS script continue. To tackle this issue, you might want to start by clearing any caches on your CDN or web server, as they could still be serving the old version of the script. Next, carefully check your server’s configuration files, such as .htaccess for Apache or nginx.conf for Nginx, to ensure no residual redirect rules are in place. Also, it’s wise to verify that your DNS settings have not been altered to redirect traffic inadvertently. Additionally, consider the possibility of a security breach which might have allowed the script to be restored or hidden. :+1:

1 Like