I notice the other day, and I don’t know how long this has been happening for, that a URL within my website is re-directing to some Armani Suit site!!
Nothing to do with me and nothing to do with out product/services.
I understand how to re-direct a website, but for that I need access to the hosting server or at least FTP.
What is happening is if you go to www.example.com/images/icons/index.cfm you are re-directed to an Armani suit page. But I have not set this up, my developer says that he has not done this. And I have asked him to check the server and he says no one has hacked it.
And I ran scans of site to check for malware etc. nothing…
So how can this happen?
Unless I am being naive, and the developer is pulling a fast one!!
I have posted the URL with Google’s ‘De-index’ and this they have confirmed has been removed from their index. Any help or advice would be most appreciated. As I would love to get to the bottom of this or get a better idea of how it could have happened.
Have you had a sudden spate of visitors requesting that URL? It doesn’t look like one I can imagine anybody actually entering, so it wouldn’t seem to be very effective as a hack, but who knows?
I know your developer says the site hasn’t been hacked, but if you didn’t set this up, and he didn’t set this up, who else is left? Does anybody else have access? I had three sites hacked some time ago. Two of them had directories added, but the third had files added to the cgi-bin, which I wouldn’t have noticed, had I not been scrutinising all my sites closely.
No idea what kind of site you’ve got but if you have something where users can post comments and such they could easily setup some sort of XSS attack and use javascript to redirect a browser.
I would use something like wget or httpie to get the source and see what is going on first.
They are small command line utilities that will fetch a file on the web without any of the code in it being ‘active’ as it would be when directly accessing it via a browser.
By viewing the source of the fetched file you can check whether the redirect is being performed by a javascript injected into the page or by other means, which will help you track down the root cause of the issue.
So I don’t know what any of this means, I have changed the URL and IP address only.
As for whether it was an affective hack or not, the idiot who has done this has created several hundred back links to the URL which has been picked up by Google, which has created merry hell, as we had a partial notice already!!!
So although I would love to know how and why and by whom this has happened. My main concern is getting the sh1te back links removed. And get to back to concentrating on getting the back links I know were bad in the first place
Such is life though!!!
The google element and bad back links is not really anything to do with this forum post, so sorry for taking my quest for help slightly away from the hacking element…Any further help with the hacking would be most appreciated.
I wouldn’t worry too much about Google. Sort out the site, get it cleaned up and then submit a reconsideration request through Webmaster Tools. Explain the site was hacked and the steps you’ve taken to clean it up. Only one of my three hacked sites had been picked up by Google (it happened while I was away, with no Internet access) but they acted quickly on the reconsideration and there were no lasting ill-effects.
I have been through all that, and I still cannot find how, why, what this idiot did…or whoever it was. I mean I am not interested in the Why, just the how.
As for Google, apart from the Partial Notice, I know and will be getting a reconsideration for the spam links to the hacked page. I have already got the hacked page removed from Google Index.
Two of my sites were hacked via FTP. When I looked at the logs, there had been access from an IP address that wasn’t mine. I never did find out how the third one was accessed. I subsequently changed hosting company, as I discovered the hosts I was with were useless when it came to security, and basically not interested in the problem.
The hosting company kept insisting the problem was at my end, because there couldn’t be anything wrong at their end - so I’m afraid I took a rather grim delight in the fact that they were hacked a couple of months later. [/ot]
You’ve saved an html page that is being output by the server side script. You can now open this with an editor and look at the code to see whether the redirection is being performed by javascript. This will help work out where the flaw in your site is.