The same thing is happening with my site. I suspect this has been
going on for the past few days because my overall traffic has been cut
in half, beginning sometime on Friday, Nov 7, while I was out of
town. While I was away, I noticed my traffic seemed a lot lower than
usual.
I got back to town last night and checked to make sure my server was
still working, but there seems to be no trouble there. Then I checked
stats and noticed I was getting no referrals from Google.com. When I
searched for my site at Google and clicked on a link, I was redirected
to viewallclicks.com, and Norton popped up to tell me it had blocked a
"high-risk" intrusion attempt by viewallclicks.com -- the "attacking
computer" was "89.149.227.232, 80" which appears to be based in
Frankfurt, Germany.
When I Google viewallclicks.com, only one link show up, which is this
discussion thread.
Does anyone have an idea what is going on??? This is a huge
problem!!!
> My website works fine and is not malicious.www.zootopiatheatre.org.
> But if I search for zootopia theatre on google and click any of the
> results, I get a message instructing me to download antivirus
> software. I just renewed my Norton subscription and it identified
> this issue as an attempt to attack my computer from viewallclicks.com.
> I am concerned because my theatre company has not done anything to
> cause this. And the problem is only showing up on Google. I don't
> want people to think that my company is fraudulent.
Check your .htaccess file. Mine had been hijacked. It had been
rewritten -- by someone other than me -- to redirect all incoming
traffic from Google, AOL, MSN, Altavista, Ask, and Yahoo to "http://
89.28.13.202/in.html?s=ix"
My .htaccess file had a "modified date" of Friday, Nov 7, around mid-
day, which was about the time my stats show a steep drop-off in my
traffic.
> The same thing is happening with my site. I suspect this has been
> going on for the past few days because my overall traffic has been cut
> in half, beginning sometime on Friday, Nov 7, while I was out of
> town. While I was away, I noticed my traffic seemed a lot lower than
> usual.
> I got back to town last night and checked to make sure my server was
> still working, but there seems to be no trouble there. Then I checked
> stats and noticed I was getting no referrals from Google.com. When I
> searched for my site at Google and clicked on a link, I was redirected
> to viewallclicks.com, and Norton popped up to tell me it had blocked a
> "high-risk" intrusion attempt by viewallclicks.com -- the "attacking
> computer" was "89.149.227.232, 80" which appears to be based in
> Frankfurt, Germany.
> When I Google viewallclicks.com, only one link show up, which is this
> discussion thread.
> Does anyone have an idea what is going on??? This is a huge
> problem!!!
> On Nov 11, 11:17 pm, britneyburgess wrote:
> > My website works fine and is not malicious.www.zootopiatheatre.org.
> > But if I search for zootopia theatre on google and click any of the
> > results, I get a message instructing me to download antivirus
> > software. I just renewed my Norton subscription and it identified
> > this issue as an attempt to attack my computer from viewallclicks.com.
> > I am concerned because my theatre company has not done anything to
> > cause this. And the problem is only showing up on Google. I don't
> > want people to think that my company is fraudulent.
The same thing happened to my sites on IX webhosting, on November 4th.
To add to the mystery, the .htaccess files was FTP to the server. That
means
the FTP accounts were compromised somehow, so change FTP account
passwords, even login names
> Check your .htaccess file. Mine had been hijacked. It had been
> rewritten -- by someone other than me -- to redirect all incoming
> traffic from Google, AOL, MSN, Altavista, Ask, and Yahoo to "http://
> 89.28.13.202/in.html?s=ix"
> My .htaccess file had a "modified date" of Friday, Nov 7, around mid-
> day, which was about the time my stats show a steep drop-off in my
> traffic.
> On Nov 12, 7:35 am, WavMaker wrote:
> > This is a crisis situation!!
> > The same thing is happening with my site. I suspect this has been
> > going on for the past few days because my overall traffic has been cut
> > in half, beginning sometime on Friday, Nov 7, while I was out of
> > town. While I was away, I noticed my traffic seemed a lot lower than
> > usual.
> > I got back to town last night and checked to make sure my server was
> > still working, but there seems to be no trouble there. Then I checked
> > stats and noticed I was getting no referrals from Google.com. When I
> > searched for my site at Google and clicked on a link, I was redirected
> > to viewallclicks.com, and Norton popped up to tell me it had blocked a
> > "high-risk" intrusion attempt by viewallclicks.com -- the "attacking
> > computer" was "89.149.227.232, 80" which appears to be based in
> > Frankfurt, Germany.
> > When I Google viewallclicks.com, only one link show up, which is this
> > discussion thread.
> > Does anyone have an idea what is going on??? This is a huge
> > problem!!!
> > On Nov 11, 11:17 pm, britneyburgess wrote:
> > > My website works fine and is not malicious.www.zootopiatheatre.org.
> > > But if I search for zootopia theatre on google and click any of the
> > > results, I get a message instructing me to download antivirus
> > > software. I just renewed my Norton subscription and it identified
> > > this issue as an attempt to attack my computer from viewallclicks.com.
> > > I am concerned because my theatre company has not done anything to
> > > cause this. And the problem is only showing up on Google. I don't
> > > want people to think that my company is fraudulent.
I'm having the same problem with all my sites on IXwebhosting. Changed
the FTP password but
cannot seem to find the .htaccess file anywhere in the folders.
Can anyone point to where you would find the master version of this
file?
> I'm having the same problem with all my sites on IXwebhosting. Changed
> the FTP password but
> cannot seem to find the .htaccess file anywhere in the folders.
When you access your hosting account via FTP, the .htaccess file
should be in /domain.com/. It's a "hidden" file, and some FTP software
programs don't show it by default; you may be able to find a setting
in your FTP software to show hidden files.
IX provides a "WebShell" in the control panel, which is a web-based
FTP access point. You can edit or delete the .htaccess file(s) from
there (I found one in every single domain and subdomain folder, so be
thourough).
> Can anyone point to where you would find the master version of this
> file?
Alas, there is no "master" version of this file for IX accounts. In my
case, I had to start over with recreating these from scratch (or re-
uploading the versions on my hard drive).
Which effectively says "if anyone was referred to your website by a
major search engine, send them
to the webserver at 89.28.13.202 instead."
Glad to know it's not my carelessness, but IXWebHosting that appears
to have the security hole. No control panel
logins at the time. Can't find any FTP logs.
Cleaning up: if you don't know what a .htaccess file is, just delete
the .htaccess file or rename it to EVIL.htaccess
so it has no effect on the web server. If you did have an .htaccess
file, recover from backups.
FileZilla is a FTP client which will show you .htaccess files.
(Windows command line FTP hides them)
Possibly the ixwebhosting control panel will also let you rename/
delete them.
And, of course, change your ixwebhosting account passwords.
Hi,
I don't have a website, but I was in my msn hotmail email account when
my Norton scanner popped open and said a high risk intruder attempt
had been sucessfully blocked. It said it was a HTTP Misleading
Application Detection and the attack came from viewallclicks.com and
gave the IP address that was trying to attack my computer.
I have has some problems in the past with an individual (my almost ex)
trying to hack into my computer, sending viruses, installing a remote
access program, etc. Does anyone know if this viewallclicks is being
used by individuals who arent looking to redirect website hits? Shold
I be content that norton detected and stopped it? Or is there anything
else I should be doing to protect my computer?
> Which effectively says "if anyone was referred to your website by a
> major search engine, send them
> to the webserver at 89.28.13.202 instead."
> Glad to know it's not my carelessness, but IXWebHosting that appears
> to have the security hole. No control panel
> logins at the time. Can't find any FTP logs.
> Cleaning up: if you don't know what a .htaccess file is, just delete
> the .htaccess file or rename it to EVIL.htaccess
> so it has no effect on the web server. If you did have an .htaccess
> file, recover from backups.
> FileZilla is a FTP client which will show you .htaccess files.
> (Windows command line FTP hides them)
> Possibly the ixwebhosting control panel will also let you rename/
> delete them.
> And, of course, change your ixwebhosting account passwords.
I also have ixwebhosting and this started for me about 5-7 days ago.
i first noticed the problem when my adwords clicks were at 100 and my
analytics were like 40. i guess i lost all the clicks from this
period.
then, i emailed google and said what's up?!? they eventually replied
and then badwared the site. i had no idea what was up. our site was
a simple collection of frontpage pages linked together - simple.
this is clearly a hosting issue. i guess this current problem can be
linked to a few infected servers.
i've had ixweb hosting for about 5 years and i've never had the
trouble - yet, this does hurt.....and just seems sloppy by a larger
hosting company.
i'll be interested to see how they respond and handle this issue.
I also got hacked and deleted the .htaccess file now google cannot
crawl any of my sites!
I just get:
Network unreachable: robots.txt unreachable
We were unable to crawl your Sitemap because we found a robots.txt
file at the root of your site but were unable to download it. Please
ensure that it is accessible or remove it completely.
Anyone else got this issue???
IX are rubbish and wont respond to the problem, they just say please
contact google!!!!!!
> I also got hacked and deleted the .htaccess file now google cannot
> crawl any of my sites!
> I just get:
> Network unreachable: robots.txt unreachable
> We were unable to crawl your Sitemap because we found a robots.txt
> file at the root of your site but were unable to download it. Please
> ensure that it is accessible or remove it completely.
> Anyone else got this issue???
> IX are rubbish and wont respond to the problem, they just say please
> contact google!!!!!!
