As of a year and a half ago, according to the article on the page you
linked to, the problem described is no longer an issue.
Some time even before that, 302 SERPs hijacks were no longer possible.
What do you mean by, "our url is being redirected", do you mean that
if I go to the URL of your site, I would get redirected to another
site or do you mean the URL for listings of your content in the SERPs
is actually for a different site?
THANK YOU so much for such quick response. Sorry - not! I am very
hopeful to hear that it is not the problem described in that link...
Do you know where I can find some instructions to fix the problem?
Would re-building my site from scratch solve the problem, or is it
something happening above that directory where this site is located on
my hosted server?
What measures can I take to prevent this from happening in the future?
> My guess is that you didn't intend for this to happen and that your
> site has some security holes in it and someone has injected some code
> into it.
I'm no expert at finding and fixing hacks by any stretch, but I have
heard that many have been injected by having some folders set to 777
access. One that I saw had .htaccess changes in every subfolder on
the site and two rouge .php files inserted on the site. If you can
view through FTP the files on your site and perhaps find a pattern of
dates of changes that you didn't make, then you may be able to find
the offending stuff.
I'd definitely get the host involved to let them know that the server
may be vulnerable to attack as it would be in their best interest to
protect you and their other clients as well. Perhaps they can find
the hole and the intrusions as well.
> THANK YOU so much for such quick response. Sorry - not! I am very
> hopeful to hear that it is not the problem described in that link...
> Do you know where I can find some instructions to fix the problem?
> Would re-building my site from scratch solve the problem, or is it
> something happening above that directory where this site is located on
> my hosted server?
> What measures can I take to prevent this from happening in the future?
> > My guess is that you didn't intend for this to happen and that your
> > site has some security holes in it and someone has injected some code
> > into it.
> Would re-building my site from scratch solve the problem, or is it
> something happening above that directory where this site is located on
> my hosted server?
If you have a clean backup of your site
uploading that would be a good first step.
Also, as you are on an Apache server, look
at your .htaccess files (They are normally hidden)
and make sure there is nothing unexpected in there.
Your hosting provider may have placed some
directives there so consult with them also.
Also go over your entire webspace and look
for anything you did not put there.
If used, don't forget cgi-bin.
Also I see that your hosting server has
FrontPage 5.0.2.2635.SR1.2 extensions
installed. These have vulnerabilities that
need to be addressed and patched.
Check with your hosting provider in
regard to this.
YES, the server itself beyond your webspace may be affected.
Again, Contact your hosting provider and Demand action.
> THANK YOU so much for such quick response. Sorry - not! I am very
> hopeful to hear that it is not the problem described in that link...
> Do you know where I can find some instructions to fix the problem?
> Would re-building my site from scratch solve the problem, or is it
> something happening above that directory where this site is located on
> my hosted server?
> What measures can I take to prevent this from happening in the future?
> > My guess is that you didn't intend for this to happen and that your
> > site has some security holes in it and someone has injected some code
> > into it.
Your situation is very unfortunate, though not uncommon. I'm sorry it
had to happen to the geeks from such a good town. I've have a soft
spot for Denver since I spent a vacation there shopping at Cherry
Creek and exploring the downtown nightlife with some friends who were
at DU for college and grad school.
The bad news is that it looks like JLH is right, you've been hacked,
and visitors from our search results are being redirected to a malware
distributor.
Although I cannot tell specifically how you were script-injected or
where the script that's doing the redirection is located, here are
some general pointers for cleaning up:
- You're running Apache. Check all your .htaccess files for code
that doesn't belong there. Get rid of it.
- Look for scripts [usually php] that you did not write. Get rid of
those, if you can. Sometimes permissions get hacked in unfriendly
ways, so you may need to contact your host for help. Make sure to
look for hidden files and files whose names start with ., too.
- Call your webhost and have them check the directories above your
site for sketchy files if you are on virtual hosting.
- If you are running a CMS, image gallery, forum, or any other open
source CGI application on your site, make sure it's up to date.
Hackers often take advantage of known security holes in open source
software by attacking sites that have not kept their CMS up to date.
- You're also running cpanel. Have your host make sure it too is up-
to-date. cPanel hacks can be nigh impossible to clean up with normal
login permissions, so you will almost assuredly need your host's help
to get rid of the injected scripts if this is the case.
That being said--best of luck! I hope the short bout of "warm"
weather (well, 40's is warm for winter in Denver) can keep you cheery
as you take this on.
-Bergy
PS. Goodness, JLH and Abracadabra just posted in the time it took me
to draft this. Thanks for helping, guys. Nobody likes being hacked--
hearing the voice of experience is much appreciated.
> THANK YOU so much for such quick response. Sorry - not! I am very
> hopeful to hear that it is not the problem described in that link...
> Do you know where I can find some instructions to fix the problem?
> Would re-building my site from scratch solve the problem, or is it
> something happening above that directory where this site is located on
> my hosted server?
> What measures can I take to prevent this from happening in the future?
> > My guess is that you didn't intend for this to happen and that your
> > site has some security holes in it and someone has injected some code
> > into it.
I'm having a similar problem. The offending content has been deleted
from our site, but as part of the hack, they put referring URLs on
another organization's Web site that point people to our site when
they search for certain porn-related terms. I've contact that org but
no response yet. How can I get Google to delete all references to
those files ASAP???
I spent the last few hours installing a fresh copy of the CMS source
code on my site, and rebuilding all of my site pages, replacing the
entire subdirectory with all new files, and VOILA - no more malicious
redirect!!
I can't thank you enough - you are sooo AWESOME...
