Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Website is redirected to unknown suspicious site very often

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Introductions
View previous topic :: View next topic  
Author Message
ramya
Newbie


Joined: 29 May 2008
Last Visit: 07 Jun 2008
Posts: 2
Location: San Diego,CA

PostPosted: Fri Jun 06, 2008 5:10 am    Post subject: Website is redirected to unknown suspicious site very often Reply with quote

Hi All,

I hace a website and as soon as it is opened it gets redirected to a spy site . I don't really understand whether my site is hijacked.

It happens very often.I did vulnerability check and fixed the javascript which was injected in my home page, due to which google had abandoned my site.

My site was in 2nd position in google search ,now its in 9th position, which is ridiculous..

I installed anti spyware software , due to which it won't redirect on that particular system. But at the same time if I open the url in a different machine, in fractions of seconds its redirected to Suspicious site.

So is it something been affected to FTP itself or I don't have any idea what should be done?

Please I need a urgent solutions because its long time I'm struggling to solve this Problem.

Thanks in advance



Regards,
Ramya
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Oct 2014
Posts: 10331
Location: at the beach

PostPosted: Fri Jun 06, 2008 6:30 am    Post subject: Reply with quote

Hi ramya,

Your site may have been hacked. It's happening a lot lately. You should contact your hosting provider and you should check all your content for new pages or changes to your web pages and code. I don't have time right now, but if you want to PM me with the URL for your website, I might be able to check it later this evening.

Also change all your passwords to your FTP account, control panel, etc.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
ramya
Newbie


Joined: 29 May 2008
Last Visit: 07 Jun 2008
Posts: 2
Location: San Diego,CA

PostPosted: Sat Jun 07, 2008 2:44 am    Post subject: Reply with quote

Hi Suzi,


I checked each and every file to see that files with names default, home, index were injected a javascript gban(x).

Inspite of changing username and password, this is occuring. I don't really understand what to do? Is there a way to scan the ftp or to block such injection to site?

Regards,
Ramya
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Oct 2014
Posts: 10331
Location: at the beach

PostPosted: Sat Jun 07, 2008 2:18 pm    Post subject: Reply with quote

Ramya,

It's hard to say how it is happening, expecially without knowing what kind of content is on your site. Do you have your own dedicated server, or do you have shared hosting? Either way, you should contact your hosting company and tell them what is happening and they may be able to tell you what to do to stop it. If you are on shared hosting, it may be a problem with the hostng company's security and no fault of yours or your site.

There are a lot of ways this can happen. If you have a blog, there are vulnerabilities in WordPress. If you are using Coppermine Photo Gallery, there are holes in it. If you have a forum, is the forum software up to date? There are security issues with outdated web apps and hackers take every advangate to use those holes. Does your site content use a database like sql or mysql? There is info about sql injections.

http://en.wikipedia.org/wiki/SQL_injection

You may be the victim of a cross-site scripting attack.

http://en.wikipedia.org/wiki/Cross-site_scripting

I can't stress enought that you should contact your hosting company about what is happening. Some are good about helping, others not so good but they should know. You should check all your web apps, like forums, blogs, etc. to make sure you are using the latest version. You should also check your own computer to make sure you haven't been infected from your own site.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Introductions All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group