11-02-2009, 08:09 PM
Several months I've worked for getting my own website finished. Now it is up and running I am experiencing a weird fenomenon. Namely, sometimes when I browse my own website I am redirected to some changing *.cn - website. This looks a lot like a hack of my website to me... because I do not experience such redirects on other sites, so it is not a virus on my pc, but I think it has to do something with malicious code in my code.
Because it happens randomly (1 on 300 times?) and I don't know what I can try more I hope you guys/girls have other ideas that I can try.
the website is: ogiks.nl (read ogiks backward to get the real domainname, please if you mention my website, mention it as ogiks.nl so g00gl3 doesn't attach this thread to my website)
11-03-2009, 02:10 AM
Look for any hidden (or not hidden) .htaccess files.
11-03-2009, 05:42 AM
I just went to your site and we aren't redirected. If it was a problem with your site we would all likely get redirected so its still possible that its an issue with your system.
11-03-2009, 08:26 AM
Thanks for the advise mlseim. I just checked for hidden files and couldn't find any suspicious file, even checked the htaccess-files in the dir-structure, but they were all fine.
@_Aerospace_Eng_ that is a bit of the problem. It doesn't happen all the time, only once in the 150 times. So I don't know how to debug this. I'm only experiencing this on my own websitepages (1 on 150 times) so I suppose it has to do something with it. (because I do not experience this on other common websites)
I did a clean install with windows 7, but still having the same problem as on windows vista before, so I can't imagine it has to do something with my system.
I've called my hostingprovider and they're also trying to find out what the problem might be.
If you have any ideas, please let me know.
11-03-2009, 12:47 PM
Also do you have anything on your site that allows user uploads?
11-03-2009, 05:42 PM
Yes people can upload their product-reviews and they can send an email via a webform. Both are checked on scripts etc.
After that, the productreviews are stored in database with hackcheck of php's PDO-class.
one of the url's redirected to is:
DO NOT CLICK!
I've uploaded two screenshots to my server:
* read domainname backwards again
Screen1 is when browsing from ogiks.nl/andorra/ to ogiks.nl/frankrijk/
a popup occured and after clicking "OK" redirected to eric-clapton2009.cn.
nowadays a popup doesnt occure anymore, but it directly redirects to a malicious website.
Screen2: On the left side is the redirected site which isn't showed because of my internet filter.
On the right side you see what it should display.
google report of the chinese website