...

View Full Version : unknown and unauthorized redirect on website



phanekamp
11-02-2009, 09:09 PM
Several months I've worked for getting my own website finished. Now it is up and running I am experiencing a weird fenomenon. Namely, sometimes when I browse my own website I am redirected to some changing *.cn - website. This looks a lot like a hack of my website to me... because I do not experience such redirects on other sites, so it is not a virus on my pc, but I think it has to do something with malicious code in my code.
I've checked the javascript and the php-code with CTRL+F searching in javascript for '.location' and 'encode' and my php-code for 'header' and 'encode', but I couldn't find anything.
Because it happens randomly (1 on 300 times?) and I don't know what I can try more I hope you guys/girls have other ideas that I can try.

the website is: ogiks.nl (read ogiks backward to get the real domainname, please if you mention my website, mention it as ogiks.nl so g00gl3 doesn't attach this thread to my website)

Sincerely,

Peter

mlseim
11-03-2009, 03:10 AM
Look for any hidden (or not hidden) .htaccess files.

_Aerospace_Eng_
11-03-2009, 06:42 AM
I just went to your site and we aren't redirected. If it was a problem with your site we would all likely get redirected so its still possible that its an issue with your system.

phanekamp
11-03-2009, 09:26 AM
Thanks for the advise mlseim. I just checked for hidden files and couldn't find any suspicious file, even checked the htaccess-files in the dir-structure, but they were all fine.

@_Aerospace_Eng_ that is a bit of the problem. It doesn't happen all the time, only once in the 150 times. So I don't know how to debug this. I'm only experiencing this on my own websitepages (1 on 150 times) so I suppose it has to do something with it. (because I do not experience this on other common websites)

I did a clean install with windows 7, but still having the same problem as on windows vista before, so I can't imagine it has to do something with my system.

I've called my hostingprovider and they're also trying to find out what the problem might be.

If you have any ideas, please let me know.

_Aerospace_Eng_
11-03-2009, 01:47 PM
It could also be a file that was injected with some javascript that causes the redirect. When it happens again can you give us the url to the site you get redirected too?

Also do you have anything on your site that allows user uploads?

phanekamp
11-03-2009, 06:42 PM
Yes people can upload their product-reviews and they can send an email via a webform. Both are checked on scripts etc.
After that, the productreviews are stored in database with hackcheck of php's PDO-class.

one of the url's redirected to is:

DO NOT CLICK!
http://eric-clapton2009.cn/?pid=180s08&sid=3c5779

I've uploaded two screenshots to my server:

ogiks.nl/images/screen1.jpg *
ogiks.nl/images/screen2.jpg *

* read domainname backwards again

Screen1 is when browsing from ogiks.nl/andorra/ to ogiks.nl/frankrijk/

a popup occured and after clicking "OK" redirected to eric-clapton2009.cn.

nowadays a popup doesnt occure anymore, but it directly redirects to a malicious website.

Screen2: On the left side is the redirected site which isn't showed because of my internet filter.
On the right side you see what it should display.


google report of the chinese website
http://google.com/safebrowsing/diagnostic?site=eric-clapton2009.cn/



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum