Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New to the CF scene
    Join Date
    Nov 2009
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Cool unknown and unauthorized redirect on website

    Several months I've worked for getting my own website finished. Now it is up and running I am experiencing a weird fenomenon. Namely, sometimes when I browse my own website I am redirected to some changing *.cn - website. This looks a lot like a hack of my website to me... because I do not experience such redirects on other sites, so it is not a virus on my pc, but I think it has to do something with malicious code in my code.
    I've checked the javascript and the php-code with CTRL+F searching in javascript for '.location' and 'encode' and my php-code for 'header' and 'encode', but I couldn't find anything.
    Because it happens randomly (1 on 300 times?) and I don't know what I can try more I hope you guys/girls have other ideas that I can try.

    the website is: ogiks.nl (read ogiks backward to get the real domainname, please if you mention my website, mention it as ogiks.nl so g00gl3 doesn't attach this thread to my website)

    Sincerely,

    Peter

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    Look for any hidden (or not hidden) .htaccess files.

  • #3
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    I just went to your site and we aren't redirected. If it was a problem with your site we would all likely get redirected so its still possible that its an issue with your system.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #4
    New to the CF scene
    Join Date
    Nov 2009
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the advise mlseim. I just checked for hidden files and couldn't find any suspicious file, even checked the htaccess-files in the dir-structure, but they were all fine.

    @_Aerospace_Eng_ that is a bit of the problem. It doesn't happen all the time, only once in the 150 times. So I don't know how to debug this. I'm only experiencing this on my own websitepages (1 on 150 times) so I suppose it has to do something with it. (because I do not experience this on other common websites)

    I did a clean install with windows 7, but still having the same problem as on windows vista before, so I can't imagine it has to do something with my system.

    I've called my hostingprovider and they're also trying to find out what the problem might be.

    If you have any ideas, please let me know.
    Last edited by phanekamp; 11-03-2009 at 11:48 AM.

  • #5
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    It could also be a file that was injected with some javascript that causes the redirect. When it happens again can you give us the url to the site you get redirected too?

    Also do you have anything on your site that allows user uploads?
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #6
    New to the CF scene
    Join Date
    Nov 2009
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yes people can upload their product-reviews and they can send an email via a webform. Both are checked on scripts etc.
    After that, the productreviews are stored in database with hackcheck of php's PDO-class.

    one of the url's redirected to is:

    DO NOT CLICK!
    [x]http://eric-clapton2009.cn/?pid=180s08&sid=3c5779[/x]

    I've uploaded two screenshots to my server:

    ogiks.nl/images/screen1.jpg *
    ogiks.nl/images/screen2.jpg *

    * read domainname backwards again

    Screen1 is when browsing from ogiks.nl/andorra/ to ogiks.nl/frankrijk/

    a popup occured and after clicking "OK" redirected to eric-clapton2009.cn.

    nowadays a popup doesnt occure anymore, but it directly redirects to a malicious website.

    Screen2: On the left side is the redirected site which isn't showed because of my internet filter.
    On the right side you see what it should display.


    google report of the chinese website
    http://google.com/safebrowsing/diagn...lapton2009.cn/
    Last edited by phanekamp; 11-03-2009 at 05:46 PM.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •