Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website is being redirected, virus?


  • Please log in to reply
9 replies to this topic

#1 Connor!

Connor!

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:07:14 PM

Posted 01 June 2010 - 07:39 AM

Hi

My website is being redirected to another website which is NSFW. It is a website for my business, so obviously I can't have this happening.
It is built on Wordpress, and the problem only happens on Google Chrome. I'm not sure what to do, or where to look as I'm not very technical with these things.
Hope somebody can help

Connor
Posted Image
Thanks Shaba! :)

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,258 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:05:14 PM

Posted 01 June 2010 - 08:15 AM

Does this happen on other computers as well or just yours?

#3 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:07:14 PM

Posted 01 June 2010 - 08:20 AM

It happens on different computers. At first, I only thought it happened on mine as the other computer had firefox - but I installed Chrome on that and the same thing happened. So it only seems to happen with chrome (and maybe other browsers, but I've only tested with chrome and firefox)

Thanks
Posted Image
Thanks Shaba! :)

#4 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:07:14 PM

Posted 01 June 2010 - 09:04 AM

What is your site address and what site it is being redirected to ?

The site address being redirected to may be a malware sites so instead of http:// use hxxp:// to make the link inactive when posting the site address.

#5 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:07:14 PM

Posted 01 June 2010 - 09:15 AM

My site is www.beechwoodcattery.com, and the site it is being redirected to is hxxp://www.xmedia.to/dvd-rips/inflagranti-catfights-german-download_0cc536a6e.html?u=Catwoman

My site is in maintenance mode so I don't scare off my customers, but if you wish I'll take it of for a small amount of time?

Thanks :thumbsup:
Posted Image
Thanks Shaba! :)

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:14 PM

Posted 01 June 2010 - 06:04 PM

The site can't be getting redirected unless the server is hacked, or code has been added to your pages. Look at your source code. If the problem is not there, then it is likely on the server.

#7 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:07:14 PM

Posted 01 June 2010 - 07:45 PM

I doubt it is the server, because I have lots of other sites on the same server that work fine. What code will I check? Could it be that I installed a dodgy wordpress plugin?

Thanks
Posted Image
Thanks Shaba! :)

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:14 PM

Posted 01 June 2010 - 07:47 PM

Or it could be that your version of Wordpress has been compromised.

#9 Connor!

Connor!
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland, UK
  • Local time:07:14 PM

Posted 01 June 2010 - 08:41 PM

Took me ages, but I was looking through all the code and found a bit that looked strange and was javascript. Found an online decoder and pasted it there, and it was that that was causing the problem. It seems fine now, Is it worth looking for more code hidden elsewhere?

Thanks
Posted Image
Thanks Shaba! :)

#10 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:07:14 PM

Posted 01 June 2010 - 09:51 PM

Its good that you have removed the javascript code. But you have to analyze now that how did it come there in first place. In my opinion its basic XSS hijacking.

Some points to consider
- As groovicus said it may be possible that your version of Wordpress is compromised. Ask your web host for installing new version.
- Scan your own computer for viruses and malware, it may be possible that somebody has installed a keylogger or something. Change your login password to wordpress and server.
- Install this plugin to stop XSS hijacking of your Wordpress site : http://wordpress.org/extend/plugins/content-security-policy/

Good articles :
http://codex.wordpress.org/Hardening_WordPress
http://themeshaper.com/dont-get-hacked-wor...-security-tips/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users