Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 Years Later


  • Please log in to reply
12 replies to this topic

#1 awawia

awawia

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 11 May 2011 - 10:51 AM

Almost two years ago I requested help on fixing my problem. Every time someone does a search for our website this message comes up. ERROR

The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to process the request:
GET /hitin.php?land=20&affid=20103 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-CA
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: 173.212.228.196



The following error was encountered:
• Invalid Request

Some aspect of the HTTP Request is invalid. Possible problems:
•Missing or unknown request method
•Missing URL
•Missing HTTP Identifier (HTTP/1.0)
•Request is too large
•Content-Length missing for POST or PUT requests
•Illegal character in hostname; underscores are not allowed

Your cache administrator is root.


I clearly need help. I've scanned and scanned and my computer is clean. If you go to www.redrockband.ca using Internet Explorer you will get to the site. Using other browsers I get a warniing and cannot access our site. I've worked with Shaw, google, bleeping computer and still it does the same thing. I've become weary of this problem and don't know what to do next. Thanks for any help.

Edited by hamluis, 11 May 2011 - 06:31 PM.
Moved from Malware Removal Logs to Programming.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:00 AM

Posted 11 May 2011 - 06:33 PM

That error message appears to indicate some sort of coding error, IMO.

You don't provide very much in the way of details...but I'll move this to the BC Programming forum. If that isn't the appropriate forum, someone will move it based on any additional information that you provide to guide us as to what is going on.

Louis

Edited by hamluis, 11 May 2011 - 06:35 PM.


#3 awawia

awawia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 11 May 2011 - 06:46 PM

Thank you. It may be a coding error however the problem was fixed. I have cleaned my computer many times over and I keep checking the files. Everyone who does a search for www.redrockband.ca gets the same error. I am trying to find out the root of the problem so I can fix it. Any help is greatly appreciated. Thanks again.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:00 AM

Posted 11 May 2011 - 08:08 PM

Is it your site?
I can access it no problem with Firefox, but I'm getting a warning from Avast:

Posted Image

It looks like one, or more links on that site may be malicious.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 11 May 2011 - 08:23 PM

After a little more digging I come up with this info.

Safe Browsing
Diagnostic page for 173.212.228.0

What is the current listing status for 173.212.228.0?

This site is not currently listed as suspicious.

What happened when Google visited this site?

Google has not visited this site within the past 90 days.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, 173.212.228.0 did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.


According to it, Google is the reason, but does not really state why.
As Broni said. Perhaps check any sites linked to that page or, as stated, contact Google.

#6 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:03:00 AM

Posted 15 May 2011 - 07:04 PM

Your server is sending a 301 redirect response to users whenever they appear to be coming from (in my testing) Google. This redirect is pointing at that 137 IP address which is flagged by most security programs as malicious (because it is.) The particular malicious page is no longer there, which is why you're getting a 404 error.

Redirects like this can only be done if you have full access or near-full access to the web server's configuration. Therefore, first things first: change all passwords for all accounts which have access to the server! Someone broke in.

Secondly, if you're using Apache or an Apache-workalike web server, look for a file called .htaccess. Post the contents here and we'll see what's going on. If you use a different server, tell us which one.

Edited by Andrew, 15 May 2011 - 07:06 PM.


#7 awawia

awawia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 16 May 2011 - 08:44 AM

Thank you for your time. I have changed the password and we are hosted by shaw.

#8 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:03:00 AM

Posted 16 May 2011 - 03:24 PM

That alone won't stop the redirects. It appears that your host is using Apache so the solution is pretty easy. Log into hosting service and use whatever tool they provide to look at all your files. Look for a file named .htaccess. This might be a hidden file so you may need to change some setting to show it. Once you found it rename it to htaccess (note the lack of the . before the name.) Then verify that incoming users are no longer being redirected.

#9 awawia

awawia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 16 May 2011 - 05:02 PM

I use Microsoft Word and upload from windows explorer....I don't have to go to their site to do anything. I have scanned all my files time and time again. NOthing comes up. If there is anything else you can tell me or help me with please do. Thanks so much for your time.

#10 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:03:00 AM

Posted 17 May 2011 - 03:11 PM

None of your files are infected per se. The issue is that someone uploaded a particular configuration file (.htaccess) to your website. This configuration file, among other things, can redirect visitors based on where they came from. You need to find this file and remove or rename it. You might also try contacting your web host's support team and telling them what I said; they should be able to find and neutralize the .htaccess file immediately.

#11 awawia

awawia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 17 May 2011 - 07:34 PM

I will do that tomorrow. Thank you very much.

#12 awawia

awawia
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 25 May 2011 - 10:15 AM

Andrew

I need to say this.....YOU ARE BRILLIANT!!!! Thank you for your time...we have found the file and have deleted it...hopefully this is the end of my dilemma. Have a great day, I know I will.

Arlene

#13 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:03:00 AM

Posted 25 May 2011 - 01:03 PM

Glad to hear it! :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users