Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! - My website is redirecting to Google News!


  • Please log in to reply
34 replies to this topic

#1 carp104

carp104

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 04 December 2015 - 08:19 PM

Let me start by stating that I've already been to the security "Am I infected?" forums and was kindly assisted by Bloopie over there, and he has thoroughly checked my machine and gave me the go ahead to post over here.

 

Now the problem:

 

I am having an issue where a website (my own wordpress store none the less) is redirecting to Google news (https://news.google.com/) every time I type the URL into my browser.  I've tried it with both IE and Edge and have the same problem with both, however it does work with Firefox no issues.  Let me also point out that on my work computer my website opens fine on ALL browsers including IE.

 

My home machine is Windows 10, my work machine is not (although I don't recall the exact OS).  When I first purchased this computer my website opened fine on IE and Edge, however after a couple months this problem arose. 

 

Occasionally I will encounter a popup before accessing this website.

 

My McAfee Internet Security will display a warning message upon typing the URL into my browser. 

 

It states "http://185.93.187.90/8b2C may be risky to visit." then asks if I want to accept the risk.  Since this website is my own website, I accept the risk and then it instantly forwarded back to google news again.

 

 

 

I know this is a lot to process, the link to my other thread is here:  http://www.bleepingcomputer.com/forums/t/597094/help-website-redirecting-to-google-news-on-all-browsers/page-2

 

My actual website URL is given on page 2 in that thread (don't want to be accused of spamming forums with my URL).

 

Bloopie seems to think that the Operating System (Windows7, Windows10, etc.) seems to play an important part, as well as the browsing permissions I have set.

 

 

Can someone help me get to the bottom of this?



BC AdBot (Login to Remove)

 


#2 technonymous

technonymous

  • Members
  • 2,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 04 December 2015 - 09:51 PM

Whatever code is running on the http://185.93.187.90 is being flagged by browsers as a threat and as a countermeasure your browser will redirect you back to your home page google.com, firefox.com etc. It could be old outdated html, php, flash, SSL certifcates etc. It can also be a hijacked website with malicious code. So basically it can be anything. I didn't enter the website because this is my everyday use system. It's best to access the website with a live cd, or virtual machine just incase. I am sure malware team and others here at BC can spin one up fast and see what it is. I got a crappy laptop here to do that, but i've been having hardware issues with it at the moment. A dead battery that won't hold a charge.


Edited by technonymous, 04 December 2015 - 09:53 PM.


#3 carp104

carp104
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 05 December 2015 - 12:48 PM

I'm hoping someone can help me figure out what the issue is - I'd definitely like to know if my own website has a problem.  My traffic and sales are down on the website ever since I've been experiencing this issue :(



#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:04:08 AM

Posted 05 December 2015 - 01:12 PM

Here is what I get when I click the link in your first post:

"Bitdefender Antivirus Free Edition has blocked a page!
Phishing detected!
Access to this page has been blocked.

I understand the risks, take me there anyway"

Clicking take me there anyway redirects to Google news.

#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:08 AM

Posted 05 December 2015 - 03:10 PM

Hello again,

Basically, the problem is on the "website end" and not the "user" end of the equation (meaning not your computer). You're going to have to use whatever browser allows you to get to your website, and see if there's something going on that would cause the site to be blocked to most browsers. Maybe the website got hacked, maybe there's some fishy code running, etc...

 

I've never created and maintained my own website before, so I can't really help you with that part, but it seems that's what you need to do. I'm sorry I couldn't be of more help to you! :(

 

bloopie


Edited by bloopie, 05 December 2015 - 03:11 PM.


#6 technonymous

technonymous

  • Members
  • 2,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 05 December 2015 - 11:15 PM

I'm hoping someone can help me figure out what the issue is - I'd definitely like to know if my own website has a problem.  My traffic and sales are down on the website ever since I've been experiencing this issue :(

I talked to a friend that I know who is a website developer. By the sound of it you're collecting credit card information through a cart. Business websites need to be credit card compliant and their code and modules tested for security flaws. You shouldn't be using modules downloaded from wherever. You need to use modules from reputable places like opencart. This sounds like that your html, php modules are severely outdated. If you're collecting credit card information your php must be php 5 or higher. Preferably php 6 and html 5. You ssl needs to be checked out too. keep in contact with your website hosting service etc. Uninstall modules that you don't need. Download your entire website and modules etc and run scans on it. It's possible someone compromised it. Check chmod on your files. No one here will be able to help you without you providing detailed information about the website. Under no circumstances should you do that on a public forum. IMO, You need to consult & hire a professional privately.



#7 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:04:08 AM

Posted 06 December 2015 - 07:39 AM

I talked to a friend that I know who is a website developer. By the sound of it you're collecting credit card information through a cart.


This might be why Bitdefender is flagging it as a phishing attempt.

#8 carp104

carp104
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 07 December 2015 - 08:52 AM

Yes, I am collecting card information through a secure cart using WooCommerce.  I also have an SSL certificate for secure checkout.

 

My webmaster seems to have found some malicous code in my HTA access file which was redirecting the site to that bogus link.  He deleted the code and now it works on my browsers - but a new problem has arisen.

 

Now when I type in popular keywords in google related to my site, and click through to my site from Google search engine results I get a 404 NOT FOUND redirect, but when I type it into my browser it loads fine.

 

What gives?



#9 technonymous

technonymous

  • Members
  • 2,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 07 December 2015 - 09:18 AM

This is probably due to their security measures as well at Google and/or dns cache changed a lot over the course of the website being down etc. It could be the meta tagging in your website all messed up. A compromised website that is probably one of the first things they might try to change to really mess things up cause then that changes googles dns caching you see on their end. It might take a long time for it all to self heal. :unsure: Maybe you can contact Google support on that and see what they say.


Edited by technonymous, 07 December 2015 - 09:19 AM.


#10 carp104

carp104
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 07 December 2015 - 05:17 PM

It turns out he found over 70 files that were compromised and needed replaced.  He also took some security measures to prevent it from happening again.

 

So far everything looks good again.  Perhaps I should submit my site to a ping directory to have google re-crawl it again?



#11 technonymous

technonymous

  • Members
  • 2,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 07 December 2015 - 05:45 PM

It turns out he found over 70 files that were compromised and needed replaced.  He also took some security measures to prevent it from happening again.

 

So far everything looks good again.  Perhaps I should submit my site to a ping directory to have google re-crawl it again?

Yes, you should do that. Maybe I can make another suggestion. There are security services that don't cost that much that can run scans on your website monthly to make sure it's up to date etc. Things change rapidly with coding with html 5 and php 6 & modules etc, and new bugs can be discovered. You may not know about that and the next thing you know you're going through this process again. Glad that you have fixed the issue. Your web developer seems to have done well and is on the right track. Be sure to go over things with your website more often. If you are paying for hosting service and they have news letters join those so you get reports etc. Good luck to you.



#12 carp104

carp104
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 21 December 2015 - 10:46 AM

I really hate to resurrect this thread, but this problem has STILL not been fully resolved for me.  Whatever fixes my webmaster did allows me to open the site, but I am still getting the redirect to bogus sites about 50% of the time when entering my site through various keyword searches and clicking through from Google search results.  I've tried it on 4 different computers with the same results.

 

My webmaster (who is the most knowledgeable person I've met in regards to web design) insists the problem has been resolved, he has even consulted with his fellow team members who work at his company about the issue and they believe it to possibly be due to a DNS cache or something, but it is STILL going on!  My traffic is down, sales down, and Google rankings starting to drop.  If my webmaster and his company cannot figure it out, then who can?  I am pulling my hair out with this ordeal and if I cannot get it resolved before spring (when most our business comes) we will lose out on thousands in business.

 

Where can I go from here?


Edited by carp104, 21 December 2015 - 10:48 AM.


#13 technonymous

technonymous

  • Members
  • 2,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 21 December 2015 - 12:58 PM

You provided a IP address, but didn't provide a FQDN. What is the domain name of your website? Who did you register you domain through? Who is hosting the website? I did a nslookup for domain and get nothing. Has your web master contacted the domain register? Has your webmaster contacted Google to have the website reviewed and the flag lifted? Otherwise it will continue to be flagged as a attack website.


Edited by technonymous, 21 December 2015 - 12:58 PM.


#14 carp104

carp104
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 21 December 2015 - 01:21 PM

You provided a IP address, but didn't provide a FQDN. What is the domain name of your website? Who did you register you domain through? Who is hosting the website? I did a nslookup for domain and get nothing. Has your web master contacted the domain register? Has your webmaster contacted Google to have the website reviewed and the flag lifted? Otherwise it will continue to be flagged as a attack website.

The domain name is: www.alienlabsusa.com

 

The doman was through Namecheap, and the hosting through Hostgator.  What can the domain registrar do? How can the webmaster have the flag lifted when the website is still infected with something, the problem has not yet been resolved.


Edited by carp104, 21 December 2015 - 01:22 PM.


#15 technonymous

technonymous

  • Members
  • 2,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 21 December 2015 - 01:30 PM

Well you stated that your Webmaster is certain that the problems has been fixed. Google doesn't know this and will continue to keep it flagged until it is reviewed by them. If it is shutdown on Googles search engine then most search engines will follow along. Here's the steps you need to do...

 

https://support.google.com/webmasters/answer/168328?hl=en






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users