Help support TMP


"Search Engine Redirect problem - not PC virus" Topic


6 Posts

All members in good standing are free to post here. Opinions expressed here are solely those of the posters, and have not been cleared with nor are they endorsed by The Miniatures Page.

For more information, see the TMP FAQ.


Back to the Spam, Hack & Phish Plus Board

Back to the Webmasters Plus Board

Back to the Computer Stuff Plus Board


413 hits since 17 Jan 2010
©1994-2014 Bill Armintrout
Comments or corrections?

Roderick Robertson Supporting Member of TMP Fezian17 Jan 2010 11:33 a.m. PST

I've got a strange redirect problem going on.

I'm the webmaster for Dundracon.com. If you simply type in the url into a browser's search screen, it comes up no problem. I've checked my page files – they haven't been hacked (if they were, I'd have simply replaced them, as it's basically a static site, and I have a full backup on my home PC).

If you search for "dundracon" on google, yahoo, bing, etc., and click on the hit that claims to take you to dundracon.com (usually the first result), you get sent to a fake anti-virus site (usually getting a popup saying: "Warning, your personal PC needs to install anti-virus software" Personal Security can perform fast and free scan of your computer.", that won't close, and will start to load malware if you click "okay".

This is *not* a problem on my personal PC – I've had reports from users saying they're getting it, and even sat with my ISP's help desk while they got it. This is *not* a hack on my website. It's a hack into something that all search engines go to for information.

Any ideas?

napthyme Sponsoring Member of TMP17 Jan 2010 12:07 p.m. PST

Sounds like a call to Googles customer service is in order…

Personal logo Waco Joe Supporting Member of TMP17 Jan 2010 12:30 p.m. PST

Here is the message I get in Firefox:

Reported Attack Site!

This web site at kedzierski.be has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

Personal logo StarfuryXL5 Supporting Member of TMP17 Jan 2010 1:12 p.m. PST

In the past I've heard about DNS cache poisoning occurring, in which an attacker can compromise a DNS server. It replaces the proper IP address with the attacker's for a given URL, so a request for a Web site will be directed to a site of the attacker's choice. I don't know if there is anything you can do about it, short of waiting for the cache to be updated, but you could ask your ISP about it.

fred12df17 Jan 2010 1:43 p.m. PST

link

Have a look at the last couple of posts – which indicate that there may have been a hack to your site – either the index.hml page or the .htaccess file

I don't think this is a DNS cache issue – as this would cause a redirect in all cases.

I also don't think it is a Google issue – the attack is written to redirect requests from search engines. It doesn't affect the search engine results directly.

Roderick Robertson Supporting Member of TMP Fezian17 Jan 2010 6:21 p.m. PST

my .htaccess got hacked.

Thanks fred12df, that forum answered the question.

Sorry - only trusted members can post on the forums.