ARGGH! All my sites are being redirected!

The domains have not expired. I own about 30 domains from two different registars. Just purchased one last week. Everything was working fine up until about 2 hours ago. It only happens on my domains, I can access everything else.

Thanks
1 reply

Signature

Sonic Reply - WordPress Help Desk Plugin

{{ DiscussionBoard.errors[3812630].message }}

sbucciarel

Banned 13 years ago

Originally Posted by ProEFI

The domains have not expired. I own about 30 domains from two different registars. Just purchased one last week. Everything was working fine up until about 2 hours ago. It only happens on my domains, I can access everything else.

Make certain that you have your nameservers set to your hosting domain only. That would be two nameservers. If you have the default nameservers in there, it will redirect like that.

The last thread like this ... the guy had two hosting nameservers in there, plus the two default registrar nameservers in there. Once he removed the default ones, the problem disappeared.

Thanks

{{ DiscussionBoard.errors[4471339].message }}

hashbury

13 years ago

See if its happening to every site you visit not just your own. You could have a browser hijacker.

If its only on your sites, It would seem to me that your ftp information has been compromised and you should change your passwords asap. Then you will get the fun task of removing the code from all of your websites (if you have a good hosting company they might do this for you) or backing up from an earlier date.

Thanks
2 replies

{{ DiscussionBoard.errors[3812639].message }}

Daniel44

13 years ago

Just as I thought, yeah you have been compromised. A lot of people will recommend that you change your password, but it is more likely to have been caused through a script exploit. Take down any not-well-known PHP scripts for now while you assess the damage and fix the sites.

If you need anything PM me, I have been dealing with security on the web for a lot of years.

Daniel

[ 1 ] Thanks
2 replies

{{ DiscussionBoard.errors[3812660].message }}

hashbury

13 years ago

Originally Posted by Daniel44

Just as I thought, yeah you have been compromised. A lot of people will recommend that you change your password, but it is more likely to have been caused through a script exploit. Take down any not-well-known PHP scripts for now while you assess the damage and fix the sites.

If you need anything PM me, I have been dealing with security on the web for a lot of years.

Daniel

Script exploit or ftp hack it is still a good idea to change passwords to be on the safe side.

Thanks

{{ DiscussionBoard.errors[3812725].message }}

melofmovement

12 years ago

Originally Posted by Daniel44

Just as I thought, yeah you have been compromised. A lot of people will recommend that you change your password, but it is more likely to have been caused through a script exploit. Take down any not-well-known PHP scripts for now while you assess the damage and fix the sites.

If you need anything PM me, I have been dealing with security on the web for a lot of years.

Daniel

I have multiple wordpress sites that keep getting hacked. I've installed the recommended plugins, cleaned, cleaned, cleaned, change password, change password and change password.

I'm at a loss, now the site is clean but when i link it on somewhere like facebook it goes to a spam page.

this is driving me mental, how can i prevent infection and tell the hackers to go eff themselves.

Thanks
1 reply

{{ DiscussionBoard.errors[5450760].message }}

Karen Blundell 12 years ago

please, you people who keep posting that his domains expired, when he's posted several times that's not the case, stop and take the time to read the thread before you post something that you have no clue about. Thank you!

I have seen this happen countless times before with WordPress. It could be a theme or it could be an outdated plugin that a hacker was able to compromise.

This is the very reason I always strongly recommend that you always update your WordPress version whenever the updates come up, as well as updating your plugins and themes.

Ramone_Johnny gave you very good advice above, and that is over-write everthing in your wp-admin, wp-includes, wp-content/plugins, and wp-content/themes folders.

then once you got that done, make sure you've updated everything, core WordPress, plugins, themes if there are any to update, and get rid of any plugins you are not using.

if you need any further assistance, please do not hesitate to contact me.

one more thing, just in case you computer is infected with a browser re-direct trojan, download Malwarebytes, update the definition files if you need to, and run a simple scan. Better safe than sorry.

Good luck!
- Thanks
Signature
---------------
{{ DiscussionBoard.errors[5450869].message }}

TG12 13 years ago

There was another thread about this. Hacked?
- Thanks
Signature
Vaoser Link Ninja Software
DHV Delivery Systems FAILING at online dating???
{{ DiscussionBoard.errors[3812668].message }}

ProEFI

13 years ago

Thanks. It is only my sites. I just had a friend in the US check my sites and she saw the same redirect page.

Thanks

Signature

Sonic Reply - WordPress Help Desk Plugin

{{ DiscussionBoard.errors[3812662].message }}

misterkailo

13 years ago

Your domains definitely expired dude

Thanks

Signature

Limited Spots Left... How to Generate 150+ Leads Daily And Earn $3000-6000 Per Sale Without Talking To Anyone

{{ DiscussionBoard.errors[3812740].message }}

ProEFI

13 years ago

My domains definitely did NOT expire. They were all purchased at various times, with the latest being 3 days ago. I've been online for 3 years and know my way around domains/hosting.

Thanks

Signature

Sonic Reply - WordPress Help Desk Plugin

{{ DiscussionBoard.errors[3812797].message }}

profitsforall

13 years ago

Are you hosting with hostgator by any chance?

I had this page showing for my domain. I had put the wrong nameserver information on my domain so it was pointing to the server of my other hostgator account and because this server knew nothing about the domain the searchdiscovered page came up as default.

So - i suspect it's either an issue on your server, where it's lost your mapping for all of you domain names, or something has updated all your domain name server information (Which is probably unlikely).

Contact hostgator support.

Thanks

{{ DiscussionBoard.errors[3812841].message }}

ProEFI

13 years ago

I did some research on searcheddiscovery.com and found this:

"A search engine redirect virus is a form of malware that changes DNS entries and HOSTS files and redirects search engine searches to malicious pages for the intention of spamming anyone. The virus can affect all major search engines and cause that secret data will be sent out via a background connection."

I released/renewed my ip address and now I have access to my sites again. However, the bad news is that I still cannot locate the malware so the problem may resurface until it eliminate it.

The good news is that my account has not been hacked.

[ 1 ] Thanks
2 replies

Signature

Sonic Reply - WordPress Help Desk Plugin

{{ DiscussionBoard.errors[3814454].message }}

Bradley J Anderson

13 years ago

Originally Posted by ProEFI

I did some research on searcheddiscovery.com and found this:

"A search engine redirect virus is a form of malware that changes DNS entries and HOSTS files and redirects search engine searches to malicious pages for the intention of spamming anyone. The virus can affect all major search engines and cause that secret data will be sent out via a background connection."

Sounds to me like it's on your computer if it's changing your Hosts file. Try running Spybot - Search and Destroy and see if it comes up with anything.

[ 1 ] Thanks

Signature

BRADLEY ANDERSON - Tips, reviews & resources to make your online business more profitable.

{{ DiscussionBoard.errors[3875997].message }}

tpw

13 years ago

Originally Posted by ProEFI

I did some research on searcheddiscovery.com and found this:

"A search engine redirect virus is a form of malware that changes DNS entries and HOSTS files and redirects search engine searches to malicious pages for the intention of spamming anyone. The virus can affect all major search engines and cause that secret data will be sent out via a background connection."

I released/renewed my ip address and now I have access to my sites again. However, the bad news is that I still cannot locate the malware so the problem may resurface until it eliminate it.

The good news is that my account has not been hacked.

LOL

I am just reposting what you said, since many people are still just answering your initial query instead of reading the page. :p

Thanks

Signature

Bill Platt, Oklahoma USA, PlattPublishing.com
Publish Coloring Books for Profit (WSOTD 7-30-2015)

{{ DiscussionBoard.errors[4706683].message }}

mllnsgrl

13 years ago

Andrew,

A similar thing happened to me, but from a downloaded theme. I called godaddy and they walked me thru the delete and restore from a previous date. Then I changed my password. All is fine now.

It's a huge pain, but the automatic restore makes it easier.

Best of luck with that!

Liz

Thanks

Signature

{{ DiscussionBoard.errors[3875229].message }}

celente

13 years ago

either 2 things

1) Hacked which is a real bummer.

2) you have an expired domain on your hand.

Thanks

Signature

Create a $5000 USD a month Business. 1-on-1 Coaching. By 6 figure marketer! - CLICK HERE

{{ DiscussionBoard.errors[3875399].message }}

WholesalerJoe

13 years ago

Been there done that!
Is correct fix
released/renewed my ip address
Then scrub your work station and or reformat to be safe!

Thanks
1 reply

Signature

We Wholesale Jewelry Clothes and Many Other Closeouts NEW DAILY DEALS!

www.dailywholesaledeals.com

{{ DiscussionBoard.errors[3876026].message }}

richieh 13 years ago

I, too, tried to log into one of my wordpress blogs to find the dreaded searchdiscovered.com flash page. After spending a whole day trying to figure this out including buying the Stopzilla malware program (which appears to find stuff that Malware Bytes does not), I go the following reply from my Hostgator support ticket:

Hello,

The searchdiscovered.com website is our default parked page for unknown domains, but I am not seeing a problem with your site at the moment. It looks like some changes were made to your DNS entries which may have caused this problem, however it looks like the issue is now resolved. Make sure to clear your browser's cache if you are still seeing the other site.

Please let us know if you come across any other issues.

Sincerely,

Jon S.
Linux Security Administrator
HostGator.com LLC
HostGator.com Support Portal

Now I think that is wierd.

My website is OK but I don't know if installing Stopzilla on my PC did it or if something funny happened at Hostgator.

Richieh
- Thanks
{{ DiscussionBoard.errors[4006563].message }}

kentwebhost

13 years ago

Dodgy themes in Word Press, Joomla etc contain exploits that have similar behaviour to what your suggesting. I dont know for sure, and unfortunatly I'm not sure (other than changing your theme) how to 'fix' them.
Sorry cant be more specific, but just shining light down another avenue for you!

Thanks

{{ DiscussionBoard.errors[4006579].message }}

ghostrecon

13 years ago

Definitely an exploit in one of your themes, revert it back to the default and try to take a look at the themes header.php and footer.php for any malicious redirects.

Thanks

Signature

PinPioneer.com - Proprietary Pinterest Marketing Software
1000 Pins Uploaded PER Hour
Use code: WFPioneer

{{ DiscussionBoard.errors[4006585].message }}

kentwebhost

13 years ago

know its a bit late now...but I always take a copy of the final edited theme (virus free) as a backup, better than trawling through all those CSS changes you've made

Thanks

{{ DiscussionBoard.errors[4006605].message }}

Janet Sawyer

13 years ago

Here is something that is really useful if you suspect your Wordpress theme.
WordPress › TAC (Theme Authenticity Checker) « WordPress Plugins
It works for me.

[ 1 ] Thanks
1 reply

Signature

Royalty Free Graphics 200+ 3D Characters || My Sometimes Updated Blog ||

{{ DiscussionBoard.errors[4006636].message }}

pahalik 13 years ago

I registered a new domain at one registrar and then bought new hosting from hostgator. As in both being less than one week old. Nothing is installed. Nothing. No themes, no Joomla, no Wordpress, etc..

Yesterday I began seeing the searchdiscovered.com pages. Obviously it has nothing to do with expired domains. Obviously it has nothing to do with themes.

It is something in the dns settings.
- Thanks
{{ DiscussionBoard.errors[4369929].message }}

Pixel Minisite

13 years ago

what registrar are you using?

Thanks

Signature

Minisite Designs as low as $17
http://www.pixelminisite.com

{{ DiscussionBoard.errors[4369960].message }}

profit2day

13 years ago

This happened to me as well with my sites being hacked and redirected. I contacted the host, they took care of it, but the sites were never the same. 404 errors are all over the pages and posts when clicked, but everything is in tact in the admin area. I have been moving sites to another host since I am not happy with the service and how the sites were affected.

Thanks

{{ DiscussionBoard.errors[4370432].message }}

perfectlovehere

13 years ago

Maybe you should check if your domains have expired.

Thanks

Signature

=> $7 Price W/ 95% Commission!!! CLICK HERE TO SELL!
=> Perfect Love Here I Come: Have a dream marriage!
=> List Building On Steroids: ELITE Click Here

{{ DiscussionBoard.errors[4370460].message }}

derricks4

13 years ago

People.. It's not the domains being expired.
I had this before.

To fix follow:
•Change all passwords (admin, ftp, hosting panel, etc.)
•Log onto ftp for each site/domain
•Look for any weird files that don't belong
•Open .htacess file
•Highlight all text within file, and you will probably see some hidden text that looks funky/you didnt' write
•Delete funky text, and re-upload file

This should fix it. Be sure to backup all of your files before doing it, though.

Thanks
1 reply

Signature

EXPLODE Your Sales! The PREMIER Copywriting Service on WF<PM ME!
^^GUARANTEED 100% to INCREASE YOUR PROFIT ^^

{{ DiscussionBoard.errors[4370486].message }}

dsouravs

13 years ago

Someone got access to Ur FTP and have put that malware code in your sites.
Search 4 that piece of that code in index.php if UR using WordPress.....If not found on index.php search all pages.....U possess a risk of getting stopped by Google as a malware site...so hurry..

after Ur sites OK..change all password immediately....

Thanks
1 reply

Signature

I can convert your Non-Responsive website to Responsive website ... How sweet is that? :)

{{ DiscussionBoard.errors[4370511].message }}

John Romaine

13 years ago

Originally Posted by dsouravs

Someone got access to Ur FTP and have put that malware code in your sites.
Search 4 that piece of that code in index.php if UR using WordPress.....If not found on index.php search all pages.....U possess a risk of getting stopped by Google as a malware site...so hurry..

after Ur sites OK..change all password immediately....

No they didnt.

This exploit can be caused by simply using Adobe reader on an infected site. Then as you visit each of your sites, they become infected too.

Its likely the cause is his own workstation, in which he'll have to do some investigative work.

Thanks
1 reply

Signature

BS free SEO services, training and advice - SEO Point

{{ DiscussionBoard.errors[4370535].message }}

dsouravs

13 years ago

Originally Posted by ramone_johnny

No they didnt.

This exploit can be caused by simply using Adobe reader on an infected site. Then as you visit each of your sites, they become infected too.

Its likely the cause is his own workstation, in which he'll have to do some investigative work.

But the sites have got infected... Don't we need 2 clean them up.

Thanks
1 reply

Signature

I can convert your Non-Responsive website to Responsive website ... How sweet is that? :)

{{ DiscussionBoard.errors[4370555].message }}

John Romaine 13 years ago

Originally Posted by dsouravs

But the sites have got infected... Don't we need 2 clean them up.

Yes. Which is why I wrote above...."Overwrite all the infected files with clean copies"

But thats pointless if his workstation itself is causing the problem. The sites will just become infected again when he brings them up within his browser.
- Thanks
Signature

BS free SEO services, training and advice - SEO Point
{{ DiscussionBoard.errors[4370609].message }}

John Romaine

13 years ago

I guess youre using Wordpress yes?

If so, it looks like you have whats called an "iframe injection attack"

Overwrite all the infected files with clean copies, then change your passwords, and run updates/patches on your Wordpress installs.

Got nothing to do with expired domains.

http://www.guardian.co.uk/technology...ecurity.google

[ 1 ] Thanks

Signature

BS free SEO services, training and advice - SEO Point

{{ DiscussionBoard.errors[4370505].message }}

Rudder

13 years ago

I had problems like these in the past when I used hostgator. My site was running perfectly for a week; then everything went haywire. hostgator support was not very helpful so I found another host service.

Thanks

{{ DiscussionBoard.errors[4370507].message }}

HorseStall

13 years ago

Any possibility your htaccess was hacked?

Thanks

Signature

Horse Gifts :: Dog Gifts :: Wild Animal Gifts :: Mythical Creatures

{{ DiscussionBoard.errors[4371747].message }}

wallyw

13 years ago

I think the problem is with files on your websites. Someone has hacked them and added the redirect script on index and/or login files or in your .htaccess file.

Change all your passwords and check those files to see if they've been changed. Keep copies of your website files on your computer so you can do a restore if you get hacked. You can also ask you host to restore your domains from their backups if they keep any.

I use qwk.net for my host and they have saved my butt on more than a couple occasions.

Thanks

{{ DiscussionBoard.errors[4471164].message }}

woodymcgrath

13 years ago

It is an exploit in one of your themes/plugins.

Remove all iframe scripts, remove excess code in htaccess and take a look at Google Webmaster tools to see if they're reporting any suggestions.

Thanks

Signature

Make an easy *$45* commission per sale... Promote a $67 product with 22% conversions!

BIG $$$ with TedsWoodworking.com - *16,000* Woodworking Plans - Click For Affiliate Tools

Other products: Ideas4Landscaping Landscaping Ideas - Landscaping Design

{{ DiscussionBoard.errors[4471282].message }}

kaivearn

13 years ago

I should shed some light into this as it has just happened to me. I changed my DNS to hostgator from my registrar (ziphosting.com.au) and this happened to me. Do note that if it was searchdiscovered it is HOSTGATOR'S OWN LANDING PAGE.
From my chatlog with the hostgator representative:
(02:59:47 AM) Alan Co: I'm checking into this and it looks like that searchdiscovered.com site is a landing page for our registrar, so it would show that sometimes until the domain has had time to propagate. Now that it's propagated, you won't have to worry about it.

It is as user Richieh says. However, if it is searchdiscovery, that could be a problem.

Thanks

{{ DiscussionBoard.errors[4706489].message }}

harrietfredge

13 years ago

If you are not able to visit those websites without being diverted to another website you likely have spyware / adware on your computer. Get a spyware removal program to clean your computer.

Thanks

Signature

Seo Websites

{{ DiscussionBoard.errors[4706503].message }}

ARGGH! All my sites are being redirected!

Trending Topics

A healthy fascination for Hollywood...

How did you turn it all around?

Any thoughts on golf's latest phenom...Scottie Scheffler??

best high quality crypto traffic.

What's the Best IM-Related Skill to Learn Today That Can Help in the Future?