Is my website being hacked?

it seems fine for me.

It's ok here too. Maybe you have malware on your computer. Download and scan it with malwarebytes (and possibly superantispyware as well)

Edit: The links at the top work fine here.

No problems here mate. Had a look in the HTML code, too, and can't see anything malicious there.

Carol is spot on: it seems more likely that you have some kind of malware on your computer.

Try running the free version of Malwarebytes and SpyBot S&D (search Google for 'em), and ensure you're running some kind of virus scanner (personally I just use the free Microsoft Security Essentials; perfectly adequate if you're running Windows). They catch/clear up most stuff, it seems.

Also, if you're running Windows, try clearing your hosts file: go into Command Prompt and type:

Good luck.

Kyle, it looks fine to me as well. Clear your browser cache and your cookies and try to access your site again.

Have you submitted your site to Google webmaster tools? GWT will tell you if your site has malware and what you need to do to clean it. Then you might have to resubmit it.

Just to chime in here - a lot of times, link redirects/hijacks are the results of rootkits, which don't typically fall under your standard malware category. ComboFix is exceptional at sniffing 'em out and killing them when MalwareBytes and Spybot can't.

Kyle, I'm not getting redirected when I click your nav links. However, when I watch the status bar of my browser, I do see an URL outside your domain make an appearance. If you have nothing to do with freefilesblog.com, then I think I know what's happening here, it has nothing to do with what anyone above has written.

I believe your site may be the victim of a javascript injection.

Your site is built with Wordpress using the Nova theme. You should create a new folder on your local machine and download the entire Nova theme from your server into this folder.

You are then going to need to use a text editor that allows you to load multiple files and run a search across all the loaded files. I use EditPadPro, there are many others out there, free and paid. Load ALL the .php files in the theme into this text editor and then run a search for "base64". I bet you'll find it, most likely in the file footer.php (though you should search throughout the theme).

Wherever "base64" shows up in the theme files, it'll be followed by a long string of gobbledygook letters and numbers. This is actually regular code that has been encoded with base64 encoding. Copy that long string of letters and numbers, go to Base 64 Decoder , paste it in the box, and click the Decode Safely As Text button. You'll probably find it has a link to this freefilesblog site along with some other code that can do all kinds of fun stuff.

Encoded text strings like this can get "injected" into a Wordpress theme in two ways -- either through a security hole in something your site uses (theme/plugin/other legitimate javascript), or, most commonly, it was in the theme from the get-go. I'm not familiar with the Nova theme, but if you download your themes from free Wordpress theme sites, you run the high risk that those themes will include base64 encoded strings that can do all sorts of fun things. Many times it will be a perfectly legitimate theme that has had the code added by the person running the theme download site, or by someone who submitted the theme to the site. From there, other free theme sites grab the themes for their own stock, and so on.

I NEVER use free themes for this reason. However, there are times for using them. If you do, ALWAYS scan your themes for base64 encoding. I have found 2 or 3 themes along the way that use base64 encoding for legitimate reasons, usually to protect the code for a special feature they've written (which isn't much protection, as I've shown, it's easy to decode it). But the vast majority of times, if you find base64 encoding in a Wordpress theme, it's going to be in footer.php, it will be unnecessary, and it can be removed.

Anyway, if you find this is the case, the quickest and easiest solution is to find a legitimate download of the Nova theme that does NOT contain the encoded strings and upload it to your server, overwriting the existing version. If you've made modifications to the theme, you will, of course, need to make those same modifications to the new copy.


EDITED TO ADD: Kyle, I hadn't looked at the source code for your site, since I figured this was a php issues and wouldn't be visible to the end user. However, looking at the source code, I do see a javascript in the source code referring to the site I mentioned. It's at the very end of the HEAD section of the page. This is a pretty obvious and clumsy addition by the person who inserted it, and I have to think it's whoever is running freefilesblog.com. Since, it appears to be a place where you can illicitly download commercial paid themes via filesharing sites like Filesonic. So, if this is where you downloaded the Nova theme from and it's a paid theme, you've just discovered one of the hazards of not paying for what you should. If you got it from elsewhere, it could be the site owner is spreading the code through free themes on other sites to benefit him/herself.

@ Pat - thanks for that - I can see it now that you've pointed it out. I hope Kyle reads your post.

Nice find, Pat.