HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

HACKED!!!! Malicious redirect commands have paralyzed our site!!

Our home page still works. But all links from it redirect to the home page. Links to categories, profiles, everything, all redirect to the home page. You never see the page you are trying to get to.

Even if you "copy link address" by right clicking on the links, and then paste those into a new browser page, it takes you to the home page only.

Our web host says that there are redicrect commands that have been maliciously added to several different files.

If I knew where to go, I could edit out those commands. I use FileZilla to edit the site.

Any help is appreciated.

Thanks.

Comments

  • KasparKaspar ✭✭✭

    What was the last changes done, did anyone work pretty urls/redirects for example.


    "Our web host says that there are redicrect commands that have been maliciously added to several different files."

    If they can see that then you can get an idea of what it is (ask them what they found).

  • We have not touched the site for months.

    Our hosting company says this happened at 1:30 AM this morning,

    Here is the error code, which we now see has been at the same time every morning since Oct 20:

    [16-Nov-2021 01:07:41 UTC] Unhandled exception in file cloner/websocket.php line 160: [ws_closed]: Connection closed

    Here is where people with WordPress have the same issue:

    Could this be the cause of our problem with all links redirecting to the home page?

    The Cpanel forum concludes this is GoDaddy's fault. But maybe it's a benign issue, and our real culprit is something else.

    Any further help appreciated.

  • I now see the error codes are time stamped per UTC time, so 4 hours off from the onset of our problem.

    This suggests it is something else.

    I confess that we are using a 2.x version of Vanilla Forums. But would this weird redirection problem be a function of that.

    is there some command in Vanilla Forums that if corrupted would redirect everything to the home page?

    Oddly, the "Vanilla Forums" logo link at the bottom of the page is the only one that works.

  • Well, after about 29 hours, our problem went away.

    We made no changes, updated nothing. After 29 hours, the site began working again. All links from the home page now go to the correct pages, and do not redirect to the home page. Everything seems perfectly functional.

    Is it possible some kind of hack occurred just to borrow our server, but it was timed to expire? Do hackers have an honor code?

    Has anyone heard of this phenomenon before?

    My question here is serious, as I would consider remedial measures if I knew what happened.

  • It frankly sounds like your host made a mistake with a server configuration file and blamed it on hackers until they fixed it.

    There's no earthly reason a hacker would want to redirect all links to your homepage. They'd redirect it to spam and ads, at the very least.

Sign In or Register to comment.