I’ve been very very perplexed by this issue: a friend of mine runs a website called Shop Laurella at shoplaurella.com. Recently, there has been a lot of redirection of her site to some strange advertising spam kinda thing. I’ve looked at the .htaccess files, I’ve pored through some of the code on the index.php and all (and even modified the file to see if it was loading) but to no avail.
Does anyone have any idea on what leads I should take? Originally, she could load her site and intermittently find another website once in a while, but it’s now permanent.
I’m out of my league here, would appreciate any leads! Thanks!
Welcome to the Sitepoint Forums. You are certain to find an answer to your question among the innumerable experts that comprise our community.
Have you taken the site offline?
There appears to be no landing page (default registrar page).
According to the Whois database, that domain name is registered to someone in Singapore and the domain is currently hosted at hostgator. Are you certain about the domain name?
Thanks for the reply. I’m not sure if taking the site offline would do any good, since I’m sure it’s a DNS level issue or some redirection issue. I’m not sure what you mean by landing page, I seem to be getting redirected to an ad page that has fashion links and all but not the actual site we have there.
I’m from Singapore and the domain is registered to my friend in Singapore, and yes I think it’s on hostgator. Pretty lost here, but thanks for the help!
Now I have a better understanding of the overall situation. What you are seeing is a standard ‘generic’ page many hosting companies use.
Based on my experience you have suffered from one of two (not at all nefarious) issues:
The hosting expired
The DNS is not correctly setup
Beginning with the hosting provider, ask for some help on this and you should get quickly to a resolution.
Take your website offline because it’s poisoning your reputation.
THEN …
Download all files to your computer but do not run them there (you’d infect your computer). READ the code and look for JavaScript that you had not included in the file. That’s likely your source of redirections.
If you’ve used canned programs (WordPress, Drupal, ZenCart, etc.), UPDATE (and keep updating regularly as the script kiddies look for non-current versions to test their hacker scripts). NEVER let an update go by!
Upload your backup set of files (the master set - you DO have the master files, don’t you?) then test all the links in your website. If any redirect, your master set is also infected and you’d better just start over.
There had been a thread some months ago where I posted a “checklist” to resolve a hack attack where recommended that the host run “maldet scans” on the account and use the output to find all the offending files (you have to read the file to see what code is creating the problem). Be sure to run multiple maldet scans until it can find no further malware in your account’s files (then weekly after that).
THEN create a script to hash all your files and record those hashes every day and compare against the previous day’s hashes (read from a database). You should know of any additions, edits or deletions and compare that with the output of your script. (I wrote just such a script and published it at SitePoint a few months back - just get the updated (linked) version as I’d gotten carried away with deleting personal information from my code.
