Google results redirect to wrong website (stright url is ok)
-
- DW Clan Member
- Posts: 112
- Joined: Tue Jan 05, 2010 1:40 pm
- Location: New York, NY
I have confirmed that the link returned by a google search for "clandw" does indeed return a bogus/infected site. Sokoro is right. That's all I can/will say.
Generic Humorous Forum Sig
AS-Cubes4All > AS-TorlanEvolution > AS-OpportunityKnocks > AS-BP2-AcatanaEvolution
AS-Cubes4All > AS-TorlanEvolution > AS-OpportunityKnocks > AS-BP2-AcatanaEvolution
This is an error message which I received when I tried to connect through google results with IE 10:
Warning: file_get_contents() expects at most 2 parameters, 3 given in /homez.149/elixirbi/www/index_backup.php on line 1
Futher indicating that you have rogue files in your root php library. Please do something.
Also I found other websites which redirect with such error.
Warning: file_get_contents() expects at most 2 parameters, 3 given in /homez.149/elixirbi/www/index_backup.php on line 1
Futher indicating that you have rogue files in your root php library. Please do something.
Also I found other websites which redirect with such error.
Last edited by Sokoro on Sat Jul 13, 2013 2:26 pm, edited 1 time in total.
I made an AM character just to be able to use electromagnet in safe spots with 500 adrenaline and rejuvation weapon +5
Thread of somebody having very similiar problem.. and outdated joomla like you..
http://forum.joomla.org/viewtopic.php?f=432&t=648775
Yes you have outdated joomla!
http://sitecheck.sucuri.net/scanner/?sc ... clandw.org
Also your website seems to be working very slow.. It takes several seconds before it redirect me to end of the thread with my post posted.. after I click [Submit]
I have 165ms 3.63mbps down 3.17mbps up from Pilsen to Tempe... that is ok I guess.... for being across the globe.. maybe you should upgrade your server's internet connection... I have the best in my state.
http://forum.joomla.org/viewtopic.php?f=432&t=648775
Yes you have outdated joomla!
http://sitecheck.sucuri.net/scanner/?sc ... clandw.org
Also your website seems to be working very slow.. It takes several seconds before it redirect me to end of the thread with my post posted.. after I click [Submit]
I have 165ms 3.63mbps down 3.17mbps up from Pilsen to Tempe... that is ok I guess.... for being across the globe.. maybe you should upgrade your server's internet connection... I have the best in my state.
I made an AM character just to be able to use electromagnet in safe spots with 500 adrenaline and rejuvation weapon +5
Security warning in the URL:
http://www.clandw.org/resources/fullgam ... e-tracker-
Suspicious domain detected:
http: //1006jrfjhjr.dynamicdns.org.uk:85/SNrXO5eZUmezafp1VSscRaEmTDduhjoEBK5 (infected do not go there)
A suspicious code was identified loading content from a blacklisted domain. Those types of code are often used to distribute malware from external web sites while not being visible to the user.
EDIT: hmm I just did a rescan and it no longer return this detection.. but you still have outdated joomla and that is a security issue.
http://www.clandw.org/resources/fullgam ... e-tracker-
Suspicious domain detected:
http: //1006jrfjhjr.dynamicdns.org.uk:85/SNrXO5eZUmezafp1VSscRaEmTDduhjoEBK5 (infected do not go there)
A suspicious code was identified loading content from a blacklisted domain. Those types of code are often used to distribute malware from external web sites while not being visible to the user.
EDIT: hmm I just did a rescan and it no longer return this detection.. but you still have outdated joomla and that is a security issue.
I made an AM character just to be able to use electromagnet in safe spots with 500 adrenaline and rejuvation weapon +5
-
- Site Admin
- Posts: 2241
- Joined: Mon Dec 26, 2005 12:00 am
- Xfire: bomzin
- Location: Layton,Utah
Ok not sure what is up. Google webmaster says we are clean. I can only duplicate this going through google Brazil. I don't believe the site to be infected still. Yes am working on the upgrade but everything has changed so it's going to take some time. Hopefully before the New Year we get it done.
I am just on a fresh install. Loaded Chrome. Searched for clandw. Pulled us up just fine. Open for suggestions. I guess we could try contacting google brazil.
I am just on a fresh install. Loaded Chrome. Searched for clandw. Pulled us up just fine. Open for suggestions. I guess we could try contacting google brazil.
Just something I found.. you are on a list:
http://evuln.com/labs/www.google.com.br/
First three letters for the infected websites are censored.. so search for "ndw.org"
and this!:
http://evuln.com/tools/malware-scanner/clandw.org/
"The website redirects visitors from search engines to the 3rd-party URL:
->http://www.elixir-bienetre.com/includes ... img/js.php
684 websites infected."
Little guide: http://evuln.com/hacked/redirect.html
Edit:
Seems that it is a chain of redirects, which send users acros several infected websites and then to google.br
http://evuln.com/tools/malware-scanner/ ... ellaun.de/
http://evuln.com/labs/www.google.com.br/
First three letters for the infected websites are censored.. so search for "ndw.org"
and this!:
http://evuln.com/tools/malware-scanner/clandw.org/
"The website redirects visitors from search engines to the 3rd-party URL:
->http://www.elixir-bienetre.com/includes ... img/js.php
684 websites infected."
Little guide: http://evuln.com/hacked/redirect.html
Edit:
Seems that it is a chain of redirects, which send users acros several infected websites and then to google.br
http://evuln.com/tools/malware-scanner/ ... ellaun.de/
I made an AM character just to be able to use electromagnet in safe spots with 500 adrenaline and rejuvation weapon +5
I did this check:
http://urlquery.net/report.php?id=3735596
And it seems that you have http transaction with google.com.tr which is turkish google. That is really fishy.. could you explain?
unmaskparasites.com scan on clandw.org shows this hidden external link:
<IFrame> hidden link - http: //www.google.com.tr/url?sa=t&rct=j&q=seo& ... 5608,d.Yms
turkish... goes to some turkish website about who knows what..
This reports the external link, hidden in iframe, and 56 sucpicious files with the link
http://www.quttera.com/detailed_report/www.clandw.org
http://urlquery.net/report.php?id=3735596
And it seems that you have http transaction with google.com.tr which is turkish google. That is really fishy.. could you explain?
unmaskparasites.com scan on clandw.org shows this hidden external link:
<IFrame> hidden link - http: //www.google.com.tr/url?sa=t&rct=j&q=seo& ... 5608,d.Yms
turkish... goes to some turkish website about who knows what..
This reports the external link, hidden in iframe, and 56 sucpicious files with the link
http://www.quttera.com/detailed_report/www.clandw.org
I made an AM character just to be able to use electromagnet in safe spots with 500 adrenaline and rejuvation weapon +5
its the turkish kebab that does all the damage.... :blackeye:
I have to confirm with sokoro that everytime I post a reply (clicking the "submit" button) it takes too much time for me also for the post to be submitted and the page to be fully refresh-ed. (which personally is the only web-page/forum that I have this isuue)...but i assumed it had to do with the server load/bandwidth....
besides that, I never had a "weird" redirect from google results for clandw....
ps: even microsoft suggests users NOT to use IE
ps2: page layout of the forum is wider by 100-200px (horizontal res)
I have to confirm with sokoro that everytime I post a reply (clicking the "submit" button) it takes too much time for me also for the post to be submitted and the page to be fully refresh-ed. (which personally is the only web-page/forum that I have this isuue)...but i assumed it had to do with the server load/bandwidth....
besides that, I never had a "weird" redirect from google results for clandw....
ps: even microsoft suggests users NOT to use IE
ps2: page layout of the forum is wider by 100-200px (horizontal res)
-
- Site Admin
- Posts: 2241
- Joined: Mon Dec 26, 2005 12:00 am
- Xfire: bomzin
- Location: Layton,Utah
Now that is interesting says the 1 malicious code is a .gif, maybe I didn't get to the root of it. Will be killing a gifSokoro wrote:I did this check:
http://urlquery.net/report.php?id=3735596
And it seems that you have http transaction with google.com.tr which is turkish google. That is really fishy.. could you explain?Nope, Have no idea
unmaskparasites.com scan on clandw.org shows this hidden external link:
<IFrame> hidden link - http: //www.google.com.tr/url?sa=t&rct=j&q=seo& ... 5608,d.Yms
turkish... goes to some turkish website about who knows what..I manually went through and took out the bad code, possible I missed something but I'm not seeing a bunch of infected files again. Hidden link in a I-frame. How the hell do I track that down. I didn't write the code nor am I smart enough. I did paste it all together thought with what I thought to be reputable stuff.
This reports the external link, hidden in iframe, and 56 sucpicious files with the link
http://www.quttera.com/detailed_report/www.clandw.org
hmm those hidden iframes could be just some trick to get better google pagerank for the websites which are linked in them, since both (yes there is currently another one: www .seo.mavi1.org ) of those turkish websites seems to be clean.
You should contact someone from joomla masters/admins to ask them if it is intentional or infection.
Did you all change passwords and scanned your computers after the event when website was down?
I read that hackers sometimes use your own computer to infect your website through ftp.
You are still redirecting: http://evuln.com/tools/malware-scanner/ ... rg/rescan/
Edit: another website comfirming the redirect: http://aw-snap.info/file-viewer/?tgt=ht ... &ua_sel=ff
So you are still infected... you need to do something, try to ask on some forums for help.. eg:
https://www.badwarebusters.org
http://productforums.google.com/forum/? ... cked-sites
You should contact someone from joomla masters/admins to ask them if it is intentional or infection.
Did you all change passwords and scanned your computers after the event when website was down?
I read that hackers sometimes use your own computer to infect your website through ftp.
You are still redirecting: http://evuln.com/tools/malware-scanner/ ... rg/rescan/
Edit: another website comfirming the redirect: http://aw-snap.info/file-viewer/?tgt=ht ... &ua_sel=ff
So you are still infected... you need to do something, try to ask on some forums for help.. eg:
https://www.badwarebusters.org
http://productforums.google.com/forum/? ... cked-sites
I made an AM character just to be able to use electromagnet in safe spots with 500 adrenaline and rejuvation weapon +5