Access my website from google sends me to a scam page

Question

When I type my web site's name in Google search, I see in the pages under the main URL are scam pages:

If I click the page, it goes to an ad page that I did not create:

If I refresh the page, I'm still on the phishing page.

However, if I copy/paste the URL from the phishing page to a new tab, it brings me to the normal page.

Tested with Google Chrome.

What can be the mechanism behind this attack?

@syldor Someone hacked your site and is hosting their own content. As Matthew says, they check the header to see if you are coming from Google or directly as a way of hiding from you, the site owner. — schroeder, Jul 07 '17 at 10:13
The link given is obviously a very valuable ressource, but I was still hoping to get the question open to understand more about my specific case, as your comments are already explaining some of it. — syldor, Jul 07 '17 at 10:16
@syldor Unfortunately, there are so many potential ways that an attacker would be able gain access to your server, it would take a dedicated forensic examination to find out which they had used. For example, they might have compromised a .htaccess file via FTP, or added JavaScript to your pages via a weak admin password, or found a flaw in another site hosted on the same server and edited files via SSH. It would even be possible for them to have tricked you into using malicious software to connect to the server. Finding out which they actually did isn't possible without a lot of work, usually. — Matthew, Jul 07 '17 at 10:38
We can explain why you get one site by clicking a Google link but another site if you navigate directly, but unfortunately, we can't offer any more than that. You've been hacked. Wipe the server, restore from trusted backups, patch, and closely monitor. — schroeder, Jul 07 '17 at 12:21

0 Answers0