Being directed to hacked site only when searched through Yahoo

Question

A local wolf sanctuary had just posted a warning on Facebook to not visit their site because it had been hacked. However, it only sends you to the hacked site when searching through Yahoo.

I was curious as to how this might be working and why it's different?

The site is whar.org (assuming it hasn't been fixed at the time of reading).

Nomad · Accepted Answer · 2018-03-28T15:01:13.420

5

I have just verified this.

If the request header contains the Referer (which your browser adds after being refered by another site), you are redirected to the fake page.

This is the response, which causes the "redirect":

Now we modify the request to not contain the REFERER: header:

And the correct website is loading.

So basically, the "hacker" checks the REFERER header, and if it is set to Yahoo (or possibly others), it will show you the wrong page.

edited Mar 28 '18 at 15:01

answered Mar 28 '18 at 12:37

Nomad

2,359
2
11
23

3

To be a bit pedantic, yahoo doesn't add the referer header, your browser does. Also, please copy text rather than adding pictures. – AndrolGenhald Mar 28 '18 at 13:51
You're correct, edited the answer. Apologies for the images. – Nomad Mar 28 '18 at 15:02

Being directed to hacked site only when searched through Yahoo

1 Answers1

Linked