0

BACKGROUND

A website of mine was recently the target of a conditional redirect attack.

  • PHP code was added to my pages to redirect visitors.
  • The .htaccess file was edited to redirect visitors.

I've re-uploaded my website so the compromised PHP and .htaccess code have both been removed.

My site is mostly handwritten php and static HTML content. I don't use page comments or any third party libraries.

THE PROBLEM

After removing the compromised php and htaccess files, visitors are still being re-directed.

  • What could be the reason that visitors are still being redirected?
  • Are there any tools to check where/how redirects are taking place so I can debug the problem?

UPDATE - PROBLEM FIXED

As suggested in the comments, I cleared my Firefox cache and that fixed the problem (for me anyway). Visitors with old cache data will obviously still be re-directed.

Shannon Matthews
  • 99
  • 3
  • Both "www.onesmallclue.com" and "onesmallclue.com" both appear to redirect to "poise.php" when I test with curl. Can you tell me how to reproduce the incorrect redirection? – Jerf Altair Jul 10 '12 at 04:34
  • possible duplicate of [My server's been hacked EMERGENCY](http://serverfault.com/questions/218005/my-servers-been-hacked-emergency) – mgorven Jul 10 '12 at 04:38
  • @mgorven: I don't believe my question is a duplicate. My question is asking about the existence of a specific tool to solve a specific problem. The question you link to is a general plea for help with a broad answer which doesn't answer my specific question. If you believe my question is a duplicate, please show me where my specific question is answered. – Shannon Matthews Jul 10 '12 at 05:57
  • @JeffHalter: Thanks for taking a look. Both "www.onesmallclue.com" and "onesmallclue.com" redirect to "poise.php" when the site is working correctly. The incorrect redirection can be reproduced here by right clicking the link www.onesmallclue.com above and choosing "open link in new tab". (Running Firefox, Windows 7 x64) I am also redirected incorrectly when following links from a google search. – Shannon Matthews Jul 10 '12 at 06:05
  • Have you tried clearing your browser cache? – Ignacio Vazquez-Abrams Jul 10 '12 at 06:11
  • @IgnacioVazquez-Abrams: Thanks! Clearing my firefox cache just fixed the problem! Is there something I can do so that other visitors automatically have their cached contents updated when they re-visit my site. It's no good if visitors are still being updated because of bad cache data. – Shannon Matthews Jul 10 '12 at 06:18
  • Unfortunately no. Anything you put won't be loaded because the cached data is still in place. – Ignacio Vazquez-Abrams Jul 10 '12 at 06:25
  • @IgnacioVazquez-Abrams: Well that is a shame. Oh well. I'll just have to notify people where possible. Thanks anyway. :) – Shannon Matthews Jul 10 '12 at 06:33
  • @shannon Feel free to post as an answer and mark it accepted when you can. Self-answers are welcome here. – jscott Jul 10 '12 at 11:07

1 Answers1

1

Try clearing your browser cache.

Shannon Matthews
  • 99
  • 3
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940