0

We are having a problem within our server. After transferring the files to a new dedicated server, within only one or two weeks almost every website under our server is redirecting to a porno scammy sites (to be blunt to adultfinder website). Once you enter the url it will redirect to it and once you enter it once again you are now in the original website.

Rei
  • 23
  • 2
  • 7
  • Can you please provide more detail, or possibly the domain for examination? Have you verified the issue doesn't exist with DNS? Are you running any sort of web management panel like Plesk, or cPanel? Are any of the sites running WordPress? More information is needed! – David Houde Sep 20 '13 at 09:09
  • 4
    +1. Personally I would add "hire an admin, and if you are one look for a job outside of IT" to someone asking the question like this. – TomTom Sep 20 '13 at 09:11
  • Hi David, sorry this is my first time encountering something like this. we are using cPanel, only one site running using WordPress. here are some of the domains http://chefmateocatering.com, http://combinedlogisticsnetworks.com and http://weddinginthesky.com. How can I verify/check the DNS? – Rei Sep 20 '13 at 09:24
  • none of your websites listed are now seen redirecting. Seems you have corrected it. – Ajo Augustine Sep 20 '13 at 09:39
  • I thought it was ok too. But some of our clients says that it is still redirecting. – Rei Sep 20 '13 at 09:43
  • Might depend on browser. The first attempt redirected to spam, unable to reproduce with wget/fetch, only Chrome and FF. – David Houde Sep 20 '13 at 09:44
  • what do you mean by depending on browser? – Rei Sep 20 '13 at 10:01

1 Answers1

0

Your server has been compromised. As all the websites been redirected to scammy site, it seems your indiex pages might be replaced. The intrusion can be due to vulnerability of your operating system,control panel or with the application or might have got root access. You need to Hire an admin to check/fix server security(t) and to restore the replaced index files from backup.

Ajo Augustine
  • 1,252
  • 4
  • 16
  • 21
  • We tried to scan the whole server and it says it is clean. So I am now confused on what is going on. – Rei Sep 20 '13 at 09:35
  • I doubt PHP code that has been modified to do something nasty will be detected by a "scanner". – Marki Sep 20 '13 at 09:52