xtelb
asked on
Search Engines Redirecting Site - Not a Virus
When I search (using Yahoo, Bing or Google) for mountain magnolia inn, the site comes up at the top of the search result. Clicking the main link for the site redirects to <edited - redirecting to some scam site - GaryC123>. Interestingly enough, searching with DuckDuckGo does not redirect my site. My site is hosted on Windows server and the webhost has been highly uncooperative in helping me to get this resolved. Any fast ideas would be truly appreciated!
ASKER
There are no iframes on the home page.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Either your server is infected and redirecting to that site whenever it detects a google referrer - they do this because the site owner is unlikely to use google for their own site.
Or your own pc is infected with something like this.
http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
Check your side first, if that is clean then we can investigate the server side.
Is it the actual site mountainmagnoliainn.com? As it works fine for me making me suspect it is your own pc that is infected.
Or your own pc is infected with something like this.
http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem
Check your side first, if that is clean then we can investigate the server side.
Is it the actual site mountainmagnoliainn.com? As it works fine for me making me suspect it is your own pc that is infected.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for xtelb's comment #a39562883
for the following reason:
I solved the problem myself.
Accepted answer: 0 points for xtelb's comment #a39562883
for the following reason:
I solved the problem myself.
How did you solve it after selecting delete the second after I posted my comment.
Seems someone had replaced my index.html fileAnd how do you think they did that?
ASKER
Hi GaryC123, I'm not understanding your comment about "how did you solve it after selecting delete the second after I posted my comment." I haven't deleted anything from EE.
Regarding your question about how someone could replace my index.html file, it seems that it was deleted entirely and replaced with 2 index files - index222.html and I don't remember what the other one was. And I have no idea how someone could have accomplished that other than the webhost's security is lacking. Do you have any ideas?
Regarding your question about how someone could replace my index.html file, it seems that it was deleted entirely and replaced with 2 index files - index222.html and I don't remember what the other one was. And I have no idea how someone could have accomplished that other than the webhost's security is lacking. Do you have any ideas?
ASKER
Oh, and my PC was not infected. The symptoms occurred on multiple computers across multiple networks.
It's fine, our posts were crossing. It was working fine for me because you had probably changed the index files.
Anyway refer to my previous comment on thewhy.
Now to the how - your server has been hacked. They may have already installed something that will revert those index files back again, so this time tomorrow you could be back at square one or since they have managed to hack it once they will keep checking back to fix your website again.
Anyway refer to my previous comment on thewhy.
Now to the how - your server has been hacked. They may have already installed something that will revert those index files back again, so this time tomorrow you could be back at square one or since they have managed to hack it once they will keep checking back to fix your website again.
ASKER
Argh! I've already opened a new webhost account and have uploaded all my local files to it. Was going to initiate the nameserver change in the morning. Think I should wait that long?
Wouldn't likely make any difference if it is your code that has been hacked i.e. it isn't so much the server itself that is vulnerable.
So you need to find out how they hacked it - are you using any kind of CMS?
So you need to find out how they hacked it - are you using any kind of CMS?
ASKER
No. Just css and straight html. The code is on my local server; it's the files on the webhost that were potentially hacked. My code should be fine, right?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, it is mountainmagnoliainn.com. I will check the contact forms before I move forward with the new host. Thanks so much for the feedback. I'm going to attribute some of the points to you.
ASKER
Spoke too soon.
???
You can go ahead and just accept your own answer, that was just some advice.
ASKER
hahahaha... i had to give a reason for "Objecting" to my initial close request. so I said "spoke too soon." :-)
ASKER
Initial problem was resolved by me.
<blind link removed - GaryC123>