Search Engines Redirecting Site - Not a Virus

When I search (using Yahoo, Bing or Google) for mountain magnolia inn, the site comes up at the top of the search result.  Clicking the main link for the site redirects to <edited - redirecting to some scam site - GaryC123>.  Interestingly enough, searching with DuckDuckGo does not redirect my site.  My site is hosted on Windows server and the webhost has been highly uncooperative in helping me to get this resolved.  Any fast ideas would be truly appreciated!
xtelbAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dipopoCommented:
Are you sure you don't have an embedded iframe doing all the re-directs.

<blind link removed - GaryC123>
0
xtelbAuthor Commented:
There are no iframes on the home page.
0
xtelbAuthor Commented:
Solved the problem.  Seems someone had replaced my index.html file with several new ones containing rich snippets that were used to redirect.  Thanks anyway!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

GaryCommented:
Either your server is infected and redirecting to that site whenever it detects a google referrer - they do this because the site owner is unlikely to use google for their own site.
Or your own pc is infected with something like this.
http://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem

Check your side first, if that is clean then we can investigate the server side.
Is it the actual site mountainmagnoliainn.com? As it works fine for me making me suspect it is your own pc that is infected.
0
xtelbAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for xtelb's comment #a39562883

for the following reason:

I solved the problem myself.
0
GaryCommented:
How did you solve it after selecting delete the second after I posted my comment.
0
GaryCommented:
Seems someone had replaced my index.html file
And how do you think they did that?
0
xtelbAuthor Commented:
Hi GaryC123, I'm not understanding your comment about "how did you solve it after selecting delete the second after I posted my comment."  I haven't deleted anything from EE.

Regarding your question about how someone could replace my index.html file, it seems that it was deleted entirely and replaced with 2 index files - index222.html and I don't remember what the other one was.  And I have no idea how someone could have accomplished that other than the webhost's security is lacking.  Do you have any ideas?
0
xtelbAuthor Commented:
Oh, and my PC was not infected.  The symptoms occurred on multiple computers across multiple networks.
0
GaryCommented:
It's fine, our posts were crossing. It was working fine for me because you had probably changed the index files.
Anyway refer to my previous comment on thewhy.
Now to the how - your server has been hacked.  They may have already installed something that will revert those index files back again, so this time tomorrow you could be back at square one or since they have managed to hack it once they will keep checking back to fix your website again.
0
xtelbAuthor Commented:
Argh!  I've already opened a new webhost account and have uploaded all my local files to it.  Was going to initiate the nameserver change in the morning.  Think I should wait that long?
0
GaryCommented:
Wouldn't likely make any difference if it is your code that has been hacked i.e. it isn't so much the server itself that is vulnerable.
So you need to find out how they hacked it - are you using any kind of CMS?
0
xtelbAuthor Commented:
No.  Just css and straight html.  The code is on my local server; it's the files on the webhost that were potentially hacked.  My code should be fine, right?
0
GaryCommented:
Is it mountainmagnoliainn.com?
But if your code is open to attacks it wouldn't make any difference if you upload your local files - they are the same.
The only possible ingress I can see is the contact form - so make sure you are sanitizing the data there.
If that is fine then it probably was the server that was open to attack - I assume this is shared hosting.
0
xtelbAuthor Commented:
Yes, it is mountainmagnoliainn.com.  I will check the contact forms before I move forward with the new host.  Thanks so much for the feedback.  I'm going to attribute some of the points to you.
0
xtelbAuthor Commented:
Spoke too soon.
0
GaryCommented:
???
0
GaryCommented:
You can go ahead and just accept your own answer, that was just some advice.
0
xtelbAuthor Commented:
hahahaha... i had to give a reason for "Objecting" to my initial close request.  so I said "spoke too soon."  :-)
0
xtelbAuthor Commented:
Initial problem was resolved by me.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.