We help IT Professionals succeed at work.

typing website address opens the correct website but google link takes me to different website

uilli
uilli asked
on
Hello,
a friend has a website http://fondazioneroberthollman.it that works fine when typing the address in the address bar.
However if the link is opened through a search engine, it opens up a website that sells bags.
It isn't a virus on the client side since I've tried it on different computers on different network, it seems more of a dns problem, or some website hack maybe (it's a very old website).

For example on google it shows the correct name but the description is the one of the bags website

google.PNG
and on bing the name is the one of the bags website

bing.PNG
by accessing the page by typing the address and viewing the page source I cannot find any redirect, so I'm not sure if it's a dns problem of the provider or some kind of hack I'm not aware of
Comment
Watch Question

Chris HInfrastructure Manager

Commented:
I'm also not ruling out that the web host has port 80 bindings correct.  You may also want to contact your web host.

Correction:  Closer examination shows that neither host is related by any means.  This is Google's fault.

Author

Commented:
what is strange is that it's not only google, but I tried bing and yahoo and I get the same problem
Infrastructure Manager
Commented:
This webserver is compromised.  

This script is called on a non-indexed page:
3/31/2015 2:20:50 PM      http://www.drdrebeats.eu/ugg/airmax-it.js|>{gzip} [L] HTML:Iframe-inf (0)

I can no longer access this script on the server side now, so it's either tamper-aware, you're in the process of fixing it or a hacker just cloaked.  

I do a google search and it shows several nike airmax ads in different languages.  Your's appears to be in Italian.

https://www.google.com/#safe=off&q=http:%2F%2Fwww.fondazioneroberthollman.it%2F+nike

See for yourself.

The only valid answer here is to rebuild from scratch.  Ethically, you should too, as this is probably a jump point for malware now.

Is this a hosted server?
Chris HInfrastructure Manager

Commented:
Also, I'd remove any mention to any email addresses listed.  Those guys have to get a buttload of spam.
http://fondazioneroberthollman.it/eng/contatti.htm

Author

Commented:
thanks for the research. the website is hosted by a company and doing a search on the company domain like you suggested it seems it's their webserver that has been compromised

https://www.google.it/search?client=opera&q=advertendo&sourceid=opera&ie=UTF-8&oe=UTF-8#q=www.advertendo.com%2F+nike

this shows advertising websites on their domain as well. Does this mean their webserver got hacked?
Chris HInfrastructure Manager

Commented:
The host is definitely compromised to where it's effecting your product.  I'd walk and try a different host.  Does he have a backup of the website before this happened?  I'd consider using that or at least comparing the original source (espeically scripts) to the code that exists.  With encryption and randomization, the only person who could probably tell you how and what got compromised is the person who compromised it.  It may be time, too, that he updates the website technology to a more efficient, search engine friendly, mobile supported platform.