Site Redirect

  • Hi,

    I have run the “Sucuri” site scan on my site and it finds a suspicious redirect.
    It redirects to a page that I end up in if I follow links in my Google Console… Basically a now non-existant fake trainer site.

    – [removed probably bad URL]

    How can I remove this redirect?

    Any advice appreciated. Thanks.

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 17 total)

  • Yes, there is a redirect on your website specifically for Google’s mobile UserAgent. I was able to visit your website, but once I tried to do so as Google it redirected me.

    This usually tends to happen when a website may have been hacked through a vulnerable plugin or theme. I can’t say where it is. Usually, a modified file or a set of malicious files inserted into WordPress will cause something like this.

    You need something (or someone) to go through the PHP files and try to identify infected or malicious files. The first thing I would try is:
    https://www.ads-software.com/plugins/gotmls/

    It’s not perfect and might not be 100% accurate, but it usually does find some of the infected files.

    You can find some additional information here:

    FAQ My site was hacked

    Also, I think I noticed your site is using PHP 5.6. That’s very outdated and can cause problems. So see if 123-Reg can upgrade you to something more recent (7+), ideally 7.3 or 7.4.

    Hope that helps.

    For moderator: remove possibly malicious URL from the original post.

    @supporthero Thanks for the modlook. Did you know that if you hit the “Report topic” button, you get a chance to send along a non-public message to the moderators?

    @tobifjellner thanks, I don’t think I ever noticed it there. I’ll use that in the future.

    @supporthero That functionality was added a couple of months ago, and refined in April…

    Thread Starter cliffyb

    (@cliffyb)

    @supporthero,

    That’s really helpful, thank you so much.

    I have some support from “Site Lock” provided by 123-Reg, so will pass the information onto them and hope to get this resolved.

    Thanks again.

    Thread Starter cliffyb

    (@cliffyb)

    Err, I’m guessing this is a stupid question… Does this redirect adversely affect my Google ranking? I seem to have disappeared over the last month or so ??

    If Google believes that your site has been compromised/contains bad stuff, then they may remove your site from the search results.
    Once you feel that you’ve sorted any problems, you probably should visit the webmasters part of Google and tick some boxes/ask them to re-check your site.

    Thread Starter cliffyb

    (@cliffyb)

    Thanks

    @cliffyb So far, Google hasn’t flagged your site as hacked. Most likely because they haven’t crawled it yet. You can do a quick check by using site: operator in Google. Just search for:

    site:handcosteopathy.co.uk

    If Google flags you, results will say so. You can also try using Safe Browsing status tool too: https://transparencyreport.google.com/safe-browsing/search

    The report says info was updated on April 17th.

    When SiteLock tells you it’s been cleaned, make sure you check with Sucuri tool. You can also post here, we can check it again. SiteLock usually uses automatic cleanup, which either can break the website by deleting files or leaving broken code or not clean everything up.

    Thread Starter cliffyb

    (@cliffyb)

    OK, thank you that’s awesome.
    Still waiting for 123-Reg to get back to me. It’s been a day and a half, yet feels like a year and a half ?? Just want this sorted so I can get my website back up in the rankings again. I realise this may take a while now…

    @cliffyb keep us posted and don’t forget to resolve this thread once it’s good to go.

    Thread Starter cliffyb

    (@cliffyb)

    Hi,
    Just a quick update… Finally got a replay from 123-reg today saying there is nothing wrong with my site. I went back to sucuri and ran the site scan and got the same error that was there before! Grrrr!
    In an earlier post you said “but once I tried to do so as Google it redirected me.”
    How is this done? If I can show them how to do it, maybe I’ll get some joy.

    Thanks again.

    @cliffyb Look up the command curl

    @cliffyb It looks like it only triggered the redirect for me for requests using Googlebot user-agent AND a referrer URL from google.com:

    #curl -sD – -L -A “Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)” -e “https://google.com/images/” “www.handcosteopathy.co.uk”

    HTTP/1.1 302 Moved Temporarily
    Date: Fri, 22 May 2020 13:37:24 GMT
    Server: Apache
    X-Powered-By: PHP/5.6.39
    Location: https://www.[sneaker spammer instead of your website].com

    You can try to find an online website that lets you submit curl requests if you don’t have a terminal setup on your device.

    Also, until you resolve the security issue that is being exploited then there is little benefit to gain from cleaning (or attempting) the website – it will just be reinfected until you close the hole.

    Thread Starter cliffyb

    (@cliffyb)

    That’s great thank you. They are still claiming they cannot see anything, so I will pass this information on.
    Is the security issue likely to be due to out of date WP files?
    Would installing an SSL certificate make any difference to the security of the site?

    TIA

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘Site Redirect’ is closed to new replies.