All my domains are going to another address

wordpress

#1

Is anyone else experiencing this problem today? All of my domains are going to a false URL that has nothing to do with me.


#2

Are you saying that some sort of redirect is taking place? It sounds a little bit like what was happening when hackers managed to get hold of FTP passwords, so you might want to check for hidden DIVs or frames in your code. Also, check to make sure your anti virus software is updated.

si-blog
Max discount on any plan with promocode SCJESSEYTOTAL


#3

Yes, all sites appear to be redirected to one site that is not mine. Virus software is up to date, webmail is working. There are no meta redirects in my files and my dates correspond with the dates on the server when I FTP connect.


#4

I’ve seen something similar happen if Apache’s httpd.conf file gets messed up and losing the virtual server configuration.

Try a WHOIS on the destination URL and see if it’s hosted here. Otherwise, it could be as scjessey says.

-Scott


#5

What is the URL that you are ending up at?

si-blog
Max discount on any plan with promocode SCJESSEYTOTAL


#6

http://www.phentermine-google.com/group/bestsellers.html/

is the false url.
I have checked whois information and everything appears correct.


#7

Have you checked for javascript in your code that you didn’t put there? Have you inspected http headers? (FF extension for LivehttpHeaders). Can you provide a url that is effected (one of yours that is getting re-routed)?

–rlparker


#8

http://www.unstrange.com is one of my URLs that is affected. I changed my password in the dreamhost panel and uploaded a good file but still they all still redirect to this imposter.

I’ve tested by disabling Javascript in my browser and it still redirects to this false site.

It’s going on two hours since I’ve notified Dreamhost and I’m hoping they come up with something. Thanks for all the suggestions.


#9

Looks like your site’s been hacked. Russian-based site. Time to scour your code. If you’re using a third-party software package, see if they have updates or patches. If you don’t plug the security hole, it’ll get compromised again.

Heck, plug the hole and then restore from backups since there’s no telling what else has happened to your site.

-Scott


#10

The index page of your site shows a redirect. Check for the existence of a .htaccess file.

-Scott


#11

Also check to see if you have a PHP include() or require() directive that has been hacked. Disable FTP access to your account and use SFTP with WinSCP (or similar) instead. Report the incident to abuse@dreamhost.com to make sure the right people are seeing it.

si-blog
Max discount on any plan with promocode SCJESSEYTOTAL


#12

Thanks. I have checked your suggestions and the htaccess suggestion and I find nothing in my files. I host 13 web sites with DH and all are being redirected to this one false URL.

Will let you all know when it’s figured out.


#13

So far it sounds like the server configuration has been compromised instead of your account.

However in the DreamHost Web Panel have you checked the Domans -> Manage Domans to make sure the domains on your account have not be set to “Redirected” instead of “Fully Hosted” ?

If they are still “Fully Hosted” I would suggest changing them to “Parked” or otherwise to force DreamHost to update the server configuration.

Also when checking for .htaccess file files make sure your client can view hidden files and also don’t forget Apache looks for them starting at the root. In otherwords, is there an /.htaccess or /home/.htaccess or /home/.glob/.htaccess or /home/.glob/username/.htaccess ? It is not enough to just check for /home/.glob/username/domain/.htaccess

:cool: openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7


#14

Thank you. Yes, I have been into the web panel and I’m still fully hosted. I’ve looked as far into the root as I can and I see no .htaccess file. I’m getting past my knowledge here - not sure if that answers your suggestion.


#15

Out of curiosity, how about looking at the logs for your domain? They’re in your home/Logs/DOMAIN/httpd directory.

-Scott


#16

Thanks - have looked at the logs from one of the sites being redirected, and I see nothing unusual in them, although I confess I don’t know what they normally look like.

I have parked one site, and got the Parked page. I am going to change it back to fully hosted and see what happens next.


#17

That would make it sound like it’s either an .htaccess file or some other redirect code.

How did you look for the .htaccess file? Some FTP clients might need a preference set to view hidden files.

Does it only happen with the index file? Try accessing something else, like an image, to see if that redirects.

If everything redirects, I’m guessing .htaccess. If you can’t figure out your FTP program’s settings, you should be able to see an .htaccess file with webftp.dreamhost.com


:stuck_out_tongue: Maximum savings promo code: MaxSavingsAtDH


#18

Everything is redirecting - image url, and files inside the site other than the index file. I’ve used the Web panel ftp to look into the root and site files and I can’t find an .htacess file.


#19

Any chance it’s DNS poisoning?

Wholly - Use promo code WhollyMindless for full 97$ credit. Let me know if you want something else!


#20

Found the problem - there was indeed an .htaccess file slipped into all my domains with the redirect. I have deleted them all, changed my web panel password, and my ftp passwords.

Is there anyway to stop this from happening again?
How can someone slip in an .htaccess file to someone else’s account?