Msg#: 3788253 posted 9:11 pm on Nov 17, 2008 (gmt 0)
I manage a site that is straight html, no php or asp, no databases, no cgi forms. The traffic fell off dramatically a few days ago and still ranks about the same in serps. I just noticed that when I search for a term in the search engines (both google and msn) and click on this site, I get a redirect and warning about my pc being infected with a virus and it shows a page with "antivirus 2008 on it and a scan bar. Now the funny thing is, it does not happen when I go directly to the site from my browsers. Just from search engines. It has only a stat tracking js and a bookmark js on the home page, no other little devices. I have looked thru the site and see nothing in it that would be causing this. How are they doing this to me? Any help would be appreciated as to what to look for. This thing is stealing all the search engine traffic.
Msg#: 3788253 posted 9:30 pm on Nov 17, 2008 (gmt 0)
A fairly-well-known Web hosting company (previously located in Kentucky, but now in Ohio?) had their servers broken-into. The .htaccess files were hacked to deliver different pages to search engines versus users.
Check your .htaccess files if you are hosted on an Apache server.
[edited by: jdMorgan at 9:30 pm (utc) on Nov. 17, 2008]
Msg#: 3788253 posted 9:53 pm on Nov 17, 2008 (gmt 0)
It has also infected two other sites that I manage and also have on the same host. just got out of live chat with support there. They are blaming me even tho I haven't opened either site since moving to a new machine that has no info about the sites access. It is in the .htaccess files. Thanks guys. I suspect we are talking about the same host there Jim.
Msg#: 3788253 posted 10:14 pm on Nov 17, 2008 (gmt 0)
If they blame you, you can chuckle at them and tell them to just fix the problem, because it's getting to the point where Webmasters don't even have to mention their name when discussing this well-known exploit -- as this thread demonstrates...
I'd add a smiley to that line, but unfortunately, this subject isn't funny.
I've got one client who hosts with them. If I see any sign of tampering with .htaccess or robots.txt files, we're out of there. There are simply too many other hosts who take server security more seriously than public relations or finger-pointing...