Welcome to WebmasterWorld Guest from 23.20.82.60

Forum Moderators: Robert Charlton & aakk9999 & andy langton & goodroi

Message Too Old, No Replies

Google search clicks are hijacked - What should I do?

     
2:00 pm on Jul 14, 2011 (gmt 0)

Preferred Member

10+ Year Member

joined:June 5, 2006
posts:352
votes: 0


When I click on the Google listing for my website, the website is redirecting to another website (looks like a spam domain with no hits in Google) with a blank page. Search results in Yahoo and Bing are working just fine.

I spoke to GoDaddy, our hosting company, and they say that the problem is Google and not them.

Please help. What is next for me?
2:32 pm on July 14, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 8, 2003
posts:1141
votes: 0


Have you tried on another computer? Sounds more like a virus like the "Google redirect virus" on your computer to me and not like a problem with your server or with Google.
2:50 pm on July 14, 2011 (gmt 0)

Preferred Member

10+ Year Member

joined:June 5, 2006
posts:352
votes: 0


Jecasc, that is the problem most often encountered and almost all web search results talk about getting rid of malware on your own computer, but I asked a few friends of mine and it was clearly a domain redirect.

For someone in my situation where your own domain is redirecting to another domain, one area to check is the .htaccess file that was infected last night by a spammer. I have the most difficult to guess ftp password but it was still rewritten and that is what was causing the redirect.

I was able to restore the .htaccess file to its previous version and all is now well.
3:00 pm on July 14, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member jimbeetle is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 26, 2002
posts:3295
votes: 6


I have the most difficult to guess ftp password

But with a keylogger there's no need to guess. I'd still be sure to scrub the local machine just to be on the safe side.
4:34 pm on July 14, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


Check your DNS setup for issues that might lead to DNS Cache Poisoning [webmasterworld.com].

Also, follow what is happening after a click every step of the way - every browser request and server response. You can use something like Firefox add-on, "Live HTTP Headers".
4:41 pm on July 14, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 8, 2003
posts:1141
votes: 0


I have the most difficult to guess ftp password


Do you use filezilla as FTP program? It stores the passwords in plain text. There was a discussion about this problem not long ago:

[webmasterworld.com...]
4:46 pm on July 14, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Mar 9, 2010
posts:1806
votes: 9


If .htaccess is the problem you would have the issue on Bing too. Was the redirect coded only for google search referrers? If not, you might not have solved the issue yet.

I would suggest you to immediately limit FTP and SSH access to your own IP.
6:55 pm on July 14, 2011 (gmt 0)

Preferred Member

10+ Year Member

joined:June 5, 2006
posts:352
votes: 0


Thank you all. I checked my machine and it is not the problem. I need to educate myself on DNS cache issue or else I will hire a pro. I do not use Filezilla but use FrontPage, which is getting obsolete and I must change to something else.

Well, the malware injected into the .htaccess file was interesting that it included only Google, Ask, and Excite and not Bing and Yahoo and that is what was very baffling. Due to this not only did Godaddy argue that it is not their problem even I argued that it was a Google problem (I never even visit Ask and Excite). Apparently the spam domain is based in Russia and while I initially wrote that it was redirecting to a blank page (which is weird) it was doing so only in Firefox because in Explorer it was trying to download one of those "your computer is infected so let us plant our malware" pages.
9:39 pm on July 14, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 6, 2006
posts:1158
votes: 32


Frontpage? That's been insecure for the last decade. MS finally gave up completely on it mainly because of security issues. Don't ever, ever use it again.
3:58 am on July 15, 2011 (gmt 0)

Preferred Member

5+ Year Member

joined:Nov 13, 2007
posts:607
votes: 0


I know of a competitor that has multiple sites and when you click on one of his sites from google, it redirects you to another one of his sites that has lots of ads and offer.

Pretty clever if you ask me especially with panda. Use 1 website with only unique content and no ads and have it redirect to the one where you can actually make money. A pretty simple if referrer == google trick. One would think google would be on to this by now.
5:36 am on July 15, 2011 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3332
votes: 23


I have had the paid link at the top of the page go to the wrong site quite often recently but not an organic search. PC was clean when it first occurred but maybe I should try a couple of alternative malware checks to make sure.
7:08 am on July 15, 2011 (gmt 0)

Preferred Member

10+ Year Member Top Contributors Of The Month

joined:Aug 16, 2006
posts:397
votes: 1


That dnsreport tool is not there anymore. Are there any other tools to check for open dns servers? Thx