n the >link. If you hover the link, your browser shows the correct site. When you >click the link, however, you get sent to the scam site. If you t ype the >correct site into the address bar this does not happen, proving th e >corruption is on the search engine.
ure you are not at a spoof.
e?
I'm not sure this is anyone "grabbing" your link rather than a means of gen erating revenue by selling your search list placement. I have seen this pl enty of times though and it bugs me. I have not seen any sign it is being used to cause problems.
on the >link. If you hover the link, your browser shows the correct site. When you >click the link, however, you get sent to the scam site. If you type the >correct site into the address bar this does not happen, proving the >corruption is on the search engine.
ssure you are not at a spoof.
ure?
enerating revenue by selling your search list placement. I have seen this plenty of times though and it bugs me. I have not seen any sign it is bein g used to cause problems.
I guess I posted too soon. Looks like Martin figured it out.
You could copy and paste it from a trusted local text file I suppose.
You can't trust search engine results to take you where they claim at the moment although things will improve when more sites upgrade their security. Bigger sites should be OK since they have support people making sure things are properly secure against the latest hacks.
One problem is that consumer website services have allowed everyone and their dog to have a website but not provided basic security for them!
A guy called Mark figured it out this morning I merely acted on his advice and have relayed what he told me.
--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC / Hobbs ElectroOptics
Optics, Electro-optics, Photonics, Analog Electronics
Briarcliff Manor NY 10510
http://electrooptical.net
http://hobbs-eo.com
Well, no, it depends how you arrive on their home page. If I come from the google handbag search you end up in China. If I go straight to ther page, or from a search for bouncy castles I get their home page.
coming from the handbag search I get a HTTP redirect instead of their home page. I haven't figured how they are doing it.
I have although it helps to have access to a site that is affected. There is malware on the site that intercepts references to the site and looks to see if the referrer was a major search engine and if so it rewrites the URL with a temporary redirect. If you open the google link into a new window you get just enough delay time to see the geniune URL being trashed by the script running on the webhosting platform.
The Cromore Castles site is curious because it does not show as having detectable malware using online diagnostics whereas the others do.
If you appear to get the site if you input:
root_URL/index.php
Or get a script timeout then there is a good chance that the site has been compromised. There is clearly a javascript equivalent that is harder to detect since one infected site which came out clear was using javascript only. PHP 5.2 appears to be the common factor for the others.
A vulnerability in PHP 5.2 where it is apparently easily exploited. I don't know any more than I have posted beyond that 5.6 might be OK.
My tame internet wizard told me what sort of thing to look for after Telneting to the site pretending to be Google and he was spot on.
The hosting company was annoyingly unhelpful and just tried to sell me extra services to fix a problem caused by them still running PHP 5.2. I have forced an upgrade to PHP 7 now. Their attitude was your website you sort it out. Which I can do[*]. But how many bouncy castle rental companies or painters and decorators will have the necessary skills?
They seem to see letting websites get infected with malware as a business opportunity to sell services to the hapless site owners.
[*] Admittedly by calling in a favour with an old friend. My first level internet wizard was similarly baffled by the search engine symptoms but is mainly a transport protocol guy so not all that web hijack savvy.
I'm open to suggestions for ways to hobble any future PHP injection attacks since I don't actually use PHP on the site I maintain at all. I am no Unix wizard so the .htaccess file isn't very complex.
Use VirtualBox and arrange to restart from a snapshot every time, and you can do that with any OS... even Windoze. Host-only networking means it's unlikely to get corrupted anyhow. User documents get saved on the host machine, of course.
I just moved my machines from VMWare Fusion to VirtualBox, with the images stored on an external SSD drive, so I can run them on any computer with USB and VirtualBox. No noticable slow-down, and it only takes ten seconds to plug and wake.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.