1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My website has malicious code (huge traffic coming in) - Please help!

Discussion in 'White Hat SEO' started by segitard, Mar 10, 2015.

  1. segitard

    segitard Registered Member

    Joined:
    Oct 21, 2013
    Messages:
    97
    Likes Received:
    23
    Hello BHW community,

    I have been seeing huge traffic coming in from a particular site - http://ads.acesse.com/surf/surf_top.php for a few months now.

    When I clicked into the website, it seems to be like advertising website where people get paid for viewing websites for certain period of time.

    Is this a malicious code in my website? How can I block traffic from this website permanently?

    Please help! Thank you so much!

    [​IMG]
    [​IMG]
     
  2. Nut-Nights

    Nut-Nights Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2013
    Messages:
    5,035
    Likes Received:
    3,206
    Location:
    Hell
    Home Page:
    May be some noob put your website in their site for ddos attack :D There is no malicious code in your website according to me. Just send email to that website admin about this issue.
     
    • Thanks Thanks x 1
  3. segitard

    segitard Registered Member

    Joined:
    Oct 21, 2013
    Messages:
    97
    Likes Received:
    23
    Thank you for the help, buddy. How can I make sure these traffic stop coming in?
     
  4. sergey007

    sergey007 Jr. VIP Jr. VIP

    Joined:
    Nov 13, 2014
    Messages:
    870
    Likes Received:
    327
    Location:
    pbn.rocks
    You can use .htacess to block the traffic from the website.
     
    • Thanks Thanks x 1
  5. nonai

    nonai Power Member

    Joined:
    Oct 10, 2013
    Messages:
    524
    Likes Received:
    64
    google "block referral spam htaccess"
     
    • Thanks Thanks x 1
  6. mailicreate

    mailicreate Junior Member

    Joined:
    Jan 17, 2015
    Messages:
    128
    Likes Received:
    28
    Code:
    <?php
    $referer = $_server['HTTP_REFERER']; 
    if ($referer == '[URL="http://ads.acesse.com/surf/surf_top.php"]http://ads.acesse.com/[/URL]') 
    window.location = "http://yourdomain/404page_not_found.php";
    endif;
    ?>
    
    Im a C# developer so there may be a small syntax error somewhere, but this is the php logic to do a redirect from a particular referer.

    **Make sure this code is in all your pages EXCEPT 404page_not_found.php.Or simply redirect to google.com.


    EDIT:
    Worth to check why is traffic coming from that website.
    May be a spelling error on the domain url (Pity the guy who bought the traffic).

     
    • Thanks Thanks x 1
    Last edited: Mar 10, 2015
  7. Apricot

    Apricot Administrator Staff Member

    Joined:
    Mar 26, 2013
    Messages:
    12,555
    Likes Received:
    7,975
    Gender:
    Female
    Occupation:
    BHW Moderator
    Location:
    the clacks
    Home Page:
    • Thanks Thanks x 1
  8. segitard

    segitard Registered Member

    Joined:
    Oct 21, 2013
    Messages:
    97
    Likes Received:
    23
    Thank you guys! So I've found this code:

    RewriteCond %{HTTP_REFERER} sitetoblock\.com [NC]
    RewriteRule .* - [F,L]

    The referrer website is http://ads.acesse.com/surf/surf_top.php

    So, is this correct?

    RewriteCond %{HTTP_REFERER} ads.acesse\.com [NC]
    RewriteRule .* - [F,L]


    OR

    RewriteCond %{HTTP_REFERER} acesse\.com [NC]
    RewriteRule .* - [F,L]

    OR

    RewriteCond %{HTTP_REFERER} acesse\.com/surf/surf_top.php[NC]
    RewriteRule .* - [F,L]
     
  9. segitard

    segitard Registered Member

    Joined:
    Oct 21, 2013
    Messages:
    97
    Likes Received:
    23
  10. mailicreate

    mailicreate Junior Member

    Joined:
    Jan 17, 2015
    Messages:
    128
    Likes Received:
    28
    do a rewrite with acesse\.com as this is the top level domain and it will also block other domains.

    Looks like the website has several subdomains; each hosted on 1 ip. Do a rewrite for all the given IP's
     
    • Thanks Thanks x 1
    Last edited: Mar 10, 2015
  11. segitard

    segitard Registered Member

    Joined:
    Oct 21, 2013
    Messages:
    97
    Likes Received:
    23
    Okay, so I've added this into my .htaccess. Is this correct?

    ## SITE REFERRER BANNING
    RewriteCond %{HTTP_REFERER} acesse\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} ads.acesse\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} ads.acesse\.com/surf/surf_top.php [NC]
    RewriteRule .* - [F]
     
  12. segitard

    segitard Registered Member

    Joined:
    Oct 21, 2013
    Messages:
    97
    Likes Received:
    23
    Okay, I've tried multiple times and I get different ip addresses each time.

    54.225.193.5
    50.17.254.245
    107.21.241.109
    54.204.38.53
    54.225.140.42
     
  13. mailicreate

    mailicreate Junior Member

    Joined:
    Jan 17, 2015
    Messages:
    128
    Likes Received:
    28
    Try this to wildcard and block domains, subdomains etc.
    Code:
    RewriteEngine on 
    RewriteCond%{HTTP_REFERER}^http://([^.]+\.)*[FONT=Verdana]acesse[/FONT]\.com [NC]
    RewriteRule(.*) http://www.[FONT=Verdana]acesse[/FONT].com [R=301,L]
    
     
  14. segitard

    segitard Registered Member

    Joined:
    Oct 21, 2013
    Messages:
    97
    Likes Received:
    23
    That code brought my website to Hostgator 404 right away though.
     
  15. mailicreate

    mailicreate Junior Member

    Joined:
    Jan 17, 2015
    Messages:
    128
    Likes Received:
    28
    BTW why don't you utilize that traffic?
     
  16. segitard

    segitard Registered Member

    Joined:
    Oct 21, 2013
    Messages:
    97
    Likes Received:
    23
    How can I utilize the traffic? They are all spammy views from people who view sites for 5 seconds and click next. My site is a service based business in my country. There are no ads or whatsoever. I just think it's harmful for my website.
     
  17. mailicreate

    mailicreate Junior Member

    Joined:
    Jan 17, 2015
    Messages:
    128
    Likes Received:
    28
    Try the php redirect instead. Or Ask Hostgator to block that traffic somewhere in their apache config.
     
  18. mailicreate

    mailicreate Junior Member

    Joined:
    Jan 17, 2015
    Messages:
    128
    Likes Received:
    28
    "Click here to get 0.50 cents or 10 points" and you have huge CTR on that traffic.. Did something like that with Addmefast traffic. Got them clicking all over my bitvertiser, adsense and PPI pages. Hehehe ;)
     
  19. blacktrilby

    blacktrilby Power Member

    Joined:
    Dec 9, 2008
    Messages:
    525
    Likes Received:
    397
    Occupation:
    Webmaster
    Location:
    Matt Cutts Underwear
    Would be fun to redirect it back to them :)