1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Site Hacked, and 301ed

Discussion in 'Black Hat SEO' started by blackhatbeginner2010, Mar 17, 2012.

  1. blackhatbeginner2010

    blackhatbeginner2010 Regular Member

    Joined:
    Oct 27, 2010
    Messages:
    414
    Likes Received:
    22
    Site was hacked and 301 to another site.. I delered the whole site and when its clicked on from google, its still redirecting to competetiors site..

    can anyone explain how to get this back to normal!
     
  2. orlandolongwood

    orlandolongwood Junior Member

    Joined:
    Aug 16, 2009
    Messages:
    140
    Likes Received:
    85
    Occupation:
    failed novelist
    Location:
    Austin, TX
    Did your DNS get hacked? PM me your domain.
     
  3. rco85

    rco85 Registered Member

    Joined:
    Aug 28, 2011
    Messages:
    78
    Likes Received:
    3
    If you removed the 301 redirection but they still redirect, it's seem your domain was hacked and transferred away, check whois.
     
  4. blackhatbeginner2010

    blackhatbeginner2010 Regular Member

    Joined:
    Oct 27, 2010
    Messages:
    414
    Likes Received:
    22
    When clicking the site from G, it redirects to another site.. when i navigate to it directly, it does not. so i think G has it as a permanent 301 in their system,... how can this be!
     
  5. JackSparrow

    JackSparrow Supreme Member

    Joined:
    Mar 24, 2007
    Messages:
    1,470
    Likes Received:
    2,060
    Gender:
    Male
    Occupation:
    Semi-Employed Pirate
    Location:
    The High Seas
    You may have a trojan virus on your computer that has hijacked your Google search page, that redirects to scam websites when clicking searched links in Google.

    Ask someone you trust to click on your link in Google and see if this is the case.

    If this isn't the case and you have full access to your cpanel and have deleted the 301 redirect, then it maybe you may need to wait for Google to update the cache of your website so it no longer redirects as before.

    Also checking your .htaccess file for any strange code maybe needed.
     
    • Thanks Thanks x 1
  6. stevendomz

    stevendomz Jr. VIP Jr. VIP

    Joined:
    May 25, 2011
    Messages:
    582
    Likes Received:
    53
  7. rco85

    rco85 Registered Member

    Joined:
    Aug 28, 2011
    Messages:
    78
    Likes Received:
    3
    No google dont do that, you should check whois first, do your domain still at your registrar ?
     
  8. blackhatbeginner2010

    blackhatbeginner2010 Regular Member

    Joined:
    Oct 27, 2010
    Messages:
    414
    Likes Received:
    22
    seems like what Jacksparrow said is a little right.. i restarted the computer and now everything is fine again. but I also deleted the whole public_html folder as well.. how are they doing redirects outside .htaccess now.. scary
     
  9. Statix

    Statix Junior Member

    Joined:
    Aug 31, 2010
    Messages:
    147
    Likes Received:
    44
    If it is google redirecting it rather than your htaccess you can try to put webmaster tools on it then fetch the site as googlebot from wmt then the submit to index button once it fetches. If it is google redirecting it then that may clear it. I'm really not sure if Google remembers 301s tho
     
  10. SuperLinks

    SuperLinks Elite Member

    Joined:
    Jul 14, 2008
    Messages:
    2,903
    Likes Received:
    847
    Location:
    New York
    Actually everyone in here is likely wrong, I've been through this before
    its actually a common exploit/hack that has been popular in the past
    recent months.

    Your website is STILL infected, even though you aren't experiencing anymore.

    Here's what happens, the 301 redirect only happens once or twice, then you
    won't experience it again. It will happen ONLY when a user visits your website
    from Google, thus making it hard for Webmasters to know whats happening.

    Your site has a sneaky redirect happening, I wrote a post about it around 4 or
    so months ago. Check your websites code, as it will still be visible. I found the code
    in the footer of my site, but it might vary. Sometimes the code is encrypted, other
    times its a visible php redirect. If you want give me your URL and I'll see if I can
    find it on your site.

    Again, your site is still infected, even though you think you fixed the problem.
     
  11. kazumasama

    kazumasama Newbie

    Joined:
    Mar 10, 2012
    Messages:
    28
    Likes Received:
    2
    Occupation:
    Linux Servers & Network Security Engineer
    Location:
    Michigan
    Hes prolly right on the money here. Keep your eyes peeled in your code for some iframes or blatent html redirects. They will more than likely be in the footer. Although every once in awhile I see them in headers as well.
     
  12. Statix

    Statix Junior Member

    Joined:
    Aug 31, 2010
    Messages:
    147
    Likes Received:
    44
    OP said he deleted the entire public_html folder .. how does he have a malicious file on the site if the site is deleted? That could be what happened to start the dilemma but once the site was deleted the malicious code likely was too
     
  13. acotut

    acotut Jr. VIP Jr. VIP

    Joined:
    Dec 1, 2010
    Messages:
    2,355
    Likes Received:
    1,048
    Gender:
    Male
    Home Page:
    Call the police :D
    No...

    Try to get as many informations as you can about your competitor,and then,you can either ask him for a lot of money,or hire a lawyer,and get him to get your 10-20k ;)
     
  14. kazumasama

    kazumasama Newbie

    Joined:
    Mar 10, 2012
    Messages:
    28
    Likes Received:
    2
    Occupation:
    Linux Servers & Network Security Engineer
    Location:
    Michigan
    Also, as everyone else said, check the DNS record on your server (if it's on your server anyways) they might have changed that.
     
  15. bigwhite

    bigwhite Regular Member

    Joined:
    Sep 27, 2011
    Messages:
    473
    Likes Received:
    54
    Hes right. Same thing happened to the forum of a company I work for.