Spammy 301 redirections + .php spam

Epicster

Epicster

Power Member
Joined
Jan 2, 2012
Messages
761
Reaction score
297
So, yesterday I brought a new domain, completely fresh, never registered before but today I am seeing lots of spammy 301 redirects being done on it.

With these spammy 301s, I am seeing lots of being redirected to login and brute-force attempts.

Like, spamdomain.com/wp-login.php > mydomain.com/wp-login.php

I am also seeing lots of other PHP brute force attempts which go to 404 pages. Some of them are coming from bing.com and yandex.com (Not fake ones but actual search engines)

Does anyone know how it's possible as the domain was registered yesterday and within hours I am receiving this spam or ways to get rid of them?
 
Advertise on BHW
Most likely its bots that search for domains with certain keywords, randomly, and look for vulnerable usual logins so they can enter the website before its even ready and when it still has a weak password
 
Did you check its previous history? Shouldn't be the target of this kind of spam if brand new.
 
Setup a nice firewall on your domain like cloudflare or etc, they block must of BOT requests spam.
Its more secure for your host and for your domain content
 
This is normal my friend, as soon as you are online you'll be found by some bot at some point. Just make sure your website is secure.
 
edit your login url to random one?

maybe if domain is indeed new then someone has access to your domain register and can see all new domains so attacking everything
 
bartosimpsonio said:
Did you check its previous history? Shouldn't be the target of this kind of spam if brand new.
Click to expand...
Yes, I checked everything, it's a brand new domain, registered never before.

ricardo.rosa said:
Setup a nice firewall on your domain like cloudflare or etc, they block must of BOT requests spam.
Its more secure for your host and for your domain content
Click to expand...
I can block it obviously but I wanted to know why it is happening and how they are able to get the info.

cloudll said:
ofcourse he will not check, just put in ahref if spammy then you see a tons of links
Click to expand...
stop jumping to conclusions

thesuperhero said:
This is normal my friend, as soon as you are online you'll be found by some bot at some point. Just make sure your website is secure.
Click to expand...
Lol got found a few minutes after I registered the domain?

MGaLL said:
edit your login url to random one?

maybe if domain is indeed new then someone has access to your domain register and can see all new domains so attacking everything
Click to expand...
This time I went with a new domain registrar and with a completely new registered account.
 
there are public lists of newly registered domains, so even if its not indexed in google yet, people can find it.
another thing is that IP ranges are being scanned for vulnerabilities, that is another way your site could have been found.
 
itz_styx said:
there are public lists of newly registered domains, so even if its not indexed in google yet, people can find it.
another thing is that IP ranges are being scanned for vulnerabilities, that is another way your site could have been found.
Click to expand...
That's very strange as I am seeing over 1.5k pings to /xmlrpc.php and over 100 wp-login.php attempts
 
Epicster said:
Does anyone know how it's possible as the domain was registered yesterday and within hours I am receiving this spam or ways to get rid of them?
Click to expand...

They have access to zone files, and crawl the new domains. The same does Google, Ahrefs, nothing new.
 
TomTheCat said:
They have access to zone files, and crawl the new domains. The same does Google, Ahrefs, nothing new.
Click to expand...
I do believe it has something to do with Cloudflare, by the way, do you know why Bing and Yandex crawl non-existent 404 PHP pages?
 
Epicster said:
I do believe it has something to do with Cloudflare, by the way, do you know why Bing and Yandex crawl non-existent 404 PHP pages?
Click to expand...

It was an expired domain then, or misspelled backlinks. There are people that link to non-existent domains by mistake.
 
TomTheCat said:
It was an expired domain then, or misspelled backlinks. There are people that link to non-existent domains by mistake.
Click to expand...
Nope, I did make sure nothing that happens, It is a completely brand new domain, registered the first time with no history whatsoever.
 
Epicster said:
Nope, I did make sure nothing that happens, It is a completely brand new domain, registered the first time with no history whatsoever.
Click to expand...

Setup a catch-all mail on that domain and check in a few days if any emails are coming in. If they come, the domain isn't brand new. And, FYI there are a lot of domains that aren't on any public datasets or tools that are registered or were registered in the past. If is a com/net/org/info, have you checked it on https://research.domaintools.com/research/whois-history/ ?
 
Epicster said:
So, yesterday I brought a new domain, completely fresh, never registered before but today I am seeing lots of spammy 301 redirects being done on it.

With these spammy 301s, I am seeing lots of being redirected to login and brute-force attempts.

Like, spamdomain.com/wp-login.php > mydomain.com/wp-login.php

I am also seeing lots of other PHP brute force attempts which go to 404 pages. Some of them are coming from bing.com and yandex.com (Not fake ones but actual search engines)

Does anyone know how it's possible as the domain was registered yesterday and within hours I am receiving this spam or ways to get rid of them?
Click to expand...
your server was probably hacked if those .php pages have content and aren't 404 errors
 
TomTheCat said:
Setup a catch-all mail on that domain and check in a few days if any emails are coming in. If they come, the domain isn't brand new. And, FYI there are a lot of domains that aren't on any public datasets or tools that are registered or were registered in the past. If is a com/net/org/info, have you checked it on https://research.domaintools.com/research/whois-history/ ?
Click to expand...
I am really not that noob, I can assure you, I checked everything from buying it, it is a very unique domain with no history whatsoever.

I checked ahrefs, semrush, archive.org, similarweb, multiple domain registrars, whois and everything.

LuckyGamble said:
your server was probably hacked if those .php pages have content and aren't 404 errors
Click to expand...
LOL, it's not. I registered the domain 48 hours back with another registrar, the domain has no history and is registered the first time.

Regarding the server, It was first installed and all of a sudden when I put that into Cloudflare, I saw tons of wp-login and PHP spam. I am also seeing 301 redirects from spam domains like 343794.com etc

IDK how its happening.
 
Epicster said:
I checked ahrefs, semrush, archive.org, similarweb, multiple domain registrars, whois and everything.
Click to expand...

Ahrefs has only 215 million domains. I have a database with over 1 billion. If you think is related to Cloudflare, just buy another random domain ifsd7c6t337637c32 and replicate what you did and see if still happens.
 
TomTheCat said:
Ahrefs has only 215 million domains. I have a database with over 1 billion. If you think is related to Cloudflare, just buy another random domain ifsd7c6t337637c32 and replicate what you did and see if still happens.
Click to expand...
I'll try this one
 
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Web Design Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top