Portal Home > Knowledgebase > Articles Database > All Subdomains Redirected to MalWare Sites
All Subdomains Redirected to MalWare Sites
| Posted by geekie246, 09-01-2008, 08:51 PM |
| It seems that a host that I am using has their server compromised.
Any subdomain such as abcdefg.whateverdomain.com gets redirected to random sites, regardless of the subdomain that is used.
I know that this is a hack that has occurred at the server level, but what exactly?
Any help will be appreciated.
|
| Posted by koithara, 09-01-2008, 10:48 PM |
| Check out your index.php file and see if there is something like iframe , script etc These will be injected by the hackers at the very bottom of your index.php / index,html file...
|
| Posted by lamerfreak, 09-01-2008, 11:04 PM |
| Sure it's the host and not DNS provider/etc doing that?
|
| Posted by koithara, 09-01-2008, 11:47 PM |
| In most of the cases these can be at the host end, and not dns end...
|
| Posted by plumsauce, 09-02-2008, 01:28 AM |
| To take the guess work out of it, do a dns lookup against some bogus subdomains and see what gets returned.
If all is normal, then go looking on the website.
Um, just looked for unjunked.iwanted.ca, no record found.
So, go look on your website.
|
| Posted by geekie246, 09-02-2008, 11:01 AM |
| That's not the site or the host in question.
Plus, it isn't just a single website, it is affecting everything that is hosted on my certain reseller account, and everything that others have on the site as well.
It's NOT dns, thus it has to be something at the server level that is redirecting the URLs.
|
| Posted by lamerfreak, 09-02-2008, 11:03 AM |
| Site/domain/redirect example?
For it to redirect any arbitrary subdomain, it means there's already a wildcard DNS record in place, so is this intentional?
|
| Posted by Gary Brahmi, 09-02-2008, 12:22 PM |
| I believe this is something to do with the httpd.conf. Maybe a wildcard entry or the Redirect being put in place.
Check the httpd.conf once or have your host verify the file for you.
|
| Posted by koithara, 09-02-2008, 10:01 PM |
| Has the issue been fixed?? if yes, what was the issue?
if not , did you check up your index pages???
Just curious to know what the issue is...
|
| Posted by plumsauce, 09-02-2008, 10:10 PM |
| The check was just an afterthought because my command console was open at the time. The domain used was a shot in the dark based upon the only information available at the time.
You can still check the dns for yourself.
|
Add to Favourites 
Print this Article
Also Read
