0

When I type my web site's name in Google search, I see in the pages under the main URL are scam pages:

Screenchot google search ingo network

If I click the page, it goes to an ad page that I did not create:

Phishing page

If I refresh the page, I'm still on the phishing page.

However, if I copy/paste the URL from the phishing page to a new tab, it brings me to the normal page.

Normal page when access through URL

Tested with Google Chrome.

What can be the mechanism behind this attack?

syldor
  • 771
  • 1
  • 5
  • 8
  • 2
    @syldor Someone hacked your site and is hosting their own content. As Matthew says, they check the header to see if you are coming from Google or directly as a way of hiding from you, the site owner. – schroeder Jul 07 '17 at 10:13
  • The link given is obviously a very valuable ressource, but I was still hoping to get the question open to understand more about my specific case, as your comments are already explaining some of it. – syldor Jul 07 '17 at 10:16
  • 1
    @syldor Unfortunately, there are so many potential ways that an attacker would be able gain access to your server, it would take a dedicated forensic examination to find out which they had used. For example, they might have compromised a .htaccess file via FTP, or added JavaScript to your pages via a weak admin password, or found a flaw in another site hosted on the same server and edited files via SSH. It would even be possible for them to have tricked you into using malicious software to connect to the server. Finding out which they actually did isn't possible without a lot of work, usually. – Matthew Jul 07 '17 at 10:38
  • We can explain why you get one site by clicking a Google link but another site if you navigate directly, but unfortunately, we can't offer any more than that. You've been hacked. Wipe the server, restore from trusted backups, patch, and closely monitor. – schroeder Jul 07 '17 at 12:21

0 Answers0