Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Website Vulnerability

Website Vulnerability

roshan91roshan91 Member
edited October 12 in Help

Hello everyone,

I have a forum based on IPS 4 and few days ago I found out someone is using a url like this to redirect users away from my forum. Here is how the URL looks like.

https://mywebsite.com/index is not found at this server! Server is currently on maintanance. ______________________________________________________________________________________________________________________________________________________________________________________________________________ ______________________________________________________________________________________________________________________________________________________________________________________________________________ Please visit at.http://dangerouswebsite.com for latest updates. ______________________________________________________________________________________________________________________________________________________________________________________________________________ ______________________________________________________________________________________________________________________________________________________________________________________________________________ Changes are in progress

I tried to find a way to fix this everywhere but i couldn't seem to find it. can someone please tell me how can i get this fixed?

Sorry for my bad English, Thanks in advance!

Comments

  • cubedatacubedata Member, Provider

    @roshan91 said: Hello everyone,

    try submitting it to ips as they will be willing to help you if you have a license from them if you are running nulled software then no one will have pity on you sorry.

    Check out all of our custom modules here: https://cubedata.net for both blesta & whmcs. We also have vps services on our website as well.

  • have you has a look at the .htaccess ?

  • oneilonlineoneilonline Member, Provider

    I would think a redirect would occur at the forum level. htacces? Hard to say without knowing more about your setup, is it on a web host, VPS, cpanel, apache, etc.

  • @cubedata said:

    @roshan91 said: Hello everyone,

    try submitting it to ips as they will be willing to help you if you have a license from them if you are running nulled software then no one will have pity on you sorry.

    im already working with them but it looks like its not going anywhere. looks like this is something wrong with my server setup, not IP Suite.

    I'm using a dedicated server with VestaCP

  • @oneilonline said: I would think a redirect would occur at the forum level. htacces? Hard to say without knowing more about your setup, is it on a web host, VPS, cpanel, apache, etc.

    Hello,

    It's vestacp. nginx and apache as backend. .htaccess looks ok

  • Never used IPS so not sure of its setup but how about grep'ing through the IPS files to see if you can find the other website domain, failing that search through the database searching for the same string. That way you will at least know if its databases, core code (plugins?) or to look elsewhere.

    Just a starting point though.

  • It's not an url but a page where this is shown, right?

    If so could be a modification of your local index.php - did you check that?

    I'd be you I'd install a clean os on your VPS and reinstall your site from a recent (but before the problem of course) backup.

  • There is a good chance that it is something related to .htaccess, for all non-existing file and directories you can redirect them to index.php?

  • You don't use Wordpress, but this is still interesting to read:

    https://blog.sucuri.net/2016/05/wordpress-redirect-hack-test0-default7.html

  • Maybe a dumb question but are you sure it's your web site and not your registrar that's been hacked? E.g. has someone changed your DNS?

    My Advice: VPS Advice

    For LET support, please click here.

  • eva2000eva2000 Member
    edited October 13

    roshan91 said: I'm using a dedicated server with VestaCP

    What linux distro and version ? If you're using CentOS 7 and VestaCP installed Apache, you might have some security related bugs as when I checked around 9 months ago (first and only time i touched VestaCP for a client) their Apache version was built over 30+9 = 39 months ago in 2014 and hasn't been updated since. My initial findings at https://community.centminmod.com/threads/vestacp-ouch-no-http-2-and-outdated-apache.10114/

    If on CentOS 7 with VestaCP you can check your apache version's built date via command - if it reports 2014 date, then you're way out of date

    httpd -V
    

    check if VestaCP installed apache from their own outdated repo or via official CentOS yum repo via command

    yum list installed httpd
    

    check apache RPM's change log history first 20 entries where most recent update is at top

    rpm -qa --changelog httpd | head -n 20
    

    Compare that to official apache change log at http://www.apache.org/dist/httpd/CHANGES_2.4

    You can also double check if it's .htaccess file related by changing your AllowOverride value to none in global httpd.conf the setting and restarting apache

    AllowOverride none 
    

    to disable all .htaccess usage temporarily - this will break all .htaccess file usage server wide so only do this to quickly confirm if it resolves your rogue redirect issue and then revert it back to original value to re-enable .htaccess file functionality

    AllowOverride All
    

    Inspect every .htaccess files' contents i.e. in /home list and save contents of all .htaccess files using commands at https://gist.github.com/centminmod/5dea240a89be29968239752b3eaa7802

    * Centmin Mod Project (HTTP/2 support + ngx_pagespeed + Nginx Lua + Vhost Stats)
    * Centmin Mod Nginx Letsencrypt SSL Integration (soon)
Sign In or Register to comment.