Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Website Vulnerability
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Website Vulnerability

roshan91roshan91 Member
edited October 2017 in Help

Hello everyone,

I have a forum based on IPS 4 and few days ago I found out someone is using a url like this to redirect users away from my forum. Here is how the URL looks like.

https://mywebsite.com/index is not found at this server! Server is currently on maintanance. ______________________________________________________________________________________________________________________________________________________________________________________________________________ ______________________________________________________________________________________________________________________________________________________________________________________________________________ Please visit at.http://dangerouswebsite.com for latest updates. ______________________________________________________________________________________________________________________________________________________________________________________________________________ ______________________________________________________________________________________________________________________________________________________________________________________________________________ Changes are in progress

I tried to find a way to fix this everywhere but i couldn't seem to find it. can someone please tell me how can i get this fixed?

Sorry for my bad English, Thanks in advance!

Comments

  • cubedatacubedata Member, Patron Provider

    @roshan91 said:
    Hello everyone,

    try submitting it to ips as they will be willing to help you if you have a license from them if you are running nulled software then no one will have pity on you sorry.

  • have you has a look at the .htaccess ?

  • oneilonlineoneilonline Member, Host Rep

    I would think a redirect would occur at the forum level. htacces? Hard to say without knowing more about your setup, is it on a web host, VPS, cpanel, apache, etc.

  • @cubedata said:

    @roshan91 said:
    Hello everyone,

    try submitting it to ips as they will be willing to help you if you have a license from them if you are running nulled software then no one will have pity on you sorry.

    im already working with them but it looks like its not going anywhere. looks like this is something wrong with my server setup, not IP Suite.

    I'm using a dedicated server with VestaCP

  • @oneilonline said:
    I would think a redirect would occur at the forum level. htacces? Hard to say without knowing more about your setup, is it on a web host, VPS, cpanel, apache, etc.

    Hello,

    It's vestacp. nginx and apache as backend. .htaccess looks ok

  • Never used IPS so not sure of its setup but how about grep'ing through the IPS files to see if you can find the other website domain, failing that search through the database searching for the same string. That way you will at least know if its databases, core code (plugins?) or to look elsewhere.

    Just a starting point though.

  • It's not an url but a page where this is shown, right?

    If so could be a modification of your local index.php - did you check that?

    I'd be you I'd install a clean os on your VPS and reinstall your site from a recent (but before the problem of course) backup.

  • There is a good chance that it is something related to .htaccess, for all non-existing file and directories you can redirect them to index.php?

  • You don't use Wordpress, but this is still interesting to read:

    https://blog.sucuri.net/2016/05/wordpress-redirect-hack-test0-default7.html

  • raindog308raindog308 Administrator, Veteran

    Maybe a dumb question but are you sure it's your web site and not your registrar that's been hacked? E.g. has someone changed your DNS?

  • eva2000eva2000 Veteran
    edited October 2017

    roshan91 said: I'm using a dedicated server with VestaCP

    What linux distro and version ? If you're using CentOS 7 and VestaCP installed Apache, you might have some security related bugs as when I checked around 9 months ago (first and only time i touched VestaCP for a client) their Apache version was built over 30+9 = 39 months ago in 2014 and hasn't been updated since. My initial findings at https://community.centminmod.com/threads/vestacp-ouch-no-http-2-and-outdated-apache.10114/

    If on CentOS 7 with VestaCP you can check your apache version's built date via command - if it reports 2014 date, then you're way out of date

    httpd -V
    

    check if VestaCP installed apache from their own outdated repo or via official CentOS yum repo via command

    yum list installed httpd
    

    check apache RPM's change log history first 20 entries where most recent update is at top

    rpm -qa --changelog httpd | head -n 20
    

    Compare that to official apache change log at http://www.apache.org/dist/httpd/CHANGES_2.4

    You can also double check if it's .htaccess file related by changing your AllowOverride value to none in global httpd.conf the setting and restarting apache

    AllowOverride none 
    

    to disable all .htaccess usage temporarily - this will break all .htaccess file usage server wide so only do this to quickly confirm if it resolves your rogue redirect issue and then revert it back to original value to re-enable .htaccess file functionality

    AllowOverride All
    

    Inspect every .htaccess files' contents i.e. in /home list and save contents of all .htaccess files using commands at https://gist.github.com/centminmod/5dea240a89be29968239752b3eaa7802

Sign In or Register to comment.