New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Website Vulnerability
Hello everyone,
I have a forum based on IPS 4 and few days ago I found out someone is using a url like this to redirect users away from my forum. Here is how the URL looks like.
https://mywebsite.com/index is not found at this server! Server is currently on maintanance. ______________________________________________________________________________________________________________________________________________________________________________________________________________ ______________________________________________________________________________________________________________________________________________________________________________________________________________ Please visit at.http://dangerouswebsite.com for latest updates. ______________________________________________________________________________________________________________________________________________________________________________________________________________ ______________________________________________________________________________________________________________________________________________________________________________________________________________ Changes are in progress
I tried to find a way to fix this everywhere but i couldn't seem to find it. can someone please tell me how can i get this fixed?
Sorry for my bad English, Thanks in advance!
Comments
try submitting it to ips as they will be willing to help you if you have a license from them if you are running nulled software then no one will have pity on you sorry.
have you has a look at the .htaccess ?
I would think a redirect would occur at the forum level. htacces? Hard to say without knowing more about your setup, is it on a web host, VPS, cpanel, apache, etc.
im already working with them but it looks like its not going anywhere. looks like this is something wrong with my server setup, not IP Suite.
I'm using a dedicated server with VestaCP
Hello,
It's vestacp. nginx and apache as backend. .htaccess looks ok
Never used IPS so not sure of its setup but how about grep'ing through the IPS files to see if you can find the other website domain, failing that search through the database searching for the same string. That way you will at least know if its databases, core code (plugins?) or to look elsewhere.
Just a starting point though.
It's not an url but a page where this is shown, right?
If so could be a modification of your local index.php - did you check that?
I'd be you I'd install a clean os on your VPS and reinstall your site from a recent (but before the problem of course) backup.
There is a good chance that it is something related to .htaccess, for all non-existing file and directories you can redirect them to index.php?
You don't use Wordpress, but this is still interesting to read:
https://blog.sucuri.net/2016/05/wordpress-redirect-hack-test0-default7.html
Maybe a dumb question but are you sure it's your web site and not your registrar that's been hacked? E.g. has someone changed your DNS?
What linux distro and version ? If you're using CentOS 7 and VestaCP installed Apache, you might have some security related bugs as when I checked around 9 months ago (first and only time i touched VestaCP for a client) their Apache version was built over 30+9 = 39 months ago in 2014 and hasn't been updated since. My initial findings at https://community.centminmod.com/threads/vestacp-ouch-no-http-2-and-outdated-apache.10114/
If on CentOS 7 with VestaCP you can check your apache version's built date via command - if it reports 2014 date, then you're way out of date
check if VestaCP installed apache from their own outdated repo or via official CentOS yum repo via command
check apache RPM's change log history first 20 entries where most recent update is at top
Compare that to official apache change log at http://www.apache.org/dist/httpd/CHANGES_2.4
You can also double check if it's .htaccess file related by changing your AllowOverride value to none in global httpd.conf the setting and restarting apache
to disable all .htaccess usage temporarily - this will break all .htaccess file usage server wide so only do this to quickly confirm if it resolves your rogue redirect issue and then revert it back to original value to re-enable .htaccess file functionality
Inspect every .htaccess files' contents i.e. in /home list and save contents of all .htaccess files using commands at https://gist.github.com/centminmod/5dea240a89be29968239752b3eaa7802