Website suddenly redirecting to a poorly-designed sales pitch for 'man pills'? Don't panic, Dervac Technologies web developer / technical experts are here to the rescue!

Content management systems (CMS) provide an excellent way of producing websites that can be easily maintained, easily edited and worked on by a large set of developers from around the world.

 

One of the disadvantages of these CMS is that their code is publicly available, which makes it easier for the less desirable developers on the internet to find a way of trying to get into your sites code and do some even less desirable things.

 

Some common symptoms include:

 

Links to third party sites (usually related to tables for erectile disfunction…) being injected into your theme

The whole site being redirected to a third party website. These are usually landing pages for activist hacker groups

Hijacking Google search results

Hijacking click-throughs from search engines

There’s no answer to how to deal with any of these problems, but there are some general guidelines you can follow to try and track the problem down, prevent it and help with quickly dealing with it in the future. There are also some specific things you can look out for in specific CMS, but that’s a subject for another time.

 

What can I do?

First of all, stay calm. The chances are that this isn’t some kind of attack that’s targeted at you or your website directly, it’s most likely a blanket attack trying to exploit holes in the CMS or the plugins you have installed. The chances are that somebody else has already had this problem and you’ll be able to find some resources to help.

 

The key things to understand are:

 

Why your site was able to be compromised in the first place

What files have been edited or added when the site was compromised

What you need to do to get the site back to normal

What to do after you’ve cleared up issues

How to prevent the problem in the future

Why was my site compromised?

The number one cause of this issue is an out of date CMS or out of date plugins. It’s an easy trap to fall into as sites will work for some time with no problems and you can grow complacent. Don’t become complacent, pro-activity is key to keeping your site secure.

 

It’s also possible that the issue could be related to a server security issue, but if you use a reputable hosting provider, it’s fairly unlikely.

 

What files have been affected?

One of the easiest ways to do this is to use a PHP script that lists when files were last modified. You’ll have to sift through the results and ignore the valid changes such as new images, cache files and CMS and plugin upgrades (although I’d expect the latter won’t be relevant otherwise you probably wouldn’t be in this position).

 

This will help you quickly draw up a list of files that have been added recently that shouldn’t be there. Find them and delete them. Don’t be tempted to download them unless you know what you’re doing.

 

We use one here that we found some time ago but I can’t confirm who the original source of the script was. I’ve published it here too, but this isn’t my work.

 

How do I get my site back to normal?

This very much depends on what happened when the site was compromised.

 

If you have a backup that you know works and isn’t too old to be useless, use it as it’s likely to be the quickest way to get you back to normal. All reputable hosting providers will maintain backups but they tend to be server level backups and can take time to get hold of. Find a backup plugin and use it – you won’t regret it in the long run.

 

If for any reason you can’t do that or you’d like to understand more about what’s happened then you’ll need to do some more digging. Usually it’s just a case of identify the files that have changed and either deleting them or if they’re a core file (such as a theme file), remove the code that’s been injected. Usually the code that has been injected would have been added at the beginning or the end of the file.

 

Some common files that could have been edited are:

 

.htaccess file – this is the usual way of redirecting your site visitors to another website

main index.php file – this is the usual way of injecting links to third parties

Theme index.php file – this is the another way of injecting links to third parties

If you don’t feel you’re capable of dealing with it yourself, contract a third party specialist to deal with it on your behalf. There are plenty around. We’ve used Sucuri in the past and they’ve always provided excellent support.

 

What shall I do after I’ve cleaned up my site?

This is one part of dealing with a compromised site that can have a solid process to follow.

 

Update your CMS and plugins

Change all key passwords, including FTP, SFP, SSH, cPanel, database and CMS administrator logins

Scan yours and any other computers that connect to the site using FTP or through the CMS admin panel for spyware

Remove any plugins that are no longer required. The less scripts you have, the less places there are to get into your site

How can I prevent this in the future?

There are a few things you can do to help.

 

Keep your CMS and plugins up to date

Use a reputable hosting provider, especially one that regularly scans their servers for known malware and can pro-actively help

Keep your CMS and plugins up to date

And in case I didn’t mention it already…. keep your CMS and plugins up to date

 

(c) Jon Martin - BigSpring, Uk

Experience the Dervac Difference

Welcome to Dervac Technologies

DERVAC Technologies is a Computer and Information Technologies Company composed of a team full of creative, experience and versatile professionals who are solely dedicated to exceeding the client’s expectations. Dervac Technologies has been in the forefront of ICT industry since 2004 helping to provide a coordinated development of infrastructure. We have over the years focused our expertise on providing ICT Solutions ranging from networking professionals, sales and maintenance of computers systems, server installations and deployment and enterprise supports, creative design and application deployment for many different types of businesses around the globe, corporate branding, web hosting, executive training as well as allied consultancy.

Our success is made of highly professional workforce of networking experts, web design architects, programming experts, search engine optimisation gurus, and innovative graphic designers who are experts when it comes to cutting-edge web solutions. We can help you to design and setup your website to enable you to take advantage of the Internet revolution within a limited time. 

Read more...

Coorporate Latest News and Updates

Prev Next

*99.99% Uptime is only for UNIX® customers

*99.99% Uptime is only for UNIX® customers

*99.99% Uptime is only for UNIX® customers.The uptime for Windows users is 99.9%.

Read more

Professional Email Solutions

Professional Email Solutions

Enhances your professional / corporate image with our email account plan. You get the email functionality you ...

Read more

Why Choose Dervac Technologies

Why Choose Dervac Technologies

Choosing Dervac Technologies being one of the leading enabler of small business success in the highly competit...

Read more

Helping you start, grow, and manage ....

Helping you start, grow, and manage ....

Helping you start, grow, and manage your business online. For nearly over a decade, we've helped people succee...

Read more

How to Deal with ‘Hacked’ CMS Websites

How to Deal with ‘Hacked’ CMS Websites

Website suddenly redirecting to a poorly-designed sales pitch for 'man pills'? Don't panic, Dervac Technologie...

Read more

Our Web Development Technologies

  • 1
  • 2
Joomla

Joomla

An open source content management system used for a variety of different purposes including websites, blogs and ecommerce. It’s ...

Zen Cart

Zen Cart

An open source ecommerce management system for creating online shops. There are hundreds of shopping cart programs available, bu...

Magento

Magento

The Magento eCommerce platform serves more than 110,000 merchants worldwide and is supported by a global ecosystem of solution p...

Open cart

Open cart

  OpenCart is free open source ecommerce platform for online merchants. OpenCart provides a professional and reliable foundatio...

MSSQL

MSSQL

A database system created by Microsoft and used with the .Net Framework and DotNetNuke. SQL Server is a cloud-ready information ...

MySQL

MySQL

The MySQL database has become the world’s most popular open source database because of its high performance, high reliability an...

HTML 5

HTML 5

The new version of HTML, with new features such as native video, audio and local database support. Web browsers must support thi...

.NET

.NET

A widely used software framework created by Microsoft that can be used to create desktop applications, windows mobile apps and w...

WordPress

WordPress

A content management system used by over 60 million people all around the world, it’s easy to use and open source with a large c...

PHP

PHP

A popular open source server side scripting language that is the basis of many applications including WordPress, Joomla and Drupal...

Our Footprint / Portfolio

O3 Global services Limited.jpgMerciful Assistance Foundation.pngStartrite Mayton and Company Nigeria Limited.jpgDBC ARCHITECTS.jpgElizade Toyota Nigeria Limited.pngSafamaq Nigeria Limited.pngHohingMUSLIM YOUTHS LEAGUE Agbowa-Ikosi.pngGlorious Islamic Centre.jpgSparrow Signal Limited.jpgTheManShooting Star of Islam 1942..jpg