The site has been hacked and is being redirected. In which direction to dig?

P

p4p2014-11-10 23:36:55

PHP

p4p, 2014-11-10 23:36:55

When the page is opened, if pop-up windows are allowed, a transition (redirect) to an external site (more precisely, sites) is performed.
There is no frame in the html code.

Reply

Answer the question

In order to leave comments, you need to log in

7 answer(s)

V

Vladimir Mironov, 2014-11-10
@Siseod

Maybe in .htaccess file

E

Evgeniy Samoilenko, 2014-11-10
@samoilenkoevgeniy

Revert to the last good backup

E

Elena, 2014-11-10
@Nidora

Robots, revise site code for other links.

P

p4p, 2014-11-10
@p4p

The thing is that the site on joomla was not made by me, they asked for help. I'm not familiar with joomla at all. Checking all the php files that are connected in one way or another is a disastrous business.

H

HeBonpoc, 2014-11-11
@HeBonpoc

Search all files:
this is a search for the occurrence of badsite.ru in all .php files

N

Nazar Mokrinsky, 2014-11-11
@nazarpc

Go to the root of the site on the server via SSH:
Edit the file, look for a vulnerability.

A

Alexey Gerasimenko, 2014-11-11
@Pipidzumi

As an option: roll back to the latest working version, then check the site for vulnerabilities in one of the following ways: hdderror.ru/uyazvimosti/proverka-sajta-na-uyazvimo... and then close the vulnerability.