|
website hack but only on google. how does this work then? |
Neil Walker
Member #210
April 2000
|
Hello, I was searching for an image on google for a picture of card decks and found a website. As soon as I visited (luckily I have firefox, noscript, etc running) it tried to download an exe, sent me to a website in russia claiming I had a virus, etc. Anyway, this is the odd thing. 1. If you visit http://www.solitairecity.com by typing in the address into Google all is well and the website runs as normal with no hacked website. 2. If you visit google and type 'solitaire city' it should be the first entry and the main link takes you to the exact same url. However, when you visit via Google search you get redirected to the hacked site. btw, this hacked site has now changed as is a non-existant russian link. Does anyone know how they've done this? I'm curious but cannot figure it out. Neil. wii:0356-1384-6687-2022, kart:3308-4806-6002. XBOX:chucklepie |
bamccaig
Member #7,536
July 2006
|
HTTP supports an HTTP_REFERER [sic] (sometimes HTTP_REFERRER) header which indicates what page on the Web linked you to the current one. That can be used by the Web server to alter the response or redirect the client. It's possible they've been hacked and the attackers only target you if you come from Google (perhaps to make the attack less visible to the site's maintainers). It's also possible the actual site is malicious. I haven't bothered to look. -- acc.js | al4anim - Allegro 4 Animation library | Allegro 5 VS/NuGet Guide | Allegro.cc Mockup | Allegro.cc <code> Tag | Allegro 4 Timer Example (w/ Semaphores) | Allegro 5 "Winpkg" (MSVC readme) | Bambot | Blog | C++ STL Container Flowchart | Castopulence Software | Check Return Values | Derail? | Is This A Discussion? Flow Chart | Filesystem Hierarchy Standard | Clean Code Talks - Global State and Singletons | How To Use Header Files | GNU/Linux (Debian, Fedora, Gentoo) | rot (rot13, rot47, rotN) | Streaming |
Neil Walker
Member #210
April 2000
|
It's a legit site. But that's a really clever way I never even thought about. I guess you've got to have the mind of a criminal to work these things out Neil. wii:0356-1384-6687-2022, kart:3308-4806-6002. XBOX:chucklepie |
Matthew Leverton
Supreme Loser
January 1999
|
Or maybe your computer is hacked, and it is altering Google search results. |
BAF
Member #2,981
December 2002
|
Bamccaig is correct. When I send a Google referer, it sends me a 301 Moved Permanently. Misconfigured server or something? $ telnet www.solitairecity.com 80 Trying 38.96.163.66... Connected to www.solitairecity.com. Escape character is '^]'. GET / HTTP/1.1 Host: www.solitairecity.com Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=solitaire+city HTTP/1.1 301 Moved Permanently Date: Mon, 18 Jan 2010 23:55:56 GMT Server: Apache/2.2.3 (Red Hat) Location: http://earth-stat.ru/ Vary: Accept-Encoding Content-Length: 316 Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://earth-stat.ru/">here</a>.</p> <hr> <address>Apache/2.2.3 (Red Hat) Server at www.solitairecity.com Port 80</address> </body></html> Same thing happens with yahoo, msn, etc as well. |
CGamesPlay
Member #2,559
July 2002
|
It may be set up that way so that the site owners don't realize that the site is hacked: they won't visit the site via a search engine. -- Ryan Patterson - <http://cgamesplay.com/> |
Neil Walker
Member #210
April 2000
|
He got back to me. They hacked his .htaccess file, presumably through some dodgy php or his php, maybe even ftp (I'm covering all bases here!): RewriteEngine On Neil. wii:0356-1384-6687-2022, kart:3308-4806-6002. XBOX:chucklepie |
|