Site Hijack by onwardclick.com
Permalink
So I have an old Concrete5 account on legacy C5 and I haven't checked on it in a while. When I went to check on it again I am getting browser hijacking/redirects. So I tried it from other computers and same thing. I contacted support for the web host and they said this:
However, I see that the website mysite.com is getting redirected to a blank page with the following URL:http://xml.onwardclick.com/click?i=R5e2ygCgk8Y_0...
So I checked and all the settings and DNS are the same. DNS is protected at Cloudflare. I don't have an htaccess file on the site but the index.php in the web root looks like this:
<?php
require('concrete/dispatcher.php');
Now it's been a while but that doesn't look right to me for the root php file. Can someone please shed some light on what's going on with this site? Is this a Concrete5 issue? Has my database been hacked? What is it and what is a solution?
Thank you!
However, I see that the website mysite.com is getting redirected to a blank page with the following URL:http://xml.onwardclick.com/click?i=R5e2ygCgk8Y_0...
So I checked and all the settings and DNS are the same. DNS is protected at Cloudflare. I don't have an htaccess file on the site but the index.php in the web root looks like this:
<?php
require('concrete/dispatcher.php');
Now it's been a while but that doesn't look right to me for the root php file. Can someone please shed some light on what's going on with this site? Is this a Concrete5 issue? Has my database been hacked? What is it and what is a solution?
Thank you!
That is what index.php should look like.
Thanks for the clarification.
Did you check for weird javascript present in the page's code? I suggest you disable javascript in your browser and see if you still get redirected.
I did that and didn't redirect. Where's the most likely place for this malicious code?
I found it. It was something to do with my site's Piwik account. Probably because I haven't updated Piwik in forever. I didn't see anything obviously malicious in the home page code, but decided to start there removing the piwik insert since I didn't use it really anymore anyway.
Thanks for the tip. Glad that's fixed!!
Thanks for the tip. Glad that's fixed!!
Good to hear. Congrats :)