We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Weird redirect - possibly hacked?

February 26, 2010 1:13pm

Subscribe [3]

  • #1 / Feb 26, 2010 1:13pm

    brankin

    150 posts

    Not sure if I have been hacked or not, or even when it might have happened apart from the last few weeks.  I went to go edit a custom field today and links in the control panel work fine.  However when I go to select the specific field it goes to the field editing page for about half a sec and then redirects to:

    <a href="http://searchinvented.com/?flrdr=yes&nxte=js&dn=www.saintpaulumc.ws&fp=TjMPIgdtuzuUzLFh0wlA/jBFYs1sEYFGrgfudqo5sHY6TYvIzBT/bQOp6GI4XKDm87TSGkclQCFt+l6Ju39kcw==&prvtof=LdsgLXAQZq6blSIlSj9f317ptWCcVzGpptaKotVMCnBmRpV+0Uens2aPAFQGSigB71kN+LUSdkfXF/AV/sJvFvTpZr+IcSiqafI0W3FCFHo5ql48pMaTmwRQ3yj/NYlh18Q+DsgnNCPpIoJusbbEYg==&poru=tfsP1KzaxYrSV82XwgHlYUwQnzgBE3f8EEeSO1iR03+XMzbMdXRpu4AzjbrTXuMfcTUpCZ1I2HCcv8kObKzyRIEaTI5UlR6nyd5xtKMMmQuG5wTePds1FFf3minGYwno&cifr=1">http://searchinvented.com/?flrdr=yes&nxte=js&dn=www.saintpaulumc.ws&fp=TjMPIgdtuzuUzLFh0wlA/jBFYs1sEYFGrgfudqo5sHY6TYvIzBT/bQOp6GI4XKDm87TSGkclQCFt+l6Ju39kcw==&prvtof=LdsgLXAQZq6blSIlSj9f317ptWCcVzGpptaKotVMCnBmRpV+0Uens2aPAFQGSigB71kN+LUSdkfXF/AV/sJvFvTpZr+IcSiqafI0W3FCFHo5ql48pMaTmwRQ3yj/NYlh18Q+DsgnNCPpIoJusbbEYg==&poru=tfsP1KzaxYrSV82XwgHlYUwQnzgBE3f8EEeSO1iR03+XMzbMdXRpu4AzjbrTXuMfcTUpCZ1I2HCcv8kObKzyRIEaTI5UlR6nyd5xtKMMmQuG5wTePds1FFf3minGYwno&cifr=1</a>

    The href for the custom field is correct I got a glimpse of it before it redirected me.  The “www.saintpaulumc.ws” portion of the above link is the old domain.  We have updated everything to the new domain inside the Control Panel. 

    I am not sure where to check for the redirect.  It doesn’t look like there is anything in the .htaccess file is there a place in the php that could have gotten a redirect?

    1.6.7 build 20090122 (I know it needs to but updated but we are working on a rebuild currently so we left it)

    Thanks for your help on this

  • #2 / Feb 26, 2010 1:35pm

    brankin

    150 posts

    Seems to be that particular computer that is causing a redirect on the custom field links.  I would suppose this eliminates it from being an Expression Engine issue.

    On a side note anybody ran into the searchinvented.com redirect before?

    Thanks
    Bryan

  • #3 / Feb 26, 2010 7:28pm

    Adam Dorsey

    1439 posts

    Hm - We take security very seriously, so lets get to the bottom of this.

    Can you open your path.php file and index.php file in the root, for malicious looking code?

  • #4 / Feb 27, 2010 11:37pm

    brankin

    150 posts

    I will check it out but after checking multiple other computers it seems that that particular machine seems to have an issue.  My boss noticed the redirect while he was logged onto the machine but was not at the Control Panel.

  • #5 / Feb 27, 2010 11:45pm

    brankin

    150 posts

    Files all look clean.  No redirects to the searchinvented site.  Thanks for the concern.  If I see anything else come up like that on another computer while logged into the control Panel I will post back.  Now I am off to see who downloaded something they shouldn’t. hoorah for multi-user machines.

    Later,
    Bryan

  • #6 / Feb 28, 2010 4:29pm

    Greg Salt

    3988 posts

    Hi Bryan,

    Okay, thanks for the update. I’ll go ahead a close this thread but please post back if required.

    Cheers

    Greg

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register