HELP!! My website is getting redirected to porn!!

I just got notified by google that they would stop serving ads to my webpage appyshackdotcom/all-searches.php
I went there and the page automaticly gets redirected to a sex cam website.
I've gone in and looked at the code and could'nt find anything.
Can anyone give me a clue where to find the code and how they got in?
Thanks

 

I just came across this code in a "function.php" file
I think this may be the problem?
If so, what part of it can I delete without messing up my site?
Thanks

<?php
//rewrite link
function changeURL($var_link) {
	$var_link = str_replace("-","_-_",$var_link);
	$var_link = str_replace(" ","-",$var_link);
	$var_link = str_replace("'","",$var_link);
    $var_link = str_replace("?","_qq_",$var_link);
    return $var_link;
}

function reverseURL($var_link) {
	
	$var_link = str_replace("_qq_","?", $var_link);
    $var_link = str_replace("_-_","&ddaasshh;", $var_link);
	$var_link = str_replace("-"," ",$var_link);
	$var_link = str_replace("&ddaasshh;","-",$var_link);
	return $var_link;
}

//CHECK HOTORNOT ADMINISTRATOR LOGIN

function chk_admin_login()

{

        global $admin_user,$admin_pass;

        if($_SESSION['ADMINUID']!=$admin_user || $_SESSION['ADMINPASSWORD']!=$admin_pass)

        {

                header("Location:login.php");

                exit;

        }

}

function find_cat_name($id)

{

        $sql="select catname from category where cat_id=$id";

        $rs=mysql_query($sql);

        $row=mysql_fetch_array($rs);

        return $row[catname];

}

function find_item_name($id)

{

        $sql="select cat_id,title from recipes where id=$id";

        $rs=mysql_query($sql);

        $row=mysql_fetch_array($rs);

        $list[0]=$row[title];

        $list[1]=$row[cat_id];

        return $list;

}

?>

Code (markup):

 

You should check you .htaccess first there you might get the link of the site where your site is getting redirected. Just remove that bad link from .htaccess. If you need more help than contact me.

 

Here is the code from my htaccess
Nothing really looks malicious in there...

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d


RewriteRule ^([^\/]*)-c([^\/]*)/$ items.php?catid=$2&catname=$1 [L]

RewriteRule ^([^\/]*)-r([^\/]*).html$ item_detail.php?itemid=$2 [L]

RewriteRule ^([^\/]*)-search.html$ search-results.php?keyword=$1 [L]




<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 24.108.11.226
deny from 70.64.128.254
deny from 208.98.216.12
deny from 75.101.143.129

Code (markup):

 

SOLVED!!
The offending website had typed some code into my search box and it had caused my "all searches" page to refresh and redirect to the webcam site.
I simply deleted the posts from my database.
Thanks to all that had a look for me

 

Sounds like you need to sanitize your database inputs.

 

Filter the user input. Do not trust the input without proper filter. I think it was a sort of XSS attack.

 

It sounds like they just injected via your search bar. You should make sure they didn't get a shell installed.

 

Is there some sort of code (filter) I can include on my "all searches" page that would prevent this from happening again?

How can I tell if a "shell" got installed?
I'm not even sure what a shell is ...

 

Check your site for some codes like javascripts, few Ad companies do such stupid stuff.
Try removing all advertisments and scripts from your site coding.

 

A shell gives the hacker remote access to your server and files. They are usually uploaded and installed when a security flaw is discovered in a web server. You should find an anti-virus program with real time file system monitoring. It will pick up any shells they try to install and instantly delete them. If you don't have root access to the server, talk to your host to see what they can do.

 

I had something like that happened to me before, No one would help me so i wiped out my entire site. Good thing you found yours

 

Check your PC for viruses. Normally it will write a script to your local html pages and webfiles. once you upload this files to your hosting server it will start redirecting. I have experienced this. please check the files you recently uploaded also check your PC for viruses.

 

your site security is very poor it seems, upgrade it first, use good filters to scan user requests...

 

If you want to learn more about what they did..learnphponline.com/security/sql-injection-prevention-mysql-php

 

wow i never knew they could inject code thru search bars i will look out for such things.

 

Little bobby tables can make such a mess.