My Site Is In Danger! Plz Help Me Urgently!!

I am using a dedicated server, and my server IP address is 74.54.188.18
I have mainly 2 sites in it, myspacegraphicsworld.com and 123orkut.com out of which 123orkut.com is highly popular.

Recently, myspacegraphicsworld.com started recieving millions of UNKNOWN HITS and it has started eating up my bandwidth. The hits are not human and is destroying my server. I tried many things but to no use.

And recently, when i tried googling my sites and when i clicked my sites link in google, i was automatically redirected to another IP adress 87.248.180.88 which is of an antivirus site ! Also, if i try going to a page that doesnt exist, eg, myspacegraphicsworld.com/asdfagab.php , i am automatically redirected to that IP.

Please help me find a way to stop this !

 

Please DP, I will be eternally gratefully to anybody who can help me in this situation.....

 

Can you paste some lines from your access_log ? Is there any pattern for such fake visitors?
Two important things to look for in your log: 1. Is there any referrer for such visitors? 2. Which useragent is set for such visitors?

And this about google... that looks odd... are you sure that it is related to previous problem?

 

hey pr0t0n,
many thanks for ur concern, im not really sure if the google problem, is related to the fake visitors, but i seriously doubt it is.

Please help me find a reason why my sites are being redirected to this IP : 87.248.180.88
It now happens not just for links in google, i have another domain planetorkut.com, which has no content, but the domain is hosted in my server. Even when i type that address in the address bar, it gets redirected to that antivirus site.
Im feeling really sad, dont have any idea why this has happened to me !

 

Have you got a firewall installed?

Are you saying your websites are now being redirected to an unknown IP? If so, check your hosts file to see if it is your PC, if not it probably means you've been hacked.

 

Like calum said, I think your PC (NOT server where your sites are hosted) either has been hacked or you have some virus/worm on it. I typed the address and searched thru google for your sites, and I am not being redirected. Try accessing the sites from another PC.

 

That is bad news

You seems to be under attack as my browser refused to open and site and gave the advisory issued by google - that the site installs malicious software

But the good news is when i searched the google advisory, it clearly mentioned that your site seems to be infected and it is not directly involved in installing the software but third party ip and domains is involved in it.

So googlebot is aware of it-that should help you later, but for now.....

I feel you should ask support from your datacenter - btw where is it hosted

What kind of firewall are they using...........this cannot happen behind a good firewall until and unless you had left something open in your database



=======================================================================================================================
for your info i will paste the google advisory here
=======================================================================================================================
Safe Browsing
Diagnostic page for www.myspacegraphicsworld.com/

What is the current listing status for www.myspacegraphicsworld.com/?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 11 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 08/02/2008, and the last time suspicious content was found on this site was on 08/02/2008.

Malicious software is hosted on 2 domain(s), including power-antivirus-2009.com, 87.248.180.0.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 87.248.180.0.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, www.myspacegraphicsworld.com/ did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
========================================================================================================================

I feel your host only can help

Contact them immediately without wasting time

 

Earlier I went to 123orkut, and everything was fine, I thought you were concerned about it. Now I went thru your signature, and unfortunately yes, it seems it's been hacked.
But 123orkut is loading fine for me.

 

It seems that your site myspacegraphicsworld.com has some suspicious code(like malware code). As cashisfilthitakecheck has mentioned, your site is already blocked by google. You can check it using http://www.google.com/search?q=site...avclient-ff&ie=UTF-8&rlz=1B3GGGL_enIN285IN285

You will need to remove the malware/badware code from your site then you will need to submit the request to stopbadware to remove your site from bad web sites list. You will need to do it asap else you will lose the traffic from google.

Kailash

 

Where is this server based? Isit managed or unmanaged server?

 

When i opened it in firefox 3 it gives me a warning "Reported Attack Site!"

What you should try is remove all the files from there and see if still people face the problem

 

You have removed your index ? I recently have a similar problem. My index was modified every time when I connect to FTP.
Check your last lines in your index.php and paste it here.

 

yea mostly it must be the last few lines

 

probably hacked,

check .htaccess for redirections and secure up

 

Its obvious its a ddos attack....
Dont you have a max user limit on your server ?

 

Its not a DDOS coz DDOS attacks wont ut things on your site

 

I am also facing same problem , help plz

 

I Could Fix it for you guys ill charge a small fee but you pay only if its fixed

 

Thank you guys for your comments, but i guess i have figured out what the problem is :

After I had send you the request to hostgator(my host) to find a reason for my site's problem, i simply checked the .htaccess file, just to make sure there wasnt anything wrong in that.
What i noticed in the .htaccess file was that someone put a lot of empty spaces and put a certain code at the very bottom (so that I dont see it quickly) to redirect my sites to this IP : 87.248.180.88
I was horrified, and immediately deleted that code, and my sites came back to normal. At present my .htaccess file is blank.

Also, when i tried googling about this, I happened to find this similar incident which happened to almost every site hosted in iPowerWeb servers :

" All of these redirects are happening on hacked iPowerWeb servers. The website MrDeity.com has been compromised in the same way, and after nearly a week of trying to get the iPower people to do something about it they still refuse to even look into it.

If I had to guess, I'd suppose that .htaccess files on these hacked servers are being replaced with ones that redirect only search engine traffic. That way site owners, who would most likely visit their own sites by bookmark or typing the address directly, might not immediately notice that their sites have been hacked.

Considering that whoever hacked iPower seems to have wide access, it's possible that even after repairing the damage, site owners may find their sites compromised again shortly after. I highly recommend that anyone hosting at iPower get out of there now and find a host that takes security seriously."


From : http://support.mozilla.com/tiki-view_forum_thread.php?locale=fi&comments_parentId=115906&forumId=1

The above incident took place recently in the end of July too, so I suppose a widespread attack has been made and i guess sadly, my server hosted in hostgator.com was also targetted.

It is not just the monetary loss, I had to suffer. Yesterday, being friendship day, I had spent a lot of money on adwords, and it was only after I spent more than 15,000 rupees, that I noticed my visitors were taken to a virus site instead of mine. To be frank, i was thunderstruck at that moment. More than the money, it is the trust that people put up on such sites that were compromised when they were redirected to a virus page. Also, the site myspacegraphicsworld.com site of mine, if still searched on google, shows a "This site may harm your computer." link, which is even worse as it looks like my site itself was the harmful one.

 

Firestorm, you should definitely take a look at your .htaccess files and delete any unauthorized redirects. The redirection code in my .htaccess, was put at the very bottom after a lot of empty spaces, so that i dont notice it easily.
Hope it has helped you.

I guess this problem is now spreading like wildfire. Almost all of ipowerWeb hosted servers seems to be hacked, and I doubt hostgator has been too. So i urge all webmasters to be warned about this new threat !