My background is NOT sys admin (I'm more of a software developer), so I'm struggling with this issue right now. I'm currently running about 7 sites on a dedicated server. The sites were running fine yesterday and all of a sudden, they are having issues starting today. For some reason, it only affected 4 sites and they all show the following symptoms: - when I type the site url, it automatically redirects to some pages full of ads some popping up modal dialog boxes that won't die without killing the Chrome process. - when I observed very quickly, I saw something like ww20.<rest of url> then directs quickly to those bad pages. - any combination of the URLs *.<a site>/* causes the redirection. - if I do wget ww20.<a site> from the linux command line, it says the domain does not exist. This leads me to believe that perhaps this is a client side issue. I checked: - .htaccess - nothing suspicious there. - index.php or index.html files have NOT changed - their last write dates are well before today's date. - this happens on ALL of my devices including a Windows 8 laptop, my wife's Windows XP laptop, my Android tablet and my Android phone. I've never heard of a malware that simultaneously affects both Windows machines and Android devices... - I tried to tether through my phone. Same results from all of my devices. - Sys Admin from the hosting company ran some malicious catch scripts. Found nothing. - My Adsense earnings have NOT stopped. They are coming in, but perhaps a bit slower than usual. It isn't obvious at all. So what's happening? I can send you the URL to one of my site if you can help (don't want someone to think I'm advertising my site here). Thanks for any help in advance!
You would first have to rule out that it is not client-side. Does the same thing happen from other PCs? Other browsers? If it does, it is likely compromised. Please feel free to PM me your URL(s) and I'll check from my end.
I'm happy to check too. If it's happening to everyone then it's likely someone has hacked your theme files.
Check your local files maybe you have a virus or something. Sometimes viruses attack windows host file so it will manually redirect any domain that you type ( for example google.com to 'fake' googlex.com ). Check out the location of it: http://en.wikipedia.org/wiki/Hosts_(file)
It looks more like your browsers have been hacked. And since you're all probably on the same network all other computers / devices got hacked as well. Download, install and run avira: http://www.avira.com/en/avira-free-antivirus It's available for PC, Mac, Android and iOS. The scan may take up to 2 hours per device (usually less). It'll take care of anything and everything you shouldn't have on your computers.
Nice suggestion. I still run Avast as it has never failed me(as far as I know lol..) and seems to have a slightly lower footprint on my rig. Avira is awesome stuff though. Likely the best on the market. I used to love the stuff from Kasperky Labs but last I checked that stuff totally killed my comp it used so much resource.
I suspected perhaps my PC was infected so I ran 7 different (well known) Malware/Antivirus apps. None of them have found any issues. I even ran 2 scanners on my Android devices too, and they found nothing. I always run anti-virus and they never failed me in the past either. I suspect this is more than just a client-side issue. I'll send the URL to those who are willing to help - thanks in advance!
Just looking at one of these sites. I went to whatsmydns.net this morning and looked up one of the sites and repeated the search just now. Here's what I get now. www looking just at Auckland, NZ - the IP this morning was 95.211.9.52 ns1 ns2 I wonder if changing to your hosts nameservers might help identify the problem. I've never seen anything like this before.
Reading your opening post - and maybe it's just the way it's written, but is it only yourself having these problems? Or do other people? As an example: You are always mentioning about yourself. We need to unequivocally establish whether it is just yourself impacted or if other people are seeing the same problem. I am guessing the IP changes sarahk noticed are due to you changing hosting companies and propagation had not fully completed.
Its a bit deeper than that. One of my site is quite well known in its hobby sector and forums around the world are reporting that this site is having issues and only happens to some of them. Based on what I see in whatsmydns.net, I'm not surprised - more than half of the IPs listed there are not mine...