Table of Contents
Are there malicious redirects on my website?
Updated Apr 28th, 2021 at 15:10 BST
If attackers compromise your site, they might insert malicious code that redirects visitors to phishing or malware sites. Or they might also lure visitors to the malicious redirects with spam email. Those messages can be something as simple as:
Subject: Hello! Body: News: http://[your domain name]/jyl/wnews.php
If you see messages like this about your own site, you should review your website content for files containing malicious redirects. Typically, these files are created in separate directories, like these:
/uuc/news_id.php
/zkd/news_fx.php
/dgmq/w_news.php
/cisc/br-news.php
These files will contain a list of domains and a line of code that performs the actual redirect — they look something like this:
meta http-equiv="refresh" content="2; url= ">
The code http-equiv gets the visitors' browser to load the malicious website.
Obviously, you want to remove any files containing redirects as soon as possible.
Protecting Your Site There are many ways attackers can insert this malicious code on your site. If this has happened to you, we recommend the following to secure your site:
Review your hosting account to ensure that it does not contain any additional malicious content. We have some information about this in
Update any applications your website uses to their latest versions (e.g. WordPress, Joomla, etc.).
Update all themes, plugins, and extensions to their latest versions.
Change your FTP and database passwords, along with passwords for your web applications like WordPress or Drupal.
Update your anti-virus and scan your local workstation for signs of compromise.
Consider using website security software like Website Security to scan your site for vulnerabilities and compromises. We also offer Website Security packages provided by Sucuri, which can be checked from here: https://www.tsohost.com/sucuri-website-security