This morning I did a Google search for "free psd web button". I clicked on the third result which links to http://www.sharkwebstyle.com/2011/07/80-prefect-free-photoshop-web-buttons-psd/.
ScriptNo for Chrome and NoScript for Firefox so, the site didn't do anything, and thankfully it wasn't able to reach its dirty tentacles into my machine (I hope).
I originally discovered the malicious redirect on a Windows machine, and I immediately assumed that the machine must somehow be infected. I switched over to a Mac machine and discovered the same malady, suggesting that the malicious redirect originates on the server side and not on my side.
UPDATE (2/15/12): It appears that this was most likely the result of a compromised instance of WordPress (most likely through a maliciously modified .htaccess file). Older versions of WordPress can be susceptible to attacks. If you self-host your WordPress site, you need to make sure you update to the latest version, change passwords for your web host account, FTP, and MySQL database. Check this link if you think you might be compromised. You can also check your site to see if it is infected with any known malicious code at Sucuri SiteCheck.
UPDATE (3/3/12): I received a note from the site administrators at Sharkwebstyle that said, "We encountered a problem with a vulnerability in timthumb script used in our WordPress theme, and that vulnerability can change the .htaccess file content, so that's why there was a redirection to other website." Here are some technical details about the Timthumb Wordpress vulnerability and hack.
I've been troubleshooting a couple of these this morning (2/15/12), and it is server side. An injected bit of code into the server's .htaccess, it would seem.ReplyDelete
I have the same problem with my website and i don't know what to do? www.super8monamour.com :-(ReplyDelete
but when i use http://super8monamour.com, it works !
Guillaume from France
thatedeguy, were you able to figure out the source of the problem and how to fix it?ReplyDelete
Hi Brian, my wordpress website gets redirected to this russian site. I can't even Google my own site anymore because it shows up as this malicious site. Please help!ReplyDelete
I call my "hosting society". The problem is that my .htaccess file was modified. So, i have to delete the code or replace by the right code. When Google'robots will index my website again, it will probably works...ReplyDelete
Guillaume from France
I just experienced this nightmare myself. In my instance it was related to a TimThumb (thumb.php) vulnerability in which the vandal was able to insert php code into the appearance editor by stashing files in the cache (on the theme root). I deleted all cache files, backed up my theme files to my desktop, deleted my theme from the server and reinstalled a new theme zipfile from within WP. So far, so good...(by the way, I had multiple websites in my domain hosting and it nailed all of them...so I had to repeat this process until everything was clean)ReplyDelete
when a klick on my club's homesite i am redirected to a russian site (supa2012).I'm using linux ubuntu and on my other pc with W7 the problem is the same.What shall I do?I'm no familiar with computers.Thank in advance.AnetteReplyDelete
Anonymous/Anette, sounds like whoever runs your club's web site needs to dig a little deeper to remove the infection/malicious redirect.ReplyDelete