Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Redirection Trojan Problem

Discussion in 'Security' started by alexweb, Oct 17, 2017.

  1. alexweb

    alexweb Registered

    Joined:
    Oct 17, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Alexandria , Egypt
    cPanel Access Level:
    Reseller Owner
    Hello,
    I have very strange problem .
    I am trying to solve this for many months now , and no way :(
    I have VPS server and I sell hosting to multiple clients .
    I found a problem with specific accounts on my VPS , when I access : website.com/any_random_letters
    which should gives 404 page .
    it redirect me to many ad pages fast .
    first page is : - Removed -
    and sometimes it shows porn ads :(
    I have made scan for this account , and for whole server , and it's clean
    I have searched for rapidyl trojan , and they only talk how to remove it from pc !
    The strange thing is :
    This problem happens only from my local country , my hosting company tested this many times , and they say that there is no redirection from their side !
    Do you have any advice for me
    Thanks in advance
     
    #1 alexweb, Oct 17, 2017
    Last edited by a moderator: Oct 17, 2017
  2. cPWilliamL

    cPWilliamL cP Technical Analyst II Staff Member

    Joined:
    May 15, 2017
    Messages:
    258
    Likes Received:
    30
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    I'm sorry to hear that @alexweb. I'd definitely recommend reaching out to a developer or security professional to investigate further; this is just one symptom of the infection. You should check your `.htaccess' files for any strange redirects; however, I feel the malicious code is likely is in your database, perhaps a custom 404 page. It's also possible to be a combination of physical files and code in your database. If you have database backups, you may just try reverting until you no longer see the issue, then check the differences. I'd also recommend reinstalling the core WordPress files and the theme/plugins.
    Updating WordPress « WordPress Codex

    As well, `strace'ing Apache while visiting the malicious 404 redirect should allow you to see the specific database queries which may lead you to the specific page ID's responsible for the redirect, but this will be a lot of data to read through.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPWilliamL, Oct 17, 2017
  3. alexweb

    alexweb Registered

    Joined:
    Oct 17, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Alexandria , Egypt
    cPanel Access Level:
    Reseller Owner
    Thanks allot for your kind reply.
    I have checked htacess and it's clean.
    Also it's static website not wp !
    But why this happen only in my country ?
    Is this logic ?
     
    #3 alexweb, Oct 17, 2017
  4. cPWilliamL

    cPWilliamL cP Technical Analyst II Staff Member

    Joined:
    May 15, 2017
    Messages:
    258
    Likes Received:
    30
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    That's even stranger. I apologize for assuming it was WordPress. If it can't be found in the static files themselves, it may be pulled dynamically from remote JS resources. Otherwise, it would seem the malicious redirects are coming from your computer or ISP. I would recommend testing from a different computer, and with a VPN and perhaps Google DNS, to rule out all possibilities.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPWilliamL, Oct 17, 2017
  5. alexweb

    alexweb Registered

    Joined:
    Oct 17, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Alexandria , Egypt
    cPanel Access Level:
    Reseller Owner
    Many thanks for your reply.
    In fact this is really strange problem as I told you.
    Regarding the possibility of my PC is infected ..
    This problem happens from multiple locations , multiple devices , multiple ISP , but all of them are in my local country.
    When I test with VPN from the same PC the problem disappear !
     
    #5 alexweb, Oct 17, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - Redirection Trojan Problem
  1. RonanRBR

    How to enable Force HTTPS Redirection

    RonanRBR, May 30, 2019, in forum: Security
    Replies:
    4
    Views:
    275
    yaashul
    Jun 15, 2019 at 9:06 AM
  2. JunJoo

    Redirection of htaccess Only on Main Domain Not on Addon Domain

    JunJoo, Mar 2, 2019, in forum: General Discussion
    Replies:
    1
    Views:
    364
    cPanelLauren
    Mar 4, 2019
  3. Dragono Santika

    Redirection settings issue

    Dragono Santika, Feb 20, 2019, in forum: Security
    Replies:
    6
    Views:
    161
    cPanelLauren
    Feb 22, 2019
  4. Damian2Cubed

    Deleted Account pointed at server redirection

    Damian2Cubed, Feb 8, 2019, in forum: General Discussion
    Replies:
    6
    Views:
    229
    cPanelLauren
    Feb 12, 2019
  5. Rafael Solano

    URL redirection issue

    Rafael Solano, Jan 17, 2019, in forum: General Discussion
    Replies:
    4
    Views:
    411
    cPanelLauren
    Jan 21, 2019

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice