My Website was Hacked. All my pages redirect somewhere else!

This most commonly happens when you choose a weak password for your Control Panel/FTP server. Do not use a name, common word, or sequential numbers for your password. A strong password should be at least 8 characters in length. It should also contain both uppercase and lowercase letters, numbers, and characters. If your site was hacked, the first thing you should do is to change your password. Also, make sure your anti-virus is up to date on your home/work computer and run a virus scan. Your computer could have been infected with a keylogger application which sent your password to the hacker.

 

Ok, now that we have that out of the way, let's fix your website. If you are one of our clients, please call our support line or submit a support ticket and we will take care of the problem for you. If you are hosted elsewhere you may still contact us and if it's an easy fix, we may still be able to help you.

 

If you want to tackle this yourself, here are some things to check for:

 

.htaccess redirect (Linux only) - Check in the affected directory and in the parent directory for the .htaccess file. If you have a backup, restore the .htaccess file from the backup. If not, download your .htaccess file and open with any text editor (in windows, use notepad). You may have to rename the file to htaccess.txt to open it. Now look for any lines that begin with the words "Redirect 301" and also contain the domain name of the page/pages are redirecting to. Delete any of these lines. Now upload your new .htaccess file to your server (if you had to change the file name to end with .txt, be sure to change it back to .htaccess).

 

Meta redirect - Check your site's code for the following:

<meta http-equiv="refresh" content="0; url=http://hackerssite.com/">

Of course, replace "hackerssite.com" with the domain name for the actual site your's is redirecting to. The meta tag will be located in the <head> section of your site's code. Remove the code if you find it and upload your fixed file back to the server.

 

PHP redirect - Check your affected web page for the following code:

<?
Header( "HTTP/1.1 301 Moved Permanently" );
Header( "Location: http://hackerssite.com" );
?>

 

Javascript redirect - Check your affected web page for code similiar to the following:

<script type="text/javascript">

window.location = "http://hackerssite.com/"

</script>

Remove the code and reupload your site.

 

If your site is still redirecting pages to a hackers site, check your nameservers with your domain name registrar and make sure they point to your server. It could be that the hacker redirected your site entirely to their own server, in which case, changing file on your server will do nothing until that is corrected. We're sorry you are experiencing a hacked site. We hope this article helps you repair the damage. If you find something that should be added here, let us know.