Site Redirects On First Load Of The Day

[xavier]

Bit of a weird one this, can't imagine it's just me as I get it on a number of devices. When entering this site via a search engine, first time in I get directed to a 3rd party site. Does it happen to anyone else? Got into trouble with the wife this morning as the redirect "site" was of an adult nature, where the "welcome" page was a full frontal naked female. Last thing I expected when searching for the fuse to pull to disable my aux heater. Nearly sprayed my breakfast cuppa all over the kitchen table!

[SilverBeast]

....first time I've heard it called a breakfast cuppa!! :blush:

 

 

Seriously it's never happened for me on any device on all the years i've been here.  I suggest you try a full virus scan and/or a different browser..

[chrispb123456]

Bit of a weird one this, can't imagine it's just me as I get it on a number of devices. When entering this site via a search engine, first time in I get directed to a 3rd party site. Does it happen to anyone else? Got into trouble with the wife this morning as the redirect "site" was of an adult nature, where the "welcome" page was a full frontal naked female. Last thing I expected when searching for the fuse to pull to disable my aux heater. Nearly sprayed my breakfast cuppa all over the kitchen table!

Fuse 12 :16:

[BrianH]

I've found the same if you search via google actually as well. if you look at the address its actually loading this instead (changed http to hxxp to stop anyone clicking it by mistake).

 

hxxp://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&ved=0CDoQFjAC&url=http%3A%2F%2Fwww.fordgalaxy.org.uk%2Fford%2Findex.php%3F%2Fforum%2F62-ford-galaxy-technical-section-mk-i-mk-ii%2F&ei=8Kz1VKqUFMnqatCagfgP&usg=AFQjCNGnXGS1zsfq20M3AYn_56rreE_WDA&sig2=Ads23g5nQQpIpZDuCz6baw&bvm=bv.87269000,d.d2s&cad=rja

 

Gets blocked by norton 360 for me. identified as exploit toolkit website 67. and only on the first load of the site same as your finding. this is on doing a search for ford galaxy forum (incidentally only the first search on google seems to do this as well)

[sasquartch]

Some exploits like this work by changing your DNS settings so that google resolves to something other than the real IP address for Google.

 

Your DNS might be set in your router which then acts as a cacheing DNS server - check this is correct, either your ISP's DNS settings or you can use a public DNS server like Google at 8.8.8.8

 

From a command prompt on a PC you can use nslookup to check it's OK

 

Using my ISP's DNS www.fordgalaxy.org.uk resolves to 88.208.237.197, check this is what you get.

Edited March 3, 2015 by sasquartch

[gregers]

stop looking at porn,lol

[xavier]

I seems to bounce through something called 4 url for short (?), I've seen it happen at work too (thankfully to nothing so graphic though!) and we're really up with the security stuff there. I've not really noticed it with the laptop but I think that's cos I'm in the site rather than getting redirected to it. It was only when I was leaving for work I remembered the cloud of smoke 2 days before and thought to check the fuse. To which I'm none the wiser! Other than it's not 12 because the heater still came on!

[BrianH]

That url4short sounds like what i used to get before (i found it was easier to search the site via google than the built in search). The issue with it appears to me to be a google issue. If you see it again it may be worth making google aware of it (it doesn't show the correct address when you right click it and choose copy link location, but again only the first time).

[Russats]

Clear Cache, wipe history, scan for viruses and clear malware too. It's probably some kind of unwanted script running within your browser.

[Gteuk]

I have checked and double checked the code in the forum code and it looks clean. I have however as a precaution cleared all the cache files and locked the files down.

I will keep an eye on it as I would not want the site to be blacklisted for malware by google

[BrianH]

If it happens again will try and get a screenshot of it to show the issue. Its been fine since mentioning it yesterday, but i don't usually use google to locate the site now anyway.

[xavier]

Thanks for the investigation all. Had I just seen it on my laptop and not seen it happen at work, or on the ipad I would have thought my machine. I too will keep an eye out, I tend to use firefox so next time I'm in looking at the site from work I'll log the http data from the browser.

[xavier]

Oh, and fuse 12 worked. First time I counted I missed the empty first bank and ended up pulling 13 rather than 12.