: Suspicious script loads ONLY when navigating to site via search engines I cannot find anywhere on our site where this code is referenced. More importantly it does not appear when navigating directly
I cannot find anywhere on our site where this code is referenced. More importantly it does not appear when navigating directly to our URL, it only appears when coming from a search engine (including Google and Yahoo, but notable NOT anonymous search like duckduckgo).
In IE with high security settings the user gets a prompt that content is being blocked. Firefox and Chrome display warnings as well.
The error appears like this in dev tools:
"Mixed Content: The page at [removed] was loaded over HTTPS, but requested an insecure script 'http://ariadnnakiss.pw/m/zLZlP-SXnQrHhT_q_ywsOKj-.js?QB2M=6w5Q7T2e2a&P-0mA5Ga=cd99J0t91&_=12-1d-13-6&DyfkA=as426S9Uy3e&h=t7'. This request has been blocked; the content must be served over HTTPS."
The URL in question is ariadnnakiss, which I cannot find much information on beyond a whois lookup.
Any ideas why this would occur only when reaching the site via search?
More posts by @Jessie594
1 Comments
Sorted by latest first Latest Oldest Best
Your web server contains a configuration file with a configuration that directs traffic from certain sources to pages with the suspicious script.
If you're using apache, start with the .htaccess files in your document root folder and every folder recursively within it.
Look for any lines containing "user_agent" or "remote_addr" or even google or other search engine names. Also, check for a list of specific IP addresses. Trying to comment them out then rerunning your site might be all you need to do.
If that doesn't work, you can also look at apache's default configuration file (httpd.conf) for references to the words I mentioned above.
Here's an example of how to reproduce your situation on any web server with apache installed:
Create a normal index.htm or equivalent page with content for all to see and save it to the document root folder.
Create the same page but add the suspicious script and save it as codewithsuspiciousscript.htm and upload it to the same location as index.htm
Create a file named .htaccess with the following contents:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^googlebot$
RewriteRule ^(.*)$ /codewithsuspiciousscript.htm
Then upload it to your document root folder.
Now when google visits any page, they will see the suspicious code because codewithsuspiciousscript.htm is loaded as a result from the user agent matching with google. When everyone else visits the page, they will see the normal page.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.