: Website is redirected to scam site only when clicking from Google search results I am trying to investigate a weird attack on a Joomla 3.6.5 website: If you access the website directly through

@Michele947

There are a lot of places where a little tiny code can be implemented that does the job!

Here are my suggested steps to take towards fixing the issue:


You may find out where is that code exactly written by opening your
joomla folder(ftp, sftp) and checking your last modify date of the
folders > files. This way you may find where is the bad code!
I would also recommend you to update your Joomla to latest version
asap!
If you are already on the latest version, I recommend you to
reinstall the Joomla core by going to Administrator > Components >
Joomla Update and click on the reinstall core button!
If after this the issue is still present, then the issue is
somewhere in the templates folder or somewhere in the 3rd party
modules/plugins that are not coming with Joomla by default. If
there are such extensions(modules/plugins) try disabling them from
Joomla admin and check if the issue is still there!
Also please check your .htaccess and see if there is any strange code
present! if possible, remove .htaccess and after reinstalling
the Joomla core, rename the htaccess.txt to .htaccess.


P.S. If it is always redirecting to the same scam site, try searching the whole project(files/folders) by the domain name of the scam website!

Hope this helps!
Best,
Gev

Vote Up Vote Down

@Jamie184

How could someone facilitate this?


Compromising any part of the PHP/Joomla/Plugin code could be enough to implement such a redirect.

However, these attacks are commonly achieved by writing malicious code to the .htaccess file that then checks the HTTP Referer and redirects the user visiting from the Google SERPs.


Would taking control of the Google Webmaster tools be sufficient to setup such redirects?


No - you can't implement such a redirect within Google Search Console (formerly Webmaster Tools)

Vote Up Vote Down