WordPress.org

Ready to get started?Download WordPress

Forums

Redirect after WP Search (3 posts)

  1. peroperopero333
    Member
    Posted 9 months ago #

    Hi there,

    There is a strange redirect that occurs when one searches for something on this wordpress site that I am helping to manage: http://mandiberg.com/.

    One enters in a search term, click submit and are brought to a page with the URL http://www.mandiberg.com/?s=huei&searchsubmit=Search with an input box for human verification (Please verify that you are human, what is result of: 8 + 1 = ). It does not matter what the answer is, only that you get rid of the "?" that is in the input box, the page redirects you to some site that sells viagara: http://www.usrxdiler.com/.

    I am not sure how relevant this is for this process but watching the bottom left corner for what pages are being loaded I am bounced through this 95.169.187.98/ijhfhf.php?mgtdfk=4534&nvhdl=skdje&gokk=ubmit -- some german site.

    The search widget was never implemented on this site, however, whenever I go to a page that does not exist (mandiberg.com/oi2), the 404 page comes up and includes a search which also bounces you to the usrxdiler site (this is how this spam was first spotted). After adding a search to the footer on the site and attempting to use it the same thing happens.

    I've gone through other documentation of similar 404 errors, but these mainly are just a replacing of the 404 page, not a search being inserted in there. I searched for hidden folders and plugins that I never installed (.k/ and wpppm), but everything is in order. I've searched through the site via ssh and ftp to find any thing that looks like the URLs above, and I've tried disabling all plugins and again searching to see if there was a difference to no avail.

    I've also looked in the themes (currently using wpfolio-two with some child themes) to see if there was something put into the 404 file. None of the files in there have been changed since 2007, the only recent changes have been to the twentyeleven, twentytwelve, and twentythirteen themes.

    One more useful bit of information was that in early September I had changed the .htaccess file to accommodate for different permalinks using the yoast permalink generator. To my knowledge this spam redirect did not occur before this time. I only learned of it one week ago.

    Any information you can provide would be helpful. Thank you.

  2. peroperopero333
    Member
    Posted 8 months ago #

    The last paragraph before the closing line is a bit misleading. It should have said:
    "We do not know whether or not the spam redirect started at this time, as we only learned of it one week ago."

  3. peroperopero333
    Member
    Posted 8 months ago #

    Sorry for making three posts under the same topic. One last edit:
    It is important to note that instead of going to the 404 page it stays with whatever you entered into the URL and brings up the dummy page.

    This is the .htaccess file. Nothing is weird in here:

    RedirectMatch 301 ^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*)$ http://www.mandiberg.com/$4
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
    
    #Redirect permanent /?q=rss.xml http://www.mandiberg.com/feed/

    Here is a list of sites that I also checked out for help on this issue:

Reply

You must log in to post.

About this Topic