To check and see if your site got hacked you can use this tool -http://sitecheck.sucuri.net/scanner/
If it’s not, can you provide al ink to your site so we can have a look?
Thank you very much, Christine. I used the tool and their were no problems identified.
The site is located here: http://www.coolhuntsville.com
Thank you,
Mike
That’s very strange. I just took a look and your site is fine on my Mac, but on my iPhone I’m sent to this russian sites with girls on it…
I think that there’s something funky going on.
You could scan your theme files with this tool – https://www.virustotal.com/
Where did you get this theme? I would ask whoever created it.
It might be coming from one your plugins too, I’m really not sure.
You might need to hire someone to do some investigating.
I threw your site into Fiddler to see what was going on and spoofed a mobile user agent. If you’re viewing it from the desktop, everything comes across fine. If you view it from a mobile device (or a device broadcasting a mobile user agent), there’s a bunch of extra JavaScript placed before the opening <!DOCTYPE html> tag that will redirect the page.
I won’t post the code itself here because it doesn’t really matter. Short story is that your site’s been hacked. Check out your template files to look for strange new lines. Check your server access logs. Change you passwords. Clean things up and restore from a back up.
I once cleaned up a site that had similar symptoms; the issue turned out to be a weak ftp password that allowed the attacker to rewrite the .htaccess file to do the redirects. Check to be sure that yours only includes the entries that WordPress itself adds (described in the http://codex.wordpress.org/Using_Permalinks Codex page).
On second thought, do what Eric said!
Just my 2 cents; I would also recommend that you turn off or remove ads or ad plugins that may be running on your site right now. This redirection could be caused by an ad network displaying shady ads on mobile devices.
Yep, I see the malware in there… Our engine detects it as:
*Known javascript malware. Details: http://sucuri.net/malware/malware-entry-mwjs69693
<script>var _0xe1e8=[..
It is conditional and only respond to certain user agents (iphone, ipad, etc).
If anyone is curious, it redirects to: httpx://[ redacted, why post that here? ] w/?type=js&seref=undefined
thanks,
Thank you all. I have found similar problems in the htaccess files of Joomla sites but not with WP ones.
Eric and dd… can you tell what file has been changed? Is it the htaccess file. If so, can I do what I have done with Joomla sites and simply 1) place a default htaccess file in place of the old. 2) increase the file security?
Thank you so much!
Mike
[ Please do not bump, that’s not permitted here. ]
