Support » Plugin: Wordfence Security - Firewall & Malware Scan » What can I do about a nefarious incoming redirect?

  • Resolved leejosepho

    (@leejosepho)


    Wordfence Security is helping me follow a situation where a domain I know nothing about is being redirected to one of my WordPress sites. As far as I know and as first recorded by the ‘Visitor Maps and Who’s Online’ plugin, my first instance of this was here.

    Yesterday I sent an e-mail to abuse@enom.com as well as to the owner of that domain, and now this morning Wordfence is showing these:

    
    United States El Paso, United States tried to access non-existent page http://baltimorecityapps.com/wp-login.ph
    3/24/2017 8:03:20 PM | IP: 64.74.215.142 | Hostname: 64.74.215.142
    
    United States Bellevue, United States tried to access non-existent page http://baltimorecityapps.com/w
    3/24/2017 7:45:26 PM | IP: 69.64.144.72 | Hostname: rightside.net
    
    United States Bellevue, United States tried to access non-existent page http://baltimorecityapps.com/wp-login.ph
    3/24/2017 7:44:51 PM | IP: 69.64.144.72 | Hostname: rightside.net
    

    I am assuming one or more of those might have come from a follow-up to my e-mail, but that domain is still somehow being redirected to my site and I do not know what to do!

    Any suggestions?

    Many thanks for a great plugin and support!

    • This topic was modified 3 years, 11 months ago by leejosepho.
    • This topic was modified 3 years, 11 months ago by leejosepho.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfphil

    (@wfphil)

    Hello,

    If you haven’t done so already you can go to the Whois Lookup tab on the Tools page and enter the domain of the offending domain name. From there you can try the following as points of contact:

    1. Contact the Registrar – which you have already done.
    2. Contact the Registrant if contact details are there.
    3. If the above fails then from the name server info you can find out the hosting company for the offending website and contact them to see if they can offer any assistance
    Thread Starter leejosepho

    (@leejosepho)

    I thank you, and I will mark this as resolved since Wordfence is definitely doing all it can here. I have added some .htaccess at my site to send ‘baltimorecityapps.com’ away to my ‘ScriptKiddie DayCare’ page at my test site, and I will try to contact the host as you have suggested.

    • This reply was modified 3 years, 11 months ago by leejosepho.
    Thread Starter leejosepho

    (@leejosepho)

    Update: I have sent e-mails to the domain owner, to ‘abuse@enom.com’, to ‘abuse@cloudns.net’, to the owner of ‘cloudns.net’, to the owner of ‘ikoula.com’ (where I think the redirect might actually exist), to Google and to ‘abuse-contact@publicdomainregistry.com’. A ClouDNS Support Tech has said there is nothing ClouDNS can do, and I would greatly welcome any suggestion anyone here at WordPress.org might have in relation to anything more I might be able to try! Also, I have changed by .htaccess code to now bounce ‘baltimorecityapps.com’ from my domain to this thread.

    Plugin Support wfphil

    (@wfphil)

    Hello,

    Yes it’s a possibility with some hosting providers that they won’t offer any assistance whereas others will disable a hosting account.

    We don’t know why this re-direct is happening from that domain name but in my view I don’t think the WordPress moderators will be happy if you re-direct it here to this forum.

    Thread Starter leejosepho

    (@leejosepho)

    Based upon the incomplete ‘~~~~~/wp-login.ph’ link coming in, I am guessing the unnecessary domain redirect was made by an inexperienced hacker.

    If a WordPress.org moderator might say I should stop redirecting that nefarious domain redirect to here, I will certainly do so. However, I have that in place at the moment to possibly help draw attention to the overall situation while also sharing with other WordPress and Wordfence users the steps for trying to get that kind of thing stopped…

    …and then like BulletProof’s AITpro has said: I can’t think of any way the redirects…would hurt anything. And hey its more visitor traffic.

    • This reply was modified 3 years, 11 months ago by leejosepho.
    • This reply was modified 3 years, 11 months ago by leejosepho.
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘What can I do about a nefarious incoming redirect?’ is closed to new replies.