highchairdesign (J. Hogue)

User-submitted picture
Login or Register
to contact me

Interests

CSS, graphic design, historic architecture, letterpress, PHP, typography, XHTML

Web Links

Owner: Highchair designhaus
Historian: ArtInRuins.com

About Me

Design geek / Font aficionado / Web nerd / Entreprenuer / Slum lord

Recent Content

Title: Any one ever have a 302 redirect hack? (Forum) Submitted: July 28th, 2008 - 4:39pm

Hey all on this board...

A client of mine – granted, a client that may provoke ire in this (or any) community – has a website that gets hijacked at the Search engine level... type in http://www.pearlstreetlofts.co... to a browser, and the site functions fine. Type in Pearl Street Lofts to a search engine (Yahoo and Google for sure), and click the first link that comes up, and you get someone else's site. A useless Blogger looking page. The source code is a bunch of javascript and html that looks like a Blogger page (and it could very well be). Interestingly, there is a meta refresh in there for 300 seconds / five minutes. After that time, the site is returned to normal.

Even more interesting... the fake page sets a cookie in the user's browser, so that if you close the window, open a new one, and then type in the real URL, you still get the fake page. Not until you clear your cookies or wait the five minutes will you be able to get back to the real site.

Something about the internal workings of Google... when you click a link in Google, you just don't click a URL... That URL gets tracked first so Google can keep score as to which links get clicked upon a certain search, and something way deep inside Google sends someone the wrong string even when it looks like the right one. Or something like that...

So, if anyone has any ideas as to what this is and how to stop it, I'd be interested. I'd like to even just know what's happening. Most of all, if I help them move the site to a new server, i want to know if this could all happen again.

A few months ago, we got Google to remove their listing. Then we started from scratch. Now the redirect hack is back.

Thanks,

j

‹ Local Git experts? Linux System Admin recommendations? ›

Recent Comments

Source: Any one ever have a 302 redirect hack? (Forum) Submitted: July 29th, 2008 - 11:46am link

Yeah... well, this is GoDaddy server, so the support is short of stellar. The security as well. I am recommending that the client move the site somewhere else, so I hope that helps. I haven't had any non-Go Daddy sites get hacked (yet).

Again, thanks for helping me suss this out. I was concentrating on the way they passed an id string to the Google listing, and didn't even look on the server to see if there were extra files there. Now that the files are no longer there, the click on the Google listing gets me an internal server error, which is better than the wrong page.  

Source: Any one ever have a 302 redirect hack? (Forum) Submitted: July 29th, 2008 - 12:44am link
Wow... I thought it was JS coming from a different server, but you were right. Buried in soem folders were some malicious files. Not sure how they got there of course, but that is what hackers do. Nice. So, I am hoping that a new server client with better security can do the trick. Oh, and new passwords.
Source: Any one ever have a 302 redirect hack? (Forum) Submitted: July 28th, 2008 - 8:34pm link

Wow... I'll download that plug in. Thanks for the note.

Any ideas as to how I can change this or protect against it in the future?

I found this page helpful:
http://clsc.net/research/google-302-page-hijack.htm

But the implementation of the base href meta tag seems to have done nothing, as the site was easily hacked again after I implemented it.  

Source: Any one ever have a 302 redirect hack? (Forum) Submitted: July 28th, 2008 - 4:52pm link

I just used FireBug to find the referrer string that seems to be feeding the unwanted content:

http://75.127.109.21/f.php?keyword=pearl+street+lofts&subaff=246394&ref=http%3A//www.pearlstreetlofts.com/&rand=0.32726817914790385 

Source: Gauging Providence-area interest in co-working (Forum) Submitted: November 5th, 2007 - 3:53pm link

We have kind of already done this: http://www.thegrantat250.com

There are 16 spaces all together. One of them is a cafe. A few of them are retail. The bulk of them are design-related businesses of one or two people each. There is also a small art gallery. We have been open for a year. There has been some collaboration already, between businesses to work on larger projects. There is a recording studio with a vocal booth that does mainly hip hop artists but that can also record for web voice overs. We have an architect who has hired one of the designers to do a new website. We have designers that use the silkscreen studio's offerings for apparell printing and poster printing. All in all, it's worked pretty well.

We finally have a shared conference room ready to go for people. Internet is included in the rent, and WiFi is available.

Announcement List

Join the 1,400+ and growing RI info-tech & digital media leaders who subscribe to our low volume announcement list

Sponsored by: