DNS exploit

[luisthed]

It seems that the following DNS are been hack: NS1.X10HOSTING.COM, NS2.X10HOSTING.COM.
When clicking on my google search result for my site, it redirected me to a site with malware on it. However, if I visit the site directly ex: www.mysite.com, than the site comes out ok.

The redirect domain it's www.404.myvnc.com, PLEASE DO NOT CLICK ON OR COPY THIS LINK IT HAS MALWARE

 

[descalzo]

When I Google www.luisthedude.com , none of the results redirect.
And exactly what makes you think the nameservers are hacked? If they were the cause of what you saw via Google, the same thing would have happened when you type the URL into the address bar.

EDIT: Seems that the above site isn't even hosted here -- what site are you talking about?

 

[luisthed]

Only occurs when you click on the Google, Bing, and even Yahoo search result. Try it: http://bit.ly/15Srwpk

 

[descalzo]

No redirect when I do it.

 

[hopful thinking]

This also happened to me. Turned out someone had exploited the site (wordpress) and altered all the PHP files with a header which had obsfucated code in it, and if it saw a referral from certain sites (Yahoo, Google, Facebook etc) would return a 302 Redirect. Hence going directly to the site is fine.

If you have this happening you need to blow away your site and restore from backup, then figure out what you need to do to secure it. It looks like they uploaded a PHP file (to the uploads folder) which means they must have either password cracked or used some exploit, then executed that to inject their code into all the other php on the site.

Hope this helps someone.