Information Security

finditnow.osa.pl Hack: Google Search Results Redirect To finditnow.osa.pl Instead Of Correct Site

Late last night I realized that the traffic for Question-Defense.com was way down for the day and thought it was related to some recent updates I had performed on the site. I spent probably an hour or so last night verifying that nothing was out of the ordinary with the site and wasn’t able to find any issues. Upon waking up this morning the traffic again was extremely low for this time of the day even on a Saturday so we started to investigate. One of the referrers that traffic had dramatically decreased for was Google so we went to Google and performed a search that we knew would return a link to Question-Defense.com. Sure enough upon clicking on the link to Google we hit the question-defense.com URL and then we were immediately redirected to finditnow.osa.pl. Below we describe the issue in more detail, provide specifics about how our site was hacked, and provide the information needed to locate and resolve the problem.

Technology Errors

Failed loading /usr/sbin/ioncube_loader_lin_5.2.so: /usr/sbin/ioncube_loader_lin_5.2.so: undefined symbol: zend_error_noreturn

After upgrading PHP recently on a CentOS Linux server from PHP 5.2.X to PHP 5.3.X I ran into numerous minor issues. One of the issues was with a web application that requires the ionCube PHP Encoder libraries to function properly. After upgrading PHP I noticed some errors in the Apache error logs including the ionCube Apache module that was failing to load. Below I display the entire error from the Apache error_log file and how to easily resolve the issue by installing a single package via the Yum Package Manager.

Technology Errors

Type: Warning (2) Description: date(): It is not safe to rely on the system’s timezone settings

I recently upgraded a CentOS Linux servers PHP from 5.2.X to 5.3.X and ran into a couple minor issues along the way. One of the issues was the fact that one of my applications was complaining about PHP’s date function by letting me know that it could not rely on the system’s timezone setting. Fixing this problem is extremely easy and can most likely be resolved by a quick edit to the servers php.ini file as described in detail below.