Late last night I realized that the traffic for Question-Defense.com was way down for the day and thought it was related to some recent updates I had performed on the site. I spent probably an hour or so last night verifying that nothing was out of the ordinary with the site and wasn’t able to find any issues. Upon waking up this morning the traffic again was extremely low for this time of the day even on a Saturday so we started to investigate. One of the referrers that traffic had dramatically decreased for was Google so we went to Google and performed a search that we knew would return a link to Question-Defense.com. Sure enough upon clicking on the link to Google we hit the question-defense.com URL and then we were immediately redirected to finditnow.osa.pl. Below we describe the issue in more detail, provide specifics about how our site was hacked, and provide the information needed to locate and resolve the problem.
I have been on vacation for the past few weeks and every country I go to, when I open my home page which is Google, it goes to the Google page of that particular country. I have found this to be really annoying. The browser I am using is Google Chrome however I experienced the same behavior in Firefox. I looked through all the options and setting but it seems that the language settings only cover the text of the actual browser and not the language settings of the pages in the browser. After a little searching I found a simple fix.
I have been using a WordPress plugin for awhile called Pretty Link Pro which provides a ton of awesome features including a link shortener such as tinyurl.com. When using the URL shortener you can actually configure Pretty Link Pro to use a different domain which would be a benefit if your URL is long similar to www.question-defense.com. I have been using link.as so instead of providing shortened links such as http://www.question-defense.com/1ce I can provide links such as http://link.as/1ce which you can see is a lot more user friendly when providing links to others. One thing I wanted to ensure was the fact that Google was not crawling content on the http://link.as URL which is possible simply by Google finding the shortened links on places like Twitter. Below I describe a .htaccess modification that will redirect any traffic to one URL to another while including any trailing text.
One of my favorite plugins for WordPress is the Google Analyticator plugin that provides an easy way for you to interface your WordPress site with Google Analytics. There have been a couple times after upgrades that I wanted to verify that Google Analyticator was functioning properly and wasn’t exactly sure of the best method. After a couple emails back and forth with the developer he shared how he suggests to troubleshoot it and verify it is functioning properly. So thanks to Ronald Heft for providing not only the plugin but also for taking the time to share some extra information with me. Follow the directions below to verify the Google Analyticator plugin using the Firefox addon Firebug.
I recently developed a web site for a client on a temporary domain which was clientname.mydomain.com. After launching the site and modifying the recipients of the contact forms on the site I happened to get a contact form to my email address. I finally realized that the issue was not with the site I had moved live but someone this person who used the contact form had found the temporary site where I had done the development before pushing the site live. Anyhow the temporary domain’s DNS was hosted on GoDaddy.com so I decided to put in place a forward or redirect so anyone visiting the temporary domain would be redirected to the actual live domain. This redirect needed to be for a sub domain which I initially had to hunt for a bit to locate. Follow the directions below to redirect a sub domain using GoDaddy.com’s DNS services.