Security issue. i cant figure out the exploit
I have a small webhosting business with about 400 sites. Recently I have been having complaints about customer sites being redirected to porn sites. I had not been able to duplicate it for a while but now I have figured out the issue.
It seems that when someone goes to google and clicks on a link that leads to one of my customer sites, the sites get redirected. Now if you go to the site directly to its url it works just fine and you wont get redirected.
here is the way to duplicate it. Go to google and search for talegateproductions.com then click on the link to the site. Once you are at the site if you didnt get redirected you just need to hit refresh a few times and boom u will get redirected.
This happens to all sites on my server. Regardless of content.
The url its currently redirecting to is
http://85.255.117.35/site.htm?lng=1&trg=ld
My server is RH enterprise(i think) definetly a year old release of RH that is updated with cpanel and fantastico.
Can anyone tell me how this redirect is happenning? I checked the code of the sites I tried and it is not modified.
Essentialy its like maybe there is a random injection of a html page with a redirect to a URL.
Marc
