A hacker with access to your website can cause it to redirect your visitors to a different site, potentially injuring your company's reputation. Redirects can be used to steal your traffic to make money for the hacker through advertising revenue; they may even send your visitors to attack sites that infect computers with malicious software. Tracing the source of the redirect can assist you in resolving the problem. You won't always be able to identify the person behind the attack, but some tools can help you find out more about the incident.
Step 1
Click "Start | Control Panel | Network and Internet | Network and Sharing Center | Change Adapter Settings." Find and right-click the device you are currently using to connect to the Internet, then click "Details" to see your IP number, which is your computer's unique address on the Internet. Make a note of this number.
Step 2
Navigate to your Web host's homepage and look for the customer login fields. Log in to the site and access the control panel for your website. Most website hosts offer a control panel, frequently Plesk or cPanel.
Step 3
Review the list of IP addresses that have previously accessed your site. These should appear under a heading such as "Last login from." If any the numbers don't match your IP and don't belong to anyone with a legitimate reason for accessing your company's website, it is possible that they belong to the person who hacked your website and set up the redirect. Make a note of these suspicious IP numbers.
Step 4
Navigate to a site offering WHOIS and IP lookup tools, such as Who.is, Whois.com or Network-tools.com (links in Resources). Enter the suspicious IP number into the appropriate text field and select the option to perform an IP lookup. This will tell you the ISP associated with the suspicious number and may even tell you who that IP is registered to. Note that an IP number is not conclusive proof that someone is a hacker -- there are many reasons for a person to have the same IP number as a hacker, without being responsible for any malicious activity.
Step 5
Copy the address of the page that your site now redirects to and paste this into the text field of the lookup website. Use the WHOIS tool to find out the ISP that's hosting the malicious site. You may even get the name of the person who registered the domain, though this may not be the name of the actual hacker -- it could be a false name, or the original site registrant may himself be a victim of hacking.
Step 6
Contact the ISP associated with the suspicious IP number and website, and inform them of the incident. If the attack was very severe, also consider informing law enforcement. Contact the Internet Crime Complaint Center (link in Resources) or the local FBI office with any information you've collected.
Tips
Check for other explanations for a website redirect before assuming that your company's site has been hacked. Not all redirects are the result of malicious activity. There's sometimes a simple explanation for an apparent redirect: an error in your website's programming, for example, or a problem that your Internet host is experiencing. Some ISPs automatically redirect you to their own pages if you mistype the address of a site. A visitor may also have a local malware infection that's causing his browser to redirect.Make sure that all your computers have up-to-date anti-virus software and that your company implements good password security.
Warnings
If your site is redirecting your visitors to a dangerous or offensive Web page, it is vital that you take down your site until you have dealt with the hack. This will help avoid damage to your reputation and prevent search engines such as Google from flagging your site as potentially harmful when it appears in their search results. Contact your site host and inform them of the issue. They can help you disable your site until you can restore it.Run anti-virus software and change all the passwords associated with your website as soon as you know your site been hacked. This includes the password you use to log in to your host's site, your FTP password and the passwords for any email accounts associated with your site. Make sure that passwords are changed system-wide and that your staff are made aware of the security breach. If you don't do this, the hacker can gain access to your site again.
