The problem

We were contacted by a new client who had seen a drop-off in sales via their website. They could see nothing wrong with the site when they inspected it, but an existing customer reported that searching for the site resulted in redirection to another site which was selling counterfeit shoes.

The client's web hosting company denied that there was a problem and suggested that it must be a fault with the search engines.

How we helped

DNS diagramThe hosting company's explanation sounded just plain wrong to us. For a search engine to be manipulated in this way would take a level of skill and expertise that is still quite rare, and to manipulate at least 4 of them would take additional resources that just didn't seem practical or worthwhile. Furthermore, whoever was doing it would probably need to have access to the search engine's servers. It just didn't seem realistic for someone to go to all that trouble just to affect a small business.

We examined the usual critical areas that affect how customers find a website - the domain name registration and the domain name server (DNS) records. All looked OK, so our attention turned to the site itself. 

On closer inspection, it turned out that someone had embedded some extra code into the front page of the site. This nasty little script detected if the viewer was accessing the site directly, as the client did, or had come via one of 4 search engines. If the site was accessed via a search engine, it redirected the viewer to the scam site, but if the site was accessed directly it behaved perfectly normally.

Our advice

We recommended that the client should get their webmaster to restore the site from their last backup, to get it working again, and report the problem to the hosting company as this type of modification indicated that the web host had been hacked. The client is now looking for a better hosting company which takes security more seriously.

Cost to the client ?

About an hour of our time, which they recovered on the first new sale. 

If you have a similar problem, please contact n-gate ltd. now.