Site Hijack by onwardclick.com

Permalink
So I have an old Concrete5 account on legacy C5 and I haven't checked on it in a while. When I went to check on it again I am getting browser hijacking/redirects. So I tried it from other computers and same thing. I contacted support for the web host and they said this:
However, I see that the website mysite.com is getting redirected to a blank page with the following URL:http://xml.onwardclick.com/click?i=R5e2ygCgk8Y_0...

So I checked and all the settings and DNS are the same. DNS is protected at Cloudflare. I don't have an htaccess file on the site but the index.php in the web root looks like this:

<?php
require('concrete/dispatcher.php');

Now it's been a while but that doesn't look right to me for the root php file. Can someone please shed some light on what's going on with this site? Is this a Concrete5 issue? Has my database been hacked? What is it and what is a solution?

Thank you!

Eddie5
View Replies: View Best Answer
JohntheFish replied on at Permalink Reply
JohntheFish
That is what index.php should look like.
Eddie5 replied on at Permalink Reply
Eddie5
Thanks for the clarification.
mnakalay replied on at Permalink Best Answer Reply
mnakalay
Did you check for weird javascript present in the page's code? I suggest you disable javascript in your browser and see if you still get redirected.
Eddie5 replied on at Permalink Reply
Eddie5
I did that and didn't redirect. Where's the most likely place for this malicious code?
Eddie5 replied on at Permalink Reply
Eddie5
I found it. It was something to do with my site's Piwik account. Probably because I haven't updated Piwik in forever. I didn't see anything obviously malicious in the home page code, but decided to start there removing the piwik insert since I didn't use it really anymore anyway.

Thanks for the tip. Glad that's fixed!!
mnakalay replied on at Permalink Reply
mnakalay
Good to hear. Congrats :)