Site Hijack by

So I have an old Concrete5 account on legacy C5 and I haven't checked on it in a while. When I went to check on it again I am getting browser hijacking/redirects. So I tried it from other computers and same thing. I contacted support for the web host and they said this:
However, I see that the website is getting redirected to a blank page with the following URL:

So I checked and all the settings and DNS are the same. DNS is protected at Cloudflare. I don't have an htaccess file on the site but the index.php in the web root looks like this:


Now it's been a while but that doesn't look right to me for the root php file. Can someone please shed some light on what's going on with this site? Is this a Concrete5 issue? Has my database been hacked? What is it and what is a solution?

Thank you!

View Replies: View Best Answer
JohntheFish replied on at Permalink Reply
That is what index.php should look like.
Eddie5 replied on at Permalink Reply
Thanks for the clarification.
mnakalay replied on at Permalink Best Answer Reply
Did you check for weird javascript present in the page's code? I suggest you disable javascript in your browser and see if you still get redirected.
Eddie5 replied on at Permalink Reply
I did that and didn't redirect. Where's the most likely place for this malicious code?
Eddie5 replied on at Permalink Reply
I found it. It was something to do with my site's Piwik account. Probably because I haven't updated Piwik in forever. I didn't see anything obviously malicious in the home page code, but decided to start there removing the piwik insert since I didn't use it really anymore anyway.

Thanks for the tip. Glad that's fixed!!
mnakalay replied on at Permalink Reply
Good to hear. Congrats :)