Why Is my hacked website redirecting to Bitcoin.org ?
UDPATE 2011/11/11 – If your site has been encrypted by hackers and they are asking for a bitcoin ransom so you can have your site back. Check out our post HERE . Plus do NOT pay the ransom. It is likely we can sort it out for you and get your site back.
Lately we have had a large surge of Websites to clean from infection that our redirecting a percentage of their visitors to Bitcoin.org . If your are in such a situation and have questions such as ‘Why is my hacked website redirecting to Bitcoin ?’ ‘Have they deleted my website ?’ ‘Can my website be fixed from this infection ?’ read on …
Don’t panic ! Think of this like your website has caught a case of the measles. With the right treatment it can be up and about again in no time. We have the cure ! .
Information You Need To Know Before Tackling This Issue ..
Why does it only redirect some of my site visits ? : The hackers have adjusted files on your website to perform different actions depending of the device, the browser used by the visitor , or the location the came from ?. Their aim is usually to dispatch their virus to the certain visitors that are vulnerable to their new nasty concoction. If the user is vulnerable the silently infect them . If the hacker finds it cannot affect that visitor it is redirecting these users to Bitcoin.org. So actually the users that are redirected to Bitcoin are the lucky ones
Why are they redirecting to Bitcoin.org ? : Yes good question!. Usually they redirect you to an attack site to fully take over your PC. So why to a valid site such as Bitcoin which currently seems free of infection ? . Our best guess at the moment is they are trying to give visibility / promotion to this new form of currency
We found a hacked file and removed it. Are we now clean ? : Imagine you have a bad illness and you take a couple of very powerful painkillers. You feel great for a bit ! Are you cured ? Well experience lets you know that those pills will were off soon and you will feel terrible again. So you wisely head off to the doctors to get the proper cure. This is a very close analogy to fixing hacked websites. You find a hacked file (for example and adjusted .htaccess file) and wow your site seems fixed! Your managers love you and everyone celebrates. But this quick win shortly wears of when you find out that a day or week later your site is hacked again and this time even worse!. What has happened here is that you removed about 1% of the hack. The visible part. But the real nasty parts of the hack were left hidden away on your site. This malicious software is activated again on your site within seconds when the automated hacker bots return. In summary you need to remove all of the hack!
MALWARE REMOVAL : OPTION 1
Let us clean it for you FAST and PROTECT your website from being hacked again
Our team are experts at removing this problem ( we call it the 'bitcoin malicious redirection infection' ). We can fix your site today ensuring all of the hacker's files are removed. We also then add your site to our protection service to stop the hackers from infecting your site again in the future.
SITE FIXED IN LESS THAN 1 HOUR
If we don’t fix a site in less than 1 hour then we do it for FREE!. Luckily for us we are very good at fixing sites fast!MALWARE REMOVAL : OPTION 2
Do It Yourself ( Here are some Tips )
If you company is short of money but rich in free time then you can roll up your sleeves and set to fixing this issue in house. This is a hard challenge as it is likely the first time you will have removed this hack from a website. So you don’t have our experience of removing this hack in 100’s of websites. Plus we find people think they have cleared the issue but do not know all the places to look and so leave the hackers backdoors in their site. They painfully then find their site hacked again with the next days or weeks. We love to help !! so have compiled a list of top tips for dealing with this issue..
Top Tip 2: See Your Site Like a Bot
One of the best ways to see the injected content in all its detail, is to access your website pretending to be a GoogleBot. You can do this via the command line iwtha command such as: curl -L -A “Googlebot/2.1 (+http://www.google.com/bot.html)” http://yourdomain.com
Top Tip 4: Keep Up To Date
As always, we recommend that you update your software to the latest version. For example if you use WordPress then update to the latest WordPress version please update all of your plugins, themes, etc. Keep your stuff up to date, and it will minimize the risk of infection significantly.
