Serviio

Twice now after googling Serviio's website and clicking the link I get a spam survey that tries to pretend it is connected with my ISP.

If this is an advertisement revenue stream for this website I want to suggest that it cheapens your hard work done on Serviio.

Somebody else complained of something similar, but it's not associated with the Serviio web site.
I googled Serviio and no problems here. The only thing I can suggest is to check your PC for malware.

have not been to such problem, may be since am a newbie here and have googled the forum a couple of times only.

Negative. It isn't my machine. I have anti-virus always up to date and running and regularly scan it with Malwarebytes Anti-Malware. It only happens when I Google the Serviio website and I click the link. It never happens on any other website when I Google and/or visit via a bookmark.

I repeat, it only happens on the Serviio site.

Jack, not doubting you are having an issue. It just doesn't seem to happen with others. I just tried using Google and clicking the link that came up and the Serviio web site appeared with no issues.

Try from another device - preferably a tablet or phone, but if not available, another PC.

Well that is not exactly true. If you scroll up there is another report of this happening.



This only happens when I Google the Serviio website. Immediately after clicking the results I get the spam survey. There is a new and much worse scam saying that I need to contact Microsoft to unlock my computer. You have to use task manager to shut down Firefox get shut the damn script off.

Most of you probably have the Serviio website bookmarked so you don't use google to search for it each time.

As mentioned before the redirect doesn't happen every time.

I would agree that this could be my end if it happened on other websites to me. It only happens when I visit the Serviio site. This fact is very telling, don't you think?

I would consider it telling that there might be a DNS server having issues. I just tried it again, I this time I got the Microsoft warning. So you are right, something out on the web is hijacking requests from Google to reach Serviio.

I backed the warning page up and attempted to use the Serviio link again, and this time it went through to Serviio.org. This computer is using the Google DNS servers, so it appears to me that Google has a problem, either with their search page or their DNS servers. But I am confident that the problem isn't with the Serviio site itself.

Going to leave to zip to follow up on, but I was able to emulate this (doesn't always occur, so I suspect it may be inconsistent across google caches) by:

• In Chrome type "google serviio" in the Chrome Address Bar
• The first entry in the list is:
  

    Code:

  Apps - Serviio
serviio.org/apps
Serviio has a growing ecosystem of related applications. These are maintained mostly by third-party developers and are in no way related to Serviio, other that ...

• This first entry causes the problem (I didn't try them all but the later entry that refers to serviio.org/ works fine).

I suspect it is the serviio.org/apps listing [page/dns/google cache] that has been hijacked rather than the serviio.org/ site, which would explain why its not being felt universally. Combat Jack and atc98092 - did you notice whether the hijacked listing in google was referring to serviio.org/apps as I experienced.

I didn't pay attention to the URL, so can't say. I just tried Google again and it went to the Serviio home page. Definitely strange. I won't say in public what I'd like to happen to these hackers...

From what I recall I never saw that Serviio APP that you got. I just googled the way you mentioned with "google serviio" in both Firefox and Chrome and that is when I got same result as you.

Normally I get the results shown in the attached image and when I click the "Serviio media server" link I would sometimes get the redirect. Over the next few days I will pay more attention and test it out for you guys. For some reason though I seem to recall a link to the Forums in that list. I see in the screenshot it doesn't have it this time. Odd.



The DNS thing makes sense. It certainly seems to be a middle man thing between Google Searches and when the site is loading.

I used to have Google DNS set up in my router but right now I am using my ISP's DNS servers.

As mentioned before it almost seemed random when you would get redirected. Some days perfectly fine. Sometimes not.

I have a bookmark to the forums, and even if I need to go to the main Serviio page I just type it in. That's most likely why I've never seen it before. Certainly is being hijacked between Google and the web site.

Just a quick update. Haven't been re-directed for a while now.

I can confirm exactly the same. That happaned to me once quite a while ago and today it happened to me again on another computer. When it happened for the first time I searched Google to see if others have the same problem with serviio.org URL and I did find people mentioning the same (I am not sure if it was here on this forum or I found it somewhere else). That happens only when searching Google (my search string was serviio) and then clicking the search result. After closing the malicious site which opens instead of serviio.org and repeating the procedure (search Google for serviio) the next time everything is OK.

I cannot locate the URL where I found the data when it happened to me for the first time but I remember the problem was only with serviio.org and there was even the explanation of the redirection mechanism - someone posted the malicious PHP code responsible for doing the redirection. It was Base64 encoded malicious PHP script checking the $_SERVER['HTTP_REFERER'] and comparing it to the various search engines and URL shortening services so the code does not affect bookmarks. The script also checks for the type of the browser and it checks the cookie so it is not triggered every time but only occasionally. The script and the mechanism was almost exactly the same as described here and according to people who analysed the problem the script was located on serviio.org. Of course, the script can check more parameters so it might be triggered based on the location of the visitor or something else.

I think site administrator(s) should search the server side code for malicious Base64 encoded PHP script that is redirecting visitors arriving from the search engines and forum members might periodically try to open the serviio.org URL by typing serviio in some of the search engines and then clicking on the result - and reporting the redirection details (when it happens).

BTW, by searching for serviio.org infected I got this result (as the third one) which might scare new serviio users.

Furthermore, serviio.org is on the list among 19 hacked sites affected by the malicious script that redirects visitors. Here is the list of those sites. The list was created on May 17, 2016 and I think that was about when I was redirected for the first time.

One more detail - the site to which my browser was redirected a few hours ago was fortunately blocked by my antivirus software. When redirection happened to me for the first time (other PC and other antivirus SW) the site was not blocked.

EDIT:
I just tried the above mentioned procedure (Google --> serviio.org) using the smartphone and I got redirected to some site offering me to install some scam. Then I closed the browser & repeated the procedure and (as expected) on second visit the site opened as it should.

Thanks, it should now be cleaned.

Unfortunately the redirection is still happening (or is happening again). I checked an hour ago and after the browser was redirected I mailed a few friends to do the test and two of them already confirmed they were redirected.

I was redirected to best.prizedeal2.info/... URL as described here in this article. As I said, two of my friends already confirmed the redirection happened to them as well - so the cause is not infection of my system.

Just removing the malicious script obvioulsy wasn't enough. There is a possibility some other code regenereates the script or someone (or some process) uses a security hole which was used to upload the script for the first time. If the only action was to just delete the redirecting code then there is nothing to prevent inserting the same code again using the same way as before.

Is your anti-malware a free service, or how much do you pay for it?

It may actually be some kind of browser extension that your antivirus does not see. What browser do you use to browse Serviio?

I don't know which browser the OP is using, but these days my chrome is coming with great issues.

My chrome is buggy as hell these days. I reinstalled it after uninstalling. Great time waste if you ask me!