Combat Jack wrote:atc98092 wrote:It just doesn't seem to happen with others.
Well that is not exactly true. If you scroll up there is another report of this happening.
Somebody else complained of something similar
This
only happens when I Google the Serviio website. Immediately after clicking the results I get the spam survey. There is a new and much worse scam saying that I need to contact Microsoft to unlock my computer. You have to use task manager to shut down Firefox get shut the damn script off.
Most of you probably have the Serviio website bookmarked so you don't use google to search for it each time.
As mentioned before the redirect doesn't happen every time.
I would agree that this could be my end
if it happened on other websites to me. It only happens when I visit the Serviio site. This fact is very telling, don't you think?
I can confirm exactly the same. That happaned to me once quite a while ago and today it happened to me again on another computer. When it happened for the first time I searched Google to see if others have the same problem with
serviio.org URL and I did find people mentioning the same (I am not sure if it was here on this forum or I found it somewhere else). That happens only when searching Google (my search string was
serviio) and then clicking the search result. After closing the malicious site which opens instead of
serviio.org and repeating the procedure (search Google for
serviio) the next time everything is OK.
I cannot locate the URL where I found the data when it happened to me for the first time but I remember the problem was
only with
serviio.org and there was even the explanation of the redirection mechanism - someone posted the malicious PHP code responsible for doing the redirection. It was Base64 encoded malicious PHP script checking the $_SERVER['HTTP_REFERER'] and comparing it to the various search engines and URL shortening services so the code does not affect bookmarks. The script also checks for the type of the browser and it checks the cookie so it is not triggered every time but only occasionally. The script and the mechanism was almost
exactly the same as described here and according to people who analysed the problem the script was located on
serviio.org. Of course, the script can check more parameters so it might be triggered based on the location of the visitor or something else.
I think site administrator(s) should search the server side code for malicious Base64 encoded PHP script that is redirecting visitors arriving from the search engines and forum members might periodically try to open the
serviio.org URL by typing
serviio in some of the search engines and then clicking on the result - and reporting the redirection details (when it happens).
BTW, by searching for
serviio.org infected I got
this result (as the third one) which might scare new
serviio users.
Furthermore,
serviio.org is on the list among 19 hacked sites affected by the malicious script that redirects visitors. Here is the
list of those sites. The list was created on May 17, 2016 and I think that was about when I was redirected for the first time.
One more detail - the site to which my browser was redirected a few hours ago was fortunately blocked by my antivirus software. When redirection happened to me for the first time (other PC and other antivirus SW) the site was not blocked.
EDIT:I just tried the above mentioned procedure (Google -->
serviio.org) using the smartphone and I got redirected to some site offering me to install some scam. Then I closed the browser & repeated the procedure and (as expected) on second visit the site opened as it should.