Site Showing Parked Page?

m0rtal

m0rtal

King of the Jungle
Jul 3, 2007
3,007
94
0
Toronto
Ok wtf is this shit seriously...this one higher traffic site I have throws up a parked page for people once in a while. I've had it happen to me once as well. Usually clearing cookies fixes it, what gives? Doesn't look like it's on my server end but who knows. It this some crummy spyware/cookie that just messes my site up and is scattered all over the net?

I don't remember what the source code says now forgot to save it last time I got this but anyone seen this before or know what causes it? Just says my domain is parked and throws up this page.

nfkviv.jpg
 


I just did an audit on a site last week with a russian hacked wordpress (and it looked just like this).

If you're running WP try re-uploading everything INCLUDING THE PLUGINS!

Fix your htaccess as usually it throws either 404's or Google referrer traffic to this. It's a typical searchfeed type of drop.
 
Thanks for the suggestions but it's not a WP install, it's an old script that was like 90%+ redone by Rage9 who I have faith in.

htaccess is fine, and I just downloaded the whole site and checked for instances of a domain that shouldn't be there or javascript and can't find anything. 404's also work properly. I'm almost 100% sure it's not server side, it's almost like it's some kind of low key adware / spyware / cookie thingy that targets certain sites. Kind of like ppv without the pops if that makes sense.

Oh and when it happened to me it did not go away until I cleared cookies and ran spybot (can't recall what it found though). Sometimes a simple hard refresh worked for others like today for someone that brought it to my attention. I wish I saved the source code, argggh.
 
I hate to be obvious...but you didn't let the registration slip right? And the nameservers are right (all of them)? And check it on something like Check Browser Compatibility, Cross Platform Browser Test - Browsershots to make sure it's not just being hijacked locally by something you got on your machine.....

edit> Just reread and it sounds completely random. I would imagine it's adware if it's spotty like that and you've gone through all the server side shit in detail.
 
^just ran cross browser testing and looks fine...I did find the source code though I remember my buddy saved it for me when it happened to him. If it is adware why is it so damn common? Pretty much 50% of the people I've shown the site to have got this at one point...oh and it's a domainsponsor thingy, here's the source (my domain replaced with mydomain.com)

wtf.html - 0.03MB

When you search for domainsponsor adware/spyware you do get a bunch of shit about it but still seems a little too common to be hitting my site so frequently.
 
I would take a look but that sharing site blows ass ... upload it as a text document here and just share it via WF.

I think NVP is on the right track above, This domain wouldn't be set to be it's own nameservers would it???
 
Attached. Sorry had to zip it...Your file of 30.6 KB bytes exceeds the forum's limit of 19.5 KB for this filetype.

Oh and the nameservers, I use liquidwebs on my own ip which they park and it's on a dedi. Come to think of it this only started happening since I moved the site to liquidweb but to be fair the rankings and traffic only shot up after that move and I have never seen this on any other of my sites with LW so I don't think it's that.
 

Attachments

This is still going on...

I contacted my host to see if there's any DNS issues, hijacking, etc and anything malicious they said no. But funny thing is the tech said he was able to reproduce the issue on his machine "a few times". He suggested it might be one of the ads and while I have not tested this I HIGHLY doubt this for the reasons below. Currently site runs Adsense + Valueclick.

So I've got a VPN on my laptop and I open up my site through it and I get parked pages...actually it's even redirecting now to shit like hxxp://free-moviesite.com/ (gateway) and 1939.com I log off and use my regular connection and it shows my site. Then I fire up the VPN again and boom my site works, even if I clear cookies/refresh it's back to normal. 5 minutes later it's back to not working again. WTF - fwiw the VPN ip is US mine is Canadian. It's almost like it's something targeting certain IPs or "white listing" them at some point.

If you google this site:1939.com: Google (yes LPs are being outted there hopefully no one from here but fuck you if you're using this shit obviously some kind of spyware and jacking my traffic) you'll see it almost looks like the url structure ?sov=domain - like it's targeting and redirecting certain domains - something like PPV like I mentioned earlier but instead of a pop it hijacks the whole damn site.

This is giving me a headache. I have no idea if I'm losing a little or a lot of traffic and how widespread this is and it's just annoying as fuck. Any ideas??

Oh also, if I go to my site with Live HTTP headers plugin it basically shows the header for my site and then it goes to 1939.com and shows mydomain as the referrer.
 
subigo said:
You're sure the vps hasn't been hacked? If you're 100% sure it's not the DNS or the script, I'd look at bind and apache....
Click to expand...

I'm having them look into it again but thought I'd see if anyone had any ideas in the meantime. You'd think that it's a server side issue but it's so random it's hard to say. You know if it was ppv I wouldn't even care (I see some people bidding on this domain on TV actually) but this is straight jacking the whole site.
 
Sigh, someone needs a palm to the face over there...

"It looks like this was a DNS issue. I seen that the SOA resource records were incorrect in the zone file for XXX.com on our nameservers, and there was a typo in one of the NS type resource records. I have corrected these mistakes and your domain shows up properly for me now."

Anyway thanks for looking, carry on.
 
You must log in or register to reply here.
Top Bottom