Something weird happening on Google

[KT1F]

I just had a play with this and can offer some more info.

I looked at the http request and response in Fiddler. When you click on the link in the Google search results, it sends you to http://www.g0vqy.co.uk/ . The / just means the default (index) page.

Your site then returns an http 302 redirect with a Location header of /
That means the same location i.e., http://www.g0vqy.co.uk/ without the full url.
i.e., when you go to http://www.g0vqy.co.uk/ it tells the browser "I've moved, go to http://www.g0vqy.co.uk/ instead" which of course is nonsense because it's sending you to the same place so it becomes an infinite loop. After so many tries. the browser gives up and displays the error message.

The obvious question is why doesn't this happen when you simply go to http://www.g0vqy.co.uk (with or without the /) directly. It's something to do with the referrer. That's the piece of info that the browser sends to a site to tell it where it was "referred" from which is useful for statistics.

I then installed the RefControl Firefox plugin. Sure enough, if I set the referrer to http://www.google.com then I get the problem when going to your site. So... you site is detecting the referrer and doing something different if the referrer is Google. It seems to be any referrer string that includes the letters "google" somewhere.

Why is this happening? I don't know but my guess is some sort of Joomla plugin doing something weird. Do you have any plugin related to Google Analytics or general statistics collections or something? I would try disabling plugins some plugins and see what happens.

Of course ... all the cool sites run Drupal, not Joomla
(Just kidding ... but I had to say as something who earns his living working with Drupal )

[G0VQY]

Sorry for the delay in replying. I will certainly have a look at that this afternoon. You're not going to believe this but the same thing has happened to another website. Please type into Google "Torbay free ads". You are looking for the URL www.torbayads4free.co.uk. You will see that the heading and description listed on Google is displaying rubbish. If you are using Firefox then the homepage will not open, all other pages indexed on Google are okay. I found that if I use chrome then I click on the link and it does take me to the website, so it seems to be a Firefox problem stop

[G0VQY]

I have had a look for any unusual plug-ins and there's nothing really that jumps out looking suspicious, I haven't got any Google analytics plug-ins anyway, all I have there is a piece of code that is put into the head of the index.html page

[KT1F]

You probably know this but that Torbay site has the same IP address so it's on the same server. Do you run that site too or is that just a coincidence? Who updates Joomla? Do you or the host which I'm guessing is HostGator based on the name servers.

That site is doing the same thing based on the referrer. I see the problem on both sites in both Firefox and Internet Explorer so it's not a Firefox problem. I don't know why it works in Chome. Perhaps Chrome is not sending quite the same referrer string or maybe this bug uses the user agent (browser) string as part of its broken logic.

Here's what I suggest you do.

You need to start from the beginning. I think the only places where this could be happening is in the Joomla PHP code or in some sort of Apache rewrite rule before it gets to Joomla. Nothing in your html could cause this. It's returning an http response code 302 before any html is even outputted.

I don't know what sort of hosting you have but I'm guessing it's probably low cost shared hosting so any rewrite rules are probably in a .htaccess file.

Have you looked at .htaccess to see if google is mentioned?

Rename or otherwise save and delete your index.php and .htaccess files. Don't leave the .htaccess out for too long. There may be security implications.

Create a minimal index.php just with something silly like this:

<html>
<body>
Hello World!
</body>
</html>

With no .htaccess file in the root, try it from Google and see what happens. If the problem still exists then this is getting kind of crazy and you need to complain to HostGator. It's got to be a rewrite rule or something in an Apache .conf file which you probably don't have access to. It's hard to believe that they'd be doing something weird like that but you never know.

Testing with that refControl Firefox plugin to change the referrer is quite convincing. Something may have changed since I tried it a few days ago. Tonight it seems like I need to set the referrer to http://www.google.com to cause the problem. I'm pretty sure that last time I was able to cause the problem with just the word google or anything that included google.

If the problem is solved and it says "Hello World!" then we're back to .htaccess or Joomla. Put the .htaccess file back and try it again to eliminate that. If it still works then the problem is definitely in Joomla. I don't really know anything about Joomla. Your best bet is probably to post on a Joomla forum. If you get desperate then you can try debugging starting at index.php. Try tracing the code and adding an exit; statement at some point. That will kill PHP. You might just get a blank page if you access it but if the redirect doesn't happen then it must happen after the exit; statement so move the exit; further along. That might quickly get tedious and complicated but the idea is to try to do sort of a "binary chop" which means try to guess an approximate half way point in the code and put the exit; there. Depending on whether the redirect still happens or not then you'll know if the offending code is before or after that point.

If it's proven to be Joomla then I guess before doing the above, you should probably try disabling some plugins or modules or whatever they're called in Joomla even if they seem irrelevant.

Good luck. Let us know what happens.

73
Ross

[G0VQY]

I have sorted the problem, actually it probably took me 5 min to sort both sites. I simply replaced all existing files with fresh files from a new installation. There must've been something in one of the files that was causing this problem because it seems okay now.It just remains to see how quickly Google indexes the homepage back to what it should be, if it does indexes properly then I know I have sorted it. I've made sure I have changed my passwords on the website and also my hosting, just in case

[G0VQY]

Well it seems that the problem is now sorted. Google have now indexed both homepages and they are coming up as they should do without any of that advertising crap attached.

[KE0MD]

Can I offer a suggestion? I work for a big web hosting company, and a while back we had a bunch of web sites get compromised in a weird way. Perhaps 90% of the time they would load properly, but every once in a while, they'd end up redirecting to some spam page instead. It wound up being very difficult to trace because of that aspect of it. Here's a page that describes what we faced (this was October 2010 when it hit us):

http://blog.unmaskparasites.com/2009...eta-redirects/

For us, this was a total pain in the neck - first because it was hard to duplicate. Second, because we had a LOT of trouble finding the attack vector (it ended up being an outdated WordPress installation in the final analysis). I think we fought off and on for a week attempting to clean this one up (finally actually rebuilding the server entirely from scratch, making sure we upgraded all the wordpress installations on there).

[G0VQY]

Just to let you guys know that everything is okay now. Even though I thought I had thought of it, it was a lot worse than I initially thought. A couple of other websites started experiencing the same thing so I contacted my host and they did some investigations and also scanned all the directories and files on my server, they found that a malicious PHP script had been injected somewhere which then allowed malware be put onto the server. Anyway, I really did take my hat off to host Gator, they were fantastic, they cleaned all my files and removed all the malware and advised me on what I should be doing, they changed passwords for me initially and I am now back on track.