Mystery 301 redirect. Where is it from and how can I fix it?

What is the name of the domain?

setandmatch.net

What is the issue you’re encountering

My site is suffering a 301 redirect to helen-hall.co.uk, which is not one of my sites. Is it a DNS issue? Where can the 301 have come from?

What steps have you taken to resolve the issue?

No sign of malicious code in wordpress files. No strange plug ins. My other sites that share the same IP address are not affected.
Hosting company are stumped.
DNS and SSL for my sites are through Cloudflare.
reached out to dev credited on helen-hall.co.uk but no reply as yet.

What feature, service or problem is this related to?

Nameservers

Looking at the Response headers is your best bet for figuring out these issues. For example, curl https://setandmatch.net/ -vvv or using a REST Client like Insomnia or Postman that doesn’t follow redirects.

< HTTP/2 301
< date: Thu, 25 Jul 2024 18:22:02 GMT
< content-type: text/html; charset=UTF-8
< location: https://www.helen-hall.co.uk/
< x-powered-by: PHP/7.3.33
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: no-store, no-cache, must-revalidate
< x-redirect-by: WordPress
< cf-cache-status: DYNAMIC
< nel: {“success_fraction”:0,“report_to”:“cf-nel”,“max_age”:604800}
< server: cloudflare
< cf-ray: 8a8e2c3c58160f8c-EWR
< alt-svc: h3=“:443”; ma=86400

A few things stand out:
You can see cf-cache-status, meaning this response is from your origin. You can also see “x-redirect-by: Wordpress”. Wordpress is saying it’s doing the redirect, would have to look further there.

X-Powered-By:
PHP/7.3.33

X-Redirect-By:
WordPress

So the redirect is definitely coming from Wordpress.

PHP 7.3 has last been updated in 2021. Going that long without updates, I think we can assume the host has been compromised.

Thanks for the advice.

Thanks for your help as well.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.