Redirecting to unwanted sites

Hi, we have multiple site all on Cloudflare but bought from godaddy, one of our sites “thestonedgolem.blog” for whatever reason sometimes redirects to a porn cam site… this has been an issue and i for the life of me cant figure out how or why it even does that, godaddy support also have no idea so here i am, id appreciate any help at all, thank you!

Hey, I have a couple sites from GoDaddy that are doing this same thing in the last couple days and would like to learn a bit more so I can see if it’s the same issue. I am literally pulling my hair out and cannot figure it out yet. We went as far as deleting the entire website (all files) and deleted the entire database, and started over with a brand new fresh WordPress installation, and it STILL randomly redirects when clicking links.

  1. Can you please tell me the domain(s) that it is being redirected to currently?
  2. Is the redirection random (meaning you have to just click and click until it happens)?
  3. Have you had any luck yet in determining the issue, and if so, please provide info on your results!

I have some more information for you, including a GoDaddy incident case # for this issue that shows this as a GoDaddy-wide problem (happening all throughout their network) and they are working to fix it (supposedly).

I recommend you call them back and have them add your particular case into the overall incident ticket.

GoDaddy Incident: INC-5492776

1 Like

1- The domain it redirects to i’d rather not get into for reasons but it starts with bonga.
2- Yes as random as it gets, i can refresh the page 200 times and be good then the 201 refresh redirects there, no patter or way to make it happen.
3- Sadly as of now nothing i did or can do has fixed it, from recoding to deleting everything me and my devs cant figure it our, and sadly godaddy support has been 0 help when it comes to this situation…

Alright, that does confirm 100% that the issue is the exact same that our client sites are experiencing (bonga). FYI, the site that it gets redirected to seems to change every day or so, so it likely won’t be “bonga…” for long (if it’s still redirecting to that site).

Definitely call GoDaddy back and have them add your account issue into the incident report number I provided, as that incident shows proof that this is a problem on their end.

Oh i’ve spend around 5 hours in contact with them and the best they could offer me was this

" We have Website security product called Website Security - all WSS plans include a malware cleanup service"

essentially asking me to pay for an overpriced service even though this is not an issue on my side

1 Like

We have clients experiencing the same issue and all are on Godaddy hosting.

Some of the sites WordPress that are fully updated with all plugins and get scanned daily for issues and others are small static sites with just a few php pages.

Has Godaddy responded to your incident yet?

1 Like

Hi,
I am unable to get a hold of a support agent to ask for their assistance. Since Friday our company has been getting intermittent redirects to adult sites. We were talking with another tech company, they had a similar instance happen to a company they support as well. Same ip/ website redirects. Very intermittent. Tested equipment and software on our end for malware. Nothing.
Recently caught it in the act VIA a http proxy. Grabbed a side by side comparison of our site directing normally, and the malicious redirect.

Can someone help?

1 Like

Do you have a ticket number?

I’d check the value of your A record, but more that likely as it is intermittent, I scan your network and site for malware.

What is the name of the domain?

Our company is on the “free” tier of Cloudflare so I have been unable to create a support ticket. As that option is not available to me when I reach out to support. Our “A” record seems to be unaffected. Domain name is lcc.org.

1 Like

Thank you, I’d scan that server for malware given it’s not happening all the time, I got a connection refused, suspect my firewall is protecting me from access the site.

You can also pause Cloudflare on the site to see if anything changes, but really feels like malware to me

The site has been disabled for the time being. Which is why you are getting a 403 error, rather have our website look down rather than direct to adult content. Server has been scanned multiple times from multiple companies including the host provider. Nothing has been found. Pause Cloudflare in what way? I am new to this job and little detail has been given to me.
Attached below is a image of the http requests good on left, bad on right.

1 Like

Are your websites on Godaddy hosting? We have the same issue for clients and they are all on Godaddy hosting. See this post also: Redirecting to unwanted sites

1 Like

Thank you @david189 really good to know, I have a gd test site that I just check and it is unaffected by this.

@jmoore given the details from @david189 I suspect pausing is not going to much matter, but for downtheline, login, select the domain and on the overview page lower right, under advanced actions select Pause Cloudflare on Site, link is here, https://dash.cloudflare.com/?to=/:account/:zon

GoDaddy acknowledged that it is a wide-spread problem on their cpanel hosting plans and they have an ongoing incident report ticket with details and to report your issues: INC-5492776

Note that they have confirmed 100% that it’s not due to any malware in the site files or database. It’s a DNS routing problem on their end.

I just confirmed that you have the exact same issue. Note that your site is not the problem, and is likely completely clean of any malware. GoDaddy acknowledged that it is a wide-spread problem on their cpanel hosting plans and they have an ongoing incident report ticket with details and to report your issues: INC-5492776

Note that they have confirmed 100% that it’s not due to any malware in the site files or database. It’s a DNS routing problem on their end.

1 Like

I have been on with Godaddy Chat support for over an hour trying to get a reply and they said this…

the case INC-5492776 is related to the users who is having Firewall enabled on their site and it has been fixed now. Let me explain with the incident details.
Basically, users those who have enabled firewall on their site was redirected to other sites, the issue has been reported and our admin team is fixed the issue.

However our sites that had the issue were not using the GD firewall. What about yours?

Just got off the phone with GD support again, and the person I spoke to was well aware of the problem and advised they are still using the same incident report number and that it’s been updated to include the fact that it has nothing to do with a firewall. That ticket started with a n issue where they thought it was a firewall problem and was therefore marked as “resolved”. However, they re-opened the incident ticket after realizing that it was a massive widespread issue that was not firewall related.

1 Like

I have been experiencing the same problem and hopefully it gets resolved soon.

Do you think it is possible it may be the Javascript code (img1.wsimg) that Godaddy injects into every page?

1 Like

FYI, here is public acknowledgment of the issue by GoDaddy from just a few minutes ago:

2 Likes