I decided to write this tutorial based on a question i saw on the one of the webmasters forums.One member there said that his website got hacked and now its redirecting to facebook.com and he checked „all“ but couldn't correct it to point to his website again...

WHY THEY DO THINGS LIKE THAT?

I will explain u why things like this happens,why does someone hack your website and than redirect it to some other.Answer is simple as u saw on the internet allot of people are selling traffic.Have u ever asked how they do it?Well here is the one way they do it.They find some vulnerable website and gain access to it without leaving any traces so webmaster doesn't know they are there.Now when someone purchase traffic package form them they simple access that website again and edit it to redirect to the website of the user that purchased „traffic package“.There are

also allot of other reasons why they do things like that but i won't mention them here since this i not a tutorial on how to hack or earn on the internet but tutorial on how to FIX your site after this happen.

WHAT TO LOOK FOR?

Most of u who already experienced on your skin noticed that everything with the files looks absolutely the same, but is it ?Ques not since redirection is there.Now first ting u should check is does whole website redirects to some other or its just doing it form only few urls.If its only doing it from only few urls than logical thinking is that they have been altered.Now lets say redirection is happening only on homepage,that means that is only happening on the index.php.Go to your ftp or cpanel file manager and open the index.php for editing.Look for the any code that shouldn't be there any code like („header( 'Location: http://website.com/' ) ;“) or look for any encrypted code inside your index.php,that depend on how experienced is the person that altered the file.More experienced people will probably encrypt their code so it stays hidden.For example this is happening allot in wordpress blogs where most of the templates are encrypted so person who is altering your files to get redirection will probably decrypt header encrypted code,insert his redirection code and after encrypting it back place modified code instead of original.So for wordpress users i recommend to decrypt header code and examine it no mater if u are experiencing redirection issues or not because its posible that u have some other malicious code injected there like iframe or something.How to decrypt it and identify what encryption is used check the article on this site which is related to it.If u examined all redirecting files and didn't found anything or your whole website is making redirection.Its a good thing to check if there is any new .htaccess if not also examine your old htaccess files and see if there is any redirection rule applied to them mostly its 301 redirection.Also one possible situation is that no files are altered and touched but that bad person got your domain account information and altered ns.host info to the one he needs.This could be the case especially if your hosting company and domain name provider are not same company (if your purchased your domain on one place and later changed hosting provider).That would be all for now.Let me know if u are interested in this topic by rating or commenting this tutorial or article how every u want to call it.If i see that there are some people interested i will write one more detailed with more reasons and fixes included....