My domain redirects to a strange website. What's going on?

August 10, 2019 122 views
DigitalOcean DNS

My domain redirects to a strange website. Some random ip addresses just appeared in my dns records. After deleting them, my domain responded properly - for 5 minutes. After 5 minutes my domain redirects to the same site again. This time without show the random dns records in my dashboard. What's going on? This is not good..

1 Answer

Hi lxblvnc,

If your DNS records are being changed, it would mean someone has gotten access of your account. I would suggest changing your password right away!

Once you do, monitor your account and see if the DNS records still change.

Kind regards,
Kalin D.

  • Hi Kalin,

    Thanks for the quick reply! I use my google account to log in. So, I should change my gmail password?

    And do you have any idea why it's showing the other website again? My website worked after I deleted the dns records - for a moment anyway. But now it 'magically' redirects to that same website again (this time without showing dns records).

    Cheers,
    Daniel

    • Hi Daniel,

      if your website redirects even without the DNS records in place, then most probably it's hacked. Usually, a website is hacked two ways, the files are infected or the database has been compromised.

      Having said that, usually when someone finds an exploit in your website, it doesn't make your website redirect. So what I'll suggest is changing the password wherever you can, your website's database, your gmail, your droplet's password and see if this actually reappears.

      If it does, then it would mean the websites has been compromised and you should look for a web developer/sys admin to secure your website and clean it from any malware.

Have another answer? Share your knowledge.