My domain redirects to a strange website. What's going on?

Question

My domain redirects to a strange website. Some random ip addresses just appeared in my dns records. After deleting them, my domain responded properly - for 5 minutes. After 5 minutes my domain redirects to the same site again. This time without show the random dns records in my dashboard. What’s going on? This is not good..

Answer 1

KFSys August 10, 2019

Hi lxblvnc,

If your DNS records are being changed, it would mean someone has gotten access of your account. I would suggest changing your password right away!

Once you do, monitor your account and see if the DNS records still change.

Kind regards,
Kalin D.

Reply Report

lxblvnc August 10, 2019

Hi Kalin,

Thanks for the quick reply! I use my google account to log in. So, I should change my gmail password?

And do you have any idea why it’s showing the other website again? My website worked after I deleted the dns records - for a moment anyway. But now it ‘magically’ redirects to that same website again (this time without showing dns records).

Cheers,
Daniel
Reply Report
- KFSys August 11, 2019
  
  Hi Daniel,
  
  if your website redirects even without the DNS records in place, then most probably it’s hacked. Usually, a website is hacked two ways, the files are infected or the database has been compromised.
  
  Having said that, usually when someone finds an exploit in your website, it doesn’t make your website redirect. So what I’ll suggest is changing the password wherever you can, your website’s database, your gmail, your droplet’s password and see if this actually reappears.
  
  If it does, then it would mean the websites has been compromised and you should look for a web developer/sys admin to secure your website and clean it from any malware.
  
  Reply Report

Answer 2

lxblvnc August 10, 2019

Hi Kalin,

Thanks for the quick reply! I use my google account to log in. So, I should change my gmail password?

And do you have any idea why it’s showing the other website again? My website worked after I deleted the dns records - for a moment anyway. But now it ‘magically’ redirects to that same website again (this time without showing dns records).

Cheers,
Daniel
Reply Report
- KFSys August 11, 2019
  
  Hi Daniel,
  
  if your website redirects even without the DNS records in place, then most probably it’s hacked. Usually, a website is hacked two ways, the files are infected or the database has been compromised.
  
  Having said that, usually when someone finds an exploit in your website, it doesn’t make your website redirect. So what I’ll suggest is changing the password wherever you can, your website’s database, your gmail, your droplet’s password and see if this actually reappears.
  
  If it does, then it would mean the websites has been compromised and you should look for a web developer/sys admin to secure your website and clean it from any malware.
  
  Reply Report

Related

Question

My domain redirects to a strange website. What's going on?

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

My domain redirects to a strange website. What's going on?

Leave a comment

Related

question

Can I specify a port when adding a record upon creating a domain?

question

Unable to resolve server for apt-get

question

Move domain name from Funio to Digital Ocean

question

How long to update A Records?

Looking for something else?