Exploit found with redirect.php

[ab3wx]

I found an exploit with the redirect.php

Quick story I had a friend in my ham radio club tell me he couldn't access my webpage because his security software was blocking out my site. I found out on a reputation search I was being blocked by 2 out of 40 services. and being marked as a phishing site.

After getting some info from one of those companies' support teams, they were telling me my site was redirecting people to porn sites. I do not have any of that on my webpage. Well it turns out those porn sites are coming from a google search all of them share one thing in common it goes like this mydomain dot com /wx/pages/station/redirect.php?url=(bad site here)

Test it yourselves with your own pages. on your weather stations main directory where you see the home page if you use the default it will start with template unless you changed it but after that type in the following /pages/station/redirect.php then after the PHP no spaces or slashes add a ?url= then after the equals type in whatever https:// domain you want and it will redirect you to whatever website you want. Bad part is it makes it look like your webpage is hosing the bad sites.
e.g. /pages/station/redirect.php?url=https://google.com would redirect you to google if you added this to your address bar after your websites home page.


I removed the redirect.php and am currently trying to get google to remove that info from their searches. This didn't show up if I google searched for my website normally but if I did the site: before my domain in the search box it brings up a lot stuff.

[ab3wx]

One note to add I'm using version 18 of the template if that would make a difference or not.

[alexvanuxem]

in v 19, I tried your redirect.

It redirects me to www.meteotemplate.com

hope this helps

Alex

[lemimi]

Hello,
Indeed, a whitelist was created in the redirect.php file in version 19.
If the URL is not included in this list, you are redirected to www.meteotemplate.com. Personally I changed it to my homepage.
Michel

[WessexWeather]

I have had this exact same issue, several times over the past few months. Google informed me that they had detected the problem and asked me to resolve it. Once my host took my site down because of it!

I am also still on 18.0. This particular redirect.php file has been untouched since 2017.

How can I prevent this from happening again?

[MonyMony]

Wondering if you can just replace the redirect.php file in v18 with that from v19. I have no idea if this works or not as I am running v19 already. Posting the file here and will wish anyone that tries 'good luck'.