How to Spot and Stop Malicious Website Redirects
Whether for commercial, professional, or personal use, your website serves as your public face to the world. When every aspect of every page of your website is functioning exactly as it should, users can easily access whatever product, service, or information you provide. However, if visitors to your website find themselves suddenly sent to a site, server, or page they never meant to visit or see, the damage to your reputation can be off the charts. This is what we call malicious website redirects.

In this case, potential customers may take their business elsewhere. Friends and business contacts may feel they've been spammed. Search engines such as Google and Bing might blacklist you, and all the hard work invested in building your brand will be wasted.

Fortunately, page hijacks, scareware, Trojans, viruses, and a range of malicious website redirects can be detected and disinfected, if you know what to look for. First, you need to know what these awful things are.
Redirect or Misdirection

Redirecting traffic from one Universal Resource Locator (URL) to another can be done for good reasons or bad reasons. It all depends on intent. Sometimes, a benign redirect is just what a website needs. For example, a 302 redirect lets search engines and users know that a certain web page is somewhere else for a while but will be back soon. A 301 redirect similarly advises users and search engines that a page has moved away but won't be back, ever.


That's not what today's blog is about. We're here to talk about bad misdirection done by malicious actors to scam you, your friends, potential clients, as well as your customers.

Types of Malicious Website Redirects
There are countless ways hackers and bad Internet actors infect unwitting websites with malignant software. None of them have the website or its visitors' best interests in mind. As you may have guessed, most malicious website redirects are connected to cybercrime, in one way or another.

Three levels of malicious misdirects:
  • HTML
  • JavaScript
  • Web server

Some recent forms of sinister redirects and what they do, in a nutshell:

Ad fraud generates clicks for crooks and can lead innocent page visitors to images and sales offerings they never wanted to see. Scam advertising of this sort is the last thing you want on your reputable pages. Should a visitor to your page suddenly see adult adverts on your site, they may leave screaming and never come back.
Compromised Affiliate Marketing
Bona fide affiliate marketing provides an honest income stream for many website owners. When affiliate links are compromised, charlatans and con artists reap unearned commissions while valid affiliates go unpaid. The best way to stop these shenanigans is to stop them before they start with a ThreatSign! plan.
Malicious website redirects can result in rogue software downloading and installing itself on smartphones and computers without user consent or knowledge. These sudden unwanted downloads can wreak havoc on a device or website.
Malicious website redirects can also exploit browser vulnerabilities to inject NSFW images and other inappropriate content into web pages. Imagine the uproar if a visitor to your website suddenly saw something other than the content they came to see.
Redirects to phishing sites that look like real sites can steal personal information such as login credentials and payment data. If a visitor to your website gets scammed, they may blame you and tell others that your business is unreliable.
Compromise of search engine rankings is a deceptive practice used by criminals to defraud Internet users into believing a site is more reputable than it is.
Tech Support Scams
This tried-and-true scam convinces users that their device has become infected with a Trojan, virus, or other sort of scareware. The scammer then lures the oblivious user into paying for a service to save them. Even worse, tech support scams often convince a user to install and open a file-sharing program that grants remote access to everything including personal financial info.
Where Do Browser Hijackers Come From?
Typically, browser hijacks begin at an infected website. Malware may be connected to a browser extension or it can be bundled with legit-looking freeware. Infected email downloads may also initiate malware misdirects. Once a user inadvertently introduces malware to a device, the nefarious software alters code to change browser behavior.
Techniques of Malicious Website Redirects
  1. When injected into a webpage, malicious JavaScript can direct a user anywhere on the web. Allowing detailed control, JavaScript misdirects are a versatile method used by hackers and web pirates to take control of someone's Internet experience. JavaScript can be rather easily obfuscated, making such malware attacks hard to spot by the untrained eye. This is one reason Quterra's detailed code snippet results are so helpful in identifying and eradicating malware and misdirects.
  2. Malvertising is also a common way JavaScript malware makes its dangerous way into user devices. Such adverts may appear normal, especially to a first-time website visitor who is unaccustomed to seeing your pages. Sometimes, JavaScript malware seeks out first-time visitors or those who came to your website by way of a search result. This sneaky tactic makes it even more difficult for a webmaster to find and disinfect a web page.
  3. Although refreshers lack the subtlety of JavaScript injection, some web pirates redirect pages at the HTTP level by automatically refreshing headers and meta tags to reveal unwanted—and sometimes quite awful—content. Malicious website redirects to pornographic images, black market pharma sites, as well as other NSFW pages are common with such a header refresh or meta tag malware attack.
  4. A common security issue with older versions of WordPress, open redirect pages typically look legit to unwitting users. WordPress add-ons that offer redirection capacity are especially vulnerable to spoofing and security holes. If you use the WP Bulk Uploader or Simple 301 Redirect, be sure to upgrade your WordPress version and add-ons without delay.
Signs and Symptoms of a Hijacked Website
  • One or more new toolbars appear in the web browser
  • Searches are redirected to different websites
  • An uptick in pop-up ads
  • Another search engine replaces your usual search engine
  • Web pages start loading slower than usual
How to Identify Malicious Website Redirects

Cybercriminals employ misdirect tactics because they know they're hard to detect. Fortunately, there are several practical methods webmasters can use to identify malicious website redirects. Here are the basic instructions on how to find redirects in some platforms if you want to try and fix it yourself.

Make Google Your Ally
Google offers a free Safe Browsing Diagnostic tool and it's super simple to use. Just input the URL you want to check and hit Enter. If redirects or other threats are identified, Google will warn you.

You can also take advantage of the Google Search Console and use it to check if any official warnings or penalties have been lodged against a particular website. Repeated spam warnings can serve as a clear indicator that a website may be compromised by malicious website redirects.

Regularly monitor your own website's position in search rankings by searching for your product or service on Google and noting the results of the search engine results page, or SERP. Take notes and compare them often.

Additionally, test your website over a variety of platforms. Test from mobile devices as well as a desktop and a laptop. Each browser has its way of dealing with malicious website redirects. For instance, a malicious redirect may be better able to affect the browser on an outdated mobile device than browsers installed on a well-maintained, updated laptop or desktop computer.

It is also important to test your website on as many devices as you can. Try it with a variety of screen sizes and operating systems. Misdirects may behave differently in diverse devices.

Lastly, test your website from a variety of IP addresses. Test from different networks, too. A change in environment may impact the way a redirect works or who a scammer targets. Some redirects are geo-specific, so disguising your location may reveal otherwise unnoticed attacks.

Scan Your Website for Malware for Free
Quterra offers an excellent website malware scanner you can use for free. Simply input the URL of any website, click to start the scan, and wait for the results. Our proprietary cloud-based software downloads and carefully analyzes every bit of your website to locate and identify a range of malicious media, suspicious scripts, as well as nefarious programs that may disguise themselves as legitimate site content.
Once the Quterra exploit detection engine has finished investigating a URL, we'll provide a complete breakdown of all infected pages. If not clean, compromising actions will be assigned one of three threat levels depending on how such malware could affect your website visitors.

  • Potentially suspicious
  • Suspicious
  • Malicious
Quterra's Free Malware Scan Identifies:
  • HTTP redirects that infiltrate and modify server configuration to coerce visitors to alternate destinations, including phishing sites and worse. Notably, these sorts of malicious website redirects affect the server's .htaccess file.
  • HTML redirect script embedded into a website HTML code that exploits meta tags, sometimes after a predetermined amount of time.
  • JavaScript redirects dynamically mislead website visitors based on factors such as geographical location or browser type. This added layer of complexity makes it hard for the average user to predict where and when a cyberattack or malicious misdirection may occur.
Multi-Layer Approach to Prevent Malicious Website Redirects
  • Enact content security policy
  • Install and use a web app firewall
  • Perform periodic code audits
  • Stay apprised of evolving cybersecurity threats
  • Understand and follow server security best practices
DIY Website Hardening
Bad actors and automated attacks are a fact of Internet life these days. However, this doesn't mean there aren't ways to protect your web pages from malicious website redirects and other scam tactics.

The following tips are appropriate for WordPress and Magento webmasters who want to make their site 'harder' and less vulnerable to cybercrime:

  • Allow access via secure HTTPS only
  • Change 'password incorrect' screen to 'invalid login credentials' to thwart phishing
  • Employ multi-factor authentication without fail
  • Install and always use a web application firewall to stop DDoS attack
  • Monitor your weblogs daily
  • Prevent direct website access from public hotspots
  • Principal of least privilege grants minimal temporary admin access to do one job
  • Reduce attack surface by limiting public access to specifically public pages
  • Restrict administrative access on an as-needed basis
  • Scan and sanitize anything and everything your website receives
  • Scan and sanitize website form input fields to prevent SQL injection attack
  • Uninstall unneeded plugins, themes, as well as other third-party components
  • Use very hard-to-guess passwords for server, FTP database, and admin panels
An Easier Way to Effectively Harden Your Website and Prevent Malicious Website Redirects
If managing all the malware prevention techniques mentioned above sounds complicated and time-consuming, that's because it is. Unless you have all the time in the world to monitor your web pages for suspicious activity, you might prefer to allow Quterra to manage your website security.
If you haven't tried ThreatSign! yet, do that right now. Quterra offers three threat protection plans that thoroughly scan your domain to find and stop malicious website redirects at their source.
  1. Essential security plan scans for malware every 12 hours
  2. Premium security plan scans for and removes malware every 6 hours
  3. Emergency plan scans for and removes malware every half hour
Disinfecting a website requires more effort than simply keeping it clean in the first place, so it makes good sense to let Quterra's very own ThreatSign! step in and assist.
Every ThreatSign! Malware Protection Plan Provides:
  • Continuous server-side malware scanning
  • Distributed denial-of-service (DDoS) protection and mitigation
  • External malware scanning
  • Virtual patching
  • Web application firewall with free SSL certificate
  • Easy and intuitive web-based user interface
  • Website hardening with multiple levels of security
Quterra's Premium and Emergency plans provide all of the above, plus:
  • Automated web malware removal
  • Blacklist removal
  • Full website audit
  • Manual malware removal service
  • Unlimited hacking repair requests
  • Unlimited malware removal requests
Choosing the Perfect Plan
Quttera's Essential Security is ideal for protecting clean sites from malware and hacking, Premium Security offers the aforementioned protection plus expert blacklist removal, and our Emergency Security offers four hours or less response to any cyber emergency,

As long as there are web pages, there will be bad actors seeking out vulnerabilities they can exploit to their advantage. With ThreatSign! watching your back, the advantage is yours. Sign up today!