I stumbled across a mystery when browsing google. So i've started noticing that there are a bunch of these scammy websites popping up in google searches. Here's an example: https://files.catbox.moe/48venr.png
So the favicon, and domain is part of NTNU, which is a pretty big university here in Norway. When you hover the mouse over the link, you see the NTNU domain, but after .php, there's a sneaky link that redirects a bunch of times, then sends you to an "iphone giveaway"
Here's how it looks. https://files.catbox.moe/6xn7fk.png
https://folk.idi.ntnu.no/alfw/prosjektvollan/minnebok/ is just someone's public diary from about 2006, but i cant understand how someone added the redirect at the back.
Could this be someone exploiting google, or is this something as simple as someone editing the php library the diary is running on, sending new users to scammy websites?
If the library was edited/tampered, how could someone do that?
This is all coming from a complete noob in php, but i can't see any way someone could tamper server side software without having direct access to it
update:
i found a bunch more of these links containing the same scammy redirect. No idea who's doing it but they're going after a bunch of domains https://files.catbox.moe/dit3e0.png
Add comment