

Google Search Result Redirect Page Hijacked For NodeSummit - travisglines
https://www.google.com/search?btnG=1&pws=0&q=nodesummit

======
travisglines
Click the top link (NodeSummit)

The Google redirect is landing on a page with malware by the looks of things.

Edit: Picture of the page it redirects to ...

<http://i.imgur.com/EgwKs.png>

~~~
dchest
Nodesummit.com is hacked, not Google. Redirect is active for referrer:

    
    
        curl --head --referer 'http://www.google.com/url?{...cut...}' http://nodesummit.com
        HTTP/1.1 302 Moved Temporarily
        Date: Sat, 11 Feb 2012 00:32:36 GMT
        Server: Apache/2.2.9
        X-Powered-By: PHP/5.2.17
        Location: http://costabrava.bee.pl/
        Vary: User-Agent,Accept-Encoding
        Content-Type: text/html

~~~
pooriaazimi
Why '302 Moved Temporarily'? Wouldn't '301 Moved Permanently' serve hacker's
purpose better?

------
cleverjake
I dealt with this a lot at a hosting company I worked for. This is almost
certainly a .htaccess file that is set to only redirect based on referrer. It
is normally under several hundred blank lines, to make it look empty to the
casual observer.

~~~
pooriaazimi
It can't be.

I can't access the linked url (it's https:
<http://news.ycombinator.com/item?id=3575029>), but as far as I remember, if
an HTTPS page links to (or redirects to) another page that is not on the same
domain, the HTTP REFERRER field will be empty.

~~~
dchest
Google's redirect is not an HTTPS link, so it sends referrer (see my comment
below).

------
indexzero
We (nodejitsu) sponsored NodeSummit, but have no control over nodesummit.com.
I have reached out to Charles Beeler (the conference organizer) to make him
aware of the issue.

