Today, after completing the self-recruitment exam, I completely migrated my original personal website here. It reminded me of when my previous site was hijacked by DNS, so I decided to write a short passage based on what I’ve learned, just in case it comes in handy.

In my old class, during breaks, a group of classmates often gathered around the computer screen to play games. One time, after surfing the internet for a while, they suddenly started shouting excitedly. I looked up to see a few boys running towards me, laughing as they told me my homepage had redirected to another site. By then, they had already closed the redirected site. After checking the browsing history, I was quite surprised. However, when I opened the website that evening at home, it was just as usual. Afterward, analysis revealed that my original site had likely been subjected to DNS hijacking.

Since I had acquired a new domain name, the old site had been abandoned, but the new site still needed protection against DNS hijacking. Below are the methods I use to tackle DNS hijacking.

Confirm whether your domain has been subjected to DNS hijacking

A domain that has been hijacked will redirect to other sites regardless of how you access it. In such cases, you can try accessing it via the IP address. If the IP access works fine but the domain keeps redirecting, then your domain has probably been hijacked. In this situation, you need to contact your DNS resolver or server personnel for assistance.

Check if your template files have been altered with redirect codes

At this point, you can temporarily switch to another secure template in the backend. If the redirection stops, it indicates that the redirect code was embedded in the template files.

Redirect codes are often added to JS files, especially the jQuery library, which is frequently targeted. You should check the beginning and end of each JS file for any additional encrypted codes. If you find any, delete them and clear the cache before trying to access the site again.

1
2
3
4
5
6

<!-- Using meta tag for redirection -->
<meta http-equiv="refresh" content="0;url=http://example.com">
<!-- Using JavaScript for redirection -->
<script language="javascript" type="text/javascript">
    window.location.href = 'http://example.com';
</script>

Alternatively, you can replace any suspicious files or the entire template package with the original files from the downloaded template zip.

If switching templates still results in redirects, your CMS or runtime environment might be compromised

In such cases, hackers often tamper with the runtime environment, for instance, by hacking Apache or Nginx, automatically injecting redirect codes into web pages. They can even control the frequency, adding code just once a day and only on mobile visits, making it extremely subtle and difficult to trace.

In this situation, you can resolve the issue by reinstalling the CMS program or uninstalling and reinstalling Apache/Nginx via your server management panel (like Baota).

If problems persist, your database or server might be hacked

In such cases, it’s best to directly contact the server provider’s staff for assistance, as it’s likely too complex for an ordinary user to resolve.

In summary, the overall approach is to identify the specific location of the problem and then address it accordingly.

Always remember to back up before making any modifications or fixes!

Additionally, maintain good security practices for your server and regularly back up your website and database to prevent issues before they arise!