My Drupal site is having some redirect malware issues. I suspected some strange redirects and tried to catch redirects by caching them through Nginx. Below is the output of one redirect.
Page https://www.test.com/officialsite doesn't exist on the site. No URL redirect with this value.
However, visiting https://www.test.com/officialsite produces a redirect loop because it leads back to Nginx instead of hitting Drupal which would have possibly redirected it elsewhere as a result of malware.
What I have done:
- Checked all files (no changes - we manage the codebase via a Git repository)
- Checked Variables and System Tables and can't find anything unless I am not looking for correct
- Running Drupal 7 up to date
And running out of ideas!
Sorry can't enclose it in code as it loses formatting.
^E^@^@^@^@^@^@^@¯Ô d^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ÿÿÿÿÿÿÿÿ/à<9c>d^@^@^@^@<8b>Ù¾B^@^@g^AJ^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
KEY: /officialsiteGET
^A^F^@^A^@Û^E^@Status: 301 Moved Permanently^M
X-Drupal-Cache: HIT^M
Link: https://www.test.com/officialsite; rel="canonical"^M
Location: https://www.test.com/officialsite^M
Content-type: text/html; charset=UTF-8^M
^M
