Clients site has been hacked via a redirect when searching via Google (and Yahoo & Bing) but is fine when typing the URL directly into the address bar

Search for "baby soy" and it is "www.babysoy.co.uk" and click on the organic listing ... it previously pointed to a site with a screen which looked like windows explorer was scanning the c: drive and had found viruses. The page now is blocked as a potential hazard.

Any suggestions about the best way to resolve this? The hosts "justhost" are claiming that all is fine and do not want to know. I have checked this from different machines at different IP's using different ISP's so it is not my machine. Site is on cpanel.

Any advice welcomed.

OK - found an .htaccess rule with a redirect from all the search engine in there now deleted but the issue prevails so must be something else as well. :mad:

... but is fine when typing the URL directly into the address bar...
Not when I type it in my address bar in FF it shows the same problem.

This surely must be a hosting or DNS issue.

EDIT - I spoke too soon. Now when I try I get a Babysoy - we are improving our site.... message.

Very odd.

I am deleting a load of hacked .htaccess rules but I am still seeing the blocked site via an organic search result

There were a load of .htaccess files which had all been hacked with a rewrite to the dodgy site. Deleted and now all is fine.

Security breach on the hosting or FTP? Presumably you've changed the FTP account password,

Password changed.

It looked like a hosting vulnerability breech rather than a specific domain hack. The support from the hosts was appalling - originally fobbing the client with it being Adwords related!! :eek:

It looked like a hosting vulnerability breech rather than a specific domain hack. The support from the hosts was appalling - originally fobbing the client with it being Adwords related!! :eek:

Well, there's an easy answer to that, I suppose.
It's scary how little some host know (or are willing to get involved)

Thid is why i never used to advise customer to create a new ftp account that only has access to there domain root.

When people sign up for hosting accounts its not uncommon for the default ftp account to grant access to the hosting server root area, once in there the hacker can do untold damage to a site.

If im honest i bet your customer has been on a site that picked up a virus/worm that sent his ftp details to someone. Alot of these hacks are automated and they edit the .htacess file or create one if it does not exist.

Glad its sorted though Jont