Let me give you context, I have this site with the domain daithijphotography/.com (the slash to remove the link). This website was going to be somewhere I could display my photography. I didnt have anything on the site other than the Hello Elementor theme with nothing else on it at all. Just the title of the website.
I kept getting emails about comments being left on my post ‘Hello World’ and i’ve made and ran sites with wordpress in the past for years so I know that bots spam comment sections with links and scripts and it can be annoying, as far as I was aware though, the comments were turned off on this site and there was no visible post for anyone to comment on.
I just ignored them as I assumed I was part of some spam phishing scheme and they usually fizzle out quite fast. I was surprised when I was, as cringey as it is, googling myself to see what came up and i was met with my photography website at the top of the search results with a fully fledged meta description I never wrote. I clicked on it thinking I must have accientally published it, but im met with an entirely different site? A complete clone of Symrise/.com, but with my domain name in the search bar.
I was so confused and instead of panicking I went straight to my laptop and checked it out, inspected the code of the site seeing that at the top of this very basic html website, with links that didnt work, just a clone of the text of the images, read: Saved with Single File, May 12th, Time 13:00 Moscow. Other than that the code was harmless code? i scanned the site for malware and ran diagnostics the way you would when coding websites, everything was fine?
I went straight into my hosting website and disconneccted the site, deleted the wordpress. I went into Godaddy which is my domain provider and changed the nameservers back to the original godaddy ones instead of the hostinger ones. I deployed a default GoDaddy made photography webbuilder made site and published it so when you type the URL in, it shows the new site. I called GoDaddy and they said everything looks fine, in fact walked me through the process of deploying the new site and checked for me on their end if anyone had taken my domain or logged into my account. Everything was fine, I did the same with Hostinger and again everything was fine.
The domain shows the new site on everyones devices except ones connected to my home network. I’ve cleared all the cache and reset the router and flushed the DNS, yet sometimes i still see that old site on my domain, especially on my mac and my phone.
Does anyone have any idea how this could of happened, how could they put a website on my domain, remove the WordPress one, and neither the host or the domain provider could see anything suspicious on my account?
TLDR: Someone put a website on a domain I still own.
[ad_2]
If the name servers were altered, then your godaddy account or wherever you have your domain account was hacked.
Your website was hacked due to not being maintained properly (my guess is via Elementor which announces vulnerabilities several times a year). Simple as that and very common. Nothing to do with your hosting or domain name registrar being breached.
Your home network DNS has cached or is getting outdated DNS info on your domain. You moved your website but your home network is still using the old address. If you ping your website at home and compare that IP to what you get anywhere it is working. If they are different then that is the cause of the issue. It may be as simple as rebooting home router or it might take more digging.
Go here and clear the Google DNS cache.
https://developers.google.com/speed/public-dns/cache
When they say it takes anywhere from 24 to 72 hours for your DNS to propagate they mean some servers don’t clear out their caches every hour or so. Some DNS and routers are set for 72 hours to clear cache.