My website is altoonadesign.com if you type it directly in your browser it takes you to the correct site. However if you do a search for "altoona design" and click on the link to my site you get redirected to a malicious site.
I tried this in google on chrome and in bing on IE. on different computers always with the same results. typing in the url directly takes you to my real site, clicking the link in the search results redirects you to the malicious site.
I am not sure how this is happening, how to undo it, or how to prevent it in the future?
update
clicking the link from here takes you to the malicious site too, so it seems clicking a link is what does it, but typing it in directly doesn't redirect you... how is that?
I've not actually followed your link (no desire to meet a zero-day exploit), but what often happens when a server has been hacked is that code is put into any PHP files to check the referrer header and redirect either if the visit is from a search engine or if it's from anywhere not the current site.
This is done to try to prevent the owner of the site from realising the hack is in place, as you will probably usually visit the site directly rather than finding it through a search engine.
When viewing the source of your page, there's some code at the bottom that doesn't look like you put there:
When using fiddler, and accessing your site thru google, i can see that it does go to your domain 1st, and then gets redirected before your whole page loads.
Check your php code, they probably put in some redirect code in your page.
First and foremost this is a programming question, i have absolutely no idea whats this is doing on Serverfault.
There is a vulnerability in your php web application and you need to find it and patch it. First I would go though and make sure that all of your PHP libraries are up to date. A vulnerability in phpmailer or smarty can let a hacker break into your site.
Next i would scan your site with somthing like Acunetix($) or NTOSpider($$$). A good open source alternative is wapiti and w3af. These scanners can find vulnerabilities such as misuses of
eval()which can lead to this type of attack.Next you should lock down php using phpsecinfo, make sure
display_errors=off. If you have a MySQL backend make sure to disablefile_priv(file privileges) for the MySQL account used by PHP.Here are some good resources for writing secure PHP code:
http://phpsec.org/library/
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Also avoid FTP like the plague, there are multiple worms spreading right now by sniffing your local machine for FTP logins and then infect your site. Also make sure you are running an anti-virus on all machines with access to the server, even if its just a free one like AVG.