I have website, which is a very popular website, but from last two weeks several customers complain to me that my site was hacked and redirected to a porn website,
but whenever i check the website i cant see anything like that, users says they sometimes redirected to a porn website and then just in split of a second its gone and correct website appears.
This is very annoying for me, as far as i am concern my DNS setup is fine, (i confirmed this with my server hosting also)
what the possibilities/reason of this type of a thing happening ?
is this our server security problem ?
OR is this a someone hacked into a a ISP and change the DNS records for my site and of some of my customers which uses that ISP are experiencing this problem? (i never experience this problem myself)
is there a set of DNS checks i can do to verify it works ?
or Will this be a DNS problem or something else ... i am clueless
Today i sort out the what is the actual cause of the issue, its not a DNS issue, but a Backdoor behind attack on the server named
More information
http://arstechnica.com/security/2013/05/attack-hitting-apache-sites-goes-mainstream-hacks-nginx-lighttpd-too/
http://www.welivesecurity.com/2013/05/07/linuxcdorked-malware-lighttpd-and-nginx-web-servers-also-affected/
There is no solution at the moment but to restore (reinstall your OS) as its kernel hack.
Either client side malware, or redirects in page content come to mind. Since just a few of your customers report the problem, you could try to look at what their traffic on your site is associated with, then check the page contents there.
Also, you might ask the users if the redirects are happening with other sites too. Getting the url of the porn sites from them might also help if the source of the redirect is on your site.
Review your .htaccess file. It's possible that your FTP was compromised and your .htaccess file was changed.