Redirects to YouTube Defacement Channel
During a recent investigation, we found an infected website was redirecting to YouTube after its main index.php file had been modified to include the following line of HTML:
<meta http-equiv=’refresh’ content=’2;url=https://youtu.be/fsqzjDAO2Ug’>
This technique works because it’s possible to use HTML within .php files — as long as the HTML is outside the PHP code tags.
In this case, the HTML is the only code that exists, so there are no PHP tags to avoid.