Have my domain been hacked?

Help! (Home for newbies)
1
SYSTEM INFORMATION
OS type and version Ubuntu Linux 24.04.4
Webmin version 2.621
Usermin version 2.521
Virtualmin version 8.0.1 Professional
Theme version 26.22
Apache version 2.4.58
Package updates All installed packages are up to date

Hi,

I have an empty domain called wpdebat.dk, and it’s added under vitutelmin on my server

But when I go to the site, I am forwarded to this site: (https://wpdebat.dk/#/auth/login)

2026-02-17_13-43-57
2026-02-17_13-43-571859×713 55.9 KB

I have not installed anything on the domain.

There is nothing in the website folder:

root@titan:/home/wpdebat/public_html# ls -la
total 88
drwxr-x---  2 wpdebat wpdebat  4096 Feb 17 13:48 .
drwxr-x--- 12 wpdebat wpdebat  4096 Feb 17 13:24 ..
-rw-r--r--  1 wpdebat wpdebat 78408 Jan 27 17:59 index.html
root@titan:/home/wpdebat/public_html#

There is nothing on viturelmin → Website Redirects!

Has my server been hacked??? How can I fix this

Regards

Thomas

1 Like
2

I doubt it but look in you logs.
A new VM with a clean new VS is pretty secure.

wp* is a common hit on the web - cause so many people use word press. it just invites those with evil intent to have a go.

I added a new VS to an existing VM yesterday. No site added yet - but my logs are filling up very fast with ws* 404 responses.

i am also surprised the redirect is using a cert (https) if you have not already obtained one for the domain.

1 Like
3

I can’t even ping it our pull a record from the listed name servers. It sounds like the DNS provider or registrar is hijacking an empty request. Strange target though.


mit@~:ping  wpdebat.dk
ping: wpdebat.dk: Name or service not known

mit@~:whois  wpdebat.dk
# Hello 173.91.209.99. Your session has been logged.
#
# Copyright (c) 2002 - 2026 by Punktum dk A/S
#
# Version: 6.1.0
#
# The data in the DK Whois database is provided by Punktum dk A/S
# for information purposes only, and to assist persons in obtaining
# information about or related to a domain name registration record.
# We do not guarantee its accuracy. We will reserve the right to remove
# access for entities abusing the data, without notice.
#
# Any use of this material to target advertising or similar activities
# are explicitly forbidden and will be prosecuted. Punktum dk A/S
# requests to be notified of any such activities or suspicions thereof.

Domain:               wpdebat.dk
DNS:                  wpdebat.dk
Registered:           2025-04-06
Expires:              2026-04-05
Registration period:  1 year
VID:                  no
DNSSEC:               Unsigned delegation
Status:               Active

Registrant
Handle:               DATA REDACTED
Name:                 x
Address:              x
Postalcode:           8420
City:                x
Country:              DK

Nameservers
Hostname:             ns01.futurehosting.dk
Hostname:             ns02.futurehosting.dk



mit@~:dig  wpdebat.dk  @ns01.futurehosting.dk

; <<>> DiG 9.20.18-1~deb13u1-Debian <<>> wpdebat.dk @ns01.futurehosting.dk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 18690
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f455cda3dcda0d8701000000699475dd0bb9c0166680fbc3 (good)
; EDE: 18 (Prohibited)
;; QUESTION SECTION:
;wpdebat.dk.                    IN      A

;; Query time: 147 msec
;; SERVER: 193.182.143.246#53(ns01.futurehosting.dk) (UDP)
;; WHEN: Tue Feb 17 09:06:21 EST 2026
;; MSG SIZE  rcvd: 73
4

Hi @ID10T

I have tried to remove the domain (wpdebat.dk) from viturelmin - Then add the domain.

But still send my URL to the other site…

But now you can ping the site.

What can i do to fix it?

5

Clear your web browser cache or try another browser?

image
image975×985 163 KB

6

I just tried and have same result as @ID10T

7

Is that site also hosted on the same system? If so, you have a “the wrong site shows up” configuration issue. Troubleshooting Websites | Virtualmin — Open Source Web Hosting Control Panel

If it is not hosted on your Virtualmin system, then you have a DNS problem, most likely. Though I see port 10000 is listening on that hostname, so at least for me, I’m probably seeing the right server.

Why would a hacker redirect your site to a random login page?

8

Hi,

Sorry for the very late reply.

I loaded a backup of my server, and now it works for me.

Sorry for the post.

Have a great day

// Thomas