Suspicious querystring value in joomla url ?

[hs_jha]

On checking my joomla website in google I stumbled upon this strange querystring url from home page

<sitename>.com?from=xiaodiaomao.com

My website uses joomla 3.4.3 version.

Is this normal or an indication of some infection ? I have scanned the website through plesk health scanner but no infection was found.

Even a random search in google i could find several sites with similar issues

https://www.google.co.in/search?q=%3Ffr ... e&ie=UTF-8

Joomla experts kindly help or suggest ..

[JAVesey]

Your Joomla installation v3.4.3 is very old and long-since overdue an update; many security issues have been fixed/patched by subsequent releases. My recommendations, in this order, are:

1. See the top of this forum for link to the Forum Post Assistant (FPA); run it and post the results here.
2. Review/audit and update all your 3rd-party extensions were newer versions are available.
3. Update your Joomla installation to the latest version (v3.8.5) This may take several steps, search on here for the steps you need to take.
4. Submit your site for review/audit at myjoomla.com (the first audit is free).
5. Act upon any advice received after doing item 3.
6. Resolve to keep your installation up to date from now on.

[sozzled]

Suspicious-looking URLs are part and parcel of doing business on the internet. By themselves, they are not indications that your website has been successfully hacked; they are more likely to be probing by potential hackers who are attempting to exploit known vulnerabilities that exist with all types of websites. I discuss this in more detail in viewtopic.php?f=714&t=958501.

@JAVesey is absolutely right to point out the blatantly obvious. J! 3.4.3 was released three years ago and it is about 29 versions behind the current release (J! 3.8.5). People who continue to use outdated software run an increasing risk that their websites will be attacked and they'll be forced into having to rebuild them. Note, I didn't say "recover"; I meant rebuild.

It's your business, of course, and you have an opportunity to take charge, do that maintenance work that you've procrastinated about for the past three years, and tidy things up. I doubt that the suspicious URL you've mentioned is proof of a successful attack but I would suggest that you execise some caution. Once these people find a vulnerability in your website your options start to thin out.

[fcoulter]

The query string that you mention seems to be an example of referrer spam (see https://en.wikipedia.org/wiki/Referrer_spam). In itself it is not harmful. Nor is it anything related to Joomla. If you look at some of the sites that come up in the Google search that you reference, many are not Joomla sites.

I completely agree with JAVesey and Sozzled, you need to concentrate on updating your site.