My site seems to be hijacked... but only when visited from another site... how?
My website is altoonadesign.com if you type it directly in your browser it takes you to the correct site. However if you do a search for "altoona design" and click on the link to my site you get redirected to a malicious site.
I tried this in google on chrome and in bing on IE. on different computers always with the same results. typing in the url directly takes you to my real site, clicking the link in the search results redirects you to the malicious site.
I am not sure how this is happening, how to undo it, or how to prevent it in the future?
update
clicking the link from here takes you to the malicious site too, so it seems clicking a link is what does it, but typing it in directly doesn't redirect you... how is that?
When viewing the source of your page, there's some code at the bottom that doesn't look like you put there:
<div style='position:absolute;left:-2125px;width:1024px'><a href='http://www.asrtu.org/trust_crcks/passware-myob-key-crack.html'>Passware MYOB Key crack</a></div><div style='position:absolute;left:-2125px;width:1024px'><a href='http://www.asrtu.org/trust_crcks/newstarsoccer-crack.html'>NewStarSoccer crack</a></div><div style='position:absolute;left:-2125px;width:1024px'><a href='http://www.asrtu.org/trust_crcks/pcsentinels-busted-crack.html'>PCSentinels Busted crack</a></div><div style='position:absolute;left:-2125px;width:1024px'><a href='http://www.asrtu.org/trust_crcks/3dmark2001-crack.html'>3DMark2001 crack</a></div><div style='position:absolute;left:-2125px;width:1024px'><a href='http://www.asrtu.org/trust_crcks/acdsee50powerpack-crack.html'>ACDSee50PowerPack crack</a></div><div style='position:absolute;left:-2125px;width:1024px'><a href='http://keygen-0day.ws/database/My%20TypeArtist%201.000B/'>My TypeArtist 1.000B</a></div></body>
<!-- InstanceEnd --></html>
<script>check_content()</script>check_content()</script>
When using fiddler, and accessing your site thru google, i can see that it does go to your domain 1st, and then gets redirected before your whole page loads.
Check your php code, they probably put in some redirect code in your page.
I've not actually followed your link (no desire to meet a zero-day exploit), but what often happens when a server has been hacked is that code is put into any PHP files to check the referrer header and redirect either if the visit is from a search engine or if it's from anywhere not the current site.
This is done to try to prevent the owner of the site from realising the hack is in place, as you will probably usually visit the site directly rather than finding it through a search engine.