Our website has been recently hacked (Joomla 1.5, hosted on VPS). Attacker added few php scripts that were redirecting to some ad sites. We have cleaned everything (or at least we think we did), and now everything works as it should.
However, links on Google (or Yahoo) that are pointing to our web site are still trying to include these php scripts (and returns 404 as these are deleted now). Direct links from browser works as they should.
We have cleaned site 10 days ago, so I do not think that something is cached at Google servers. Re-indexing should be done by now.
To reproduce this behavior:
Go to www.google.com
type in "anitex socks"
click any php link that starts with "anitexsocks.com"
You will get "The requested URL /wp-includes/client.php was not found on this server" + 404 error
Refresh page and everything works without issues
Why are only Google links making troubles?
Any help is welcome. Thanks!
As for the reason why this is happening, I installed a firefox add-on which blocks my browser's Referrer Header and then followed a Google link to your site and it worked fine. Then I disabled the add-on and the problem started occurring again.
This shows that there is still some malicious code running on your website which is checking all http requests to see if they come from Google (based on checking the HTTP Referrer header) and redirecting them to /wp-includes/client.php if they do,
To try to determine where this code may lie, try performing a recursive grep through all your www files on your server as well as your www configuration files,somewhere in there there must still be a reference to that client.php script, hopefully you can find and eliminate it.
That said, if it were my site and I knew a hacker had had free reign over my server to do whatever they wanted to it, I would not mess around with trying to undo the damage and would instead restore the most recent backup from before the site was hacked. You only have to miss one back door the hacker left in place and they can re-enter your site. After restoring backups, you should also upgrade/reconfigure the software they used to gain access in the first place so they can't simply rehack it in the same manner again.
Related
I have created a new website www.bucketshowers.com and I tried to index it using google webmaster tools. Fetch as Google for the desktop worked just fine, but doing the same for mobile shows an error "Temporarily unreachbale". It's been a few days and the website REALLY is not avaible on mobile. It's driving me nuts. Here're is some information and things I have already tried:
Website is made with WP
I have disabled all SEO/meta tags plugins and I added a very basic robots.txt http://bucketshowers.com/robots.txt
I tried waiting 15min between fetching the root page on mobile
I have checked source code for the homepage to make sure there are no meta tags with nofollow or noindex attributes
I baffled by this issue and I would gladly take any advise/pointers what else can be done. Thank you.
The crazy thing was, that it was caused by WP Statistics plugin, which is probably the most popular from its kind - 500k downloads. When I deactivated it, everything is fine, google fetches of the mobile and the website is available. Incredible! I'm still searching for the actual problem within that plugin.
Quite of a newbie question here but recently our Web Developer left our (small) company and has left us in a bind.
We recently (2 days ago) redirected our site to a newer and mobile friendly model and was working well for quite some time. For whatever reasons management deemed they needed to roll back the site to its original model and the site is breaking whenever you type in http://www.example.com. However, https:// works perfectly fine, and it seems like it has something to do with the htaccess file -- but being just the project manager, coding comes second in terms of skill.
If it helps our site is www.mauriprosailing.com -- currently still trying to figure out why the "www" and "http" is breaking the site.
If needed I can post a .txt of our htaccess if that helps.
I appreciate all the help and apologize if this was too broad of a question!
Solution: Granted this may not apply to everyone -- but the problem was not within the htaccess file but with caching of the server. The server was not pulling the right the .css file therefore causing an "explosion" of our site and I found that purging all of cached files did the trick.
I have a website which is infected by some malicious malware. In the beginning I could notice that there was some strange javascript code on the site pages so I delete it and everything was fine for a few days, but now google lists the website as dangerous even though that I have checked the site code for any strange code but I could not find anything.
I have try Sucuri SiteCheck and it detects redirections to a malicious site. At first I thought that it may be an .htaccess file that was doing the redirection but I checked the files on the shared server and there is no .htaccess file.
Any ideas on how to solve this?
Your hosting account has bee hacked. Change your password on your hosting service. Go through your site code once more (every file) and look for things that don't belong. Clear your browser cache and then try again. If your account is hacked again, find a new hosting service. Once you're sure that your site is clean and your account has been secured, let Google know about the problems and request a removal from their suspect list:
Google support
check your .htaccess file for the redirection or the whether the files contain and unwanted malicious java script.
I previously set a directory on my web server to require a username/password during development phase. I have since removed the .htaccess file to remove the password, I have also checked the cPanel to make sure there are no settings for a user/password.
Despite this, Chrome keeps asking for a username/password. If I click Cancel, the page continues to load anyway.
This only happens on Chrome Windows and Mac. I have cleared the entire cache for Chrome but to no avail. I am not able to replicate the problem on Firefox 4 or Internet Explorer 9.
I figured it out. I was silly enough to have left the URL pointing to a domain which does ask for a username/password but the domain it was pointing to was for the development site. Not sure why the other browsers didn't do the same thing but updating the base href has solved the problem.
We have a CMS system whose web interface gets served over HTTPS. This works beautifully for Firefox, but when we load it in IE6 or IE7, it complains that "This page contains both secure and nonsecure items."
I've loaded the page in Firefox and checked with Firebug, and every connection seems to be going through HTTPS, as should be the case.
Is there any way to tell what is causing IE to throw this apparently spurious error?
Firefox has a number of bugs in mixed content detection. Generally you should try using Fiddler to spot insecure resources.
If you install a tool I wrote (www.bayden.com/dl/scriptfreesetup.exe) you will get a different mixed content prompt which shows the exact URL of the first insecure resource on the page. That tool is basically a prototype and you should uninstall it when you're done with it.
Use Fiddler to watch the traffic between the server and IE.
Be sure to go to Tools > Fiddler Options... > HTTPS > and check 'Decrypt HTTPS traffic'
Any non-HTTPS traffic generated between any server and IE should be easy to spot in the Web Sessions list.
I used Eric's tool (thanks Eric you saved me hours...) and it turns out that IE6 treats a background image specified with a relative path as nonsecure content. Even though it actually requests it over https. So if you're stumped - converting your relative paths to absolute ones might really help...
Are one or more resources (CSS url-image ref overlooked easily) pointing to a subdomain that's not covered by the certificate (https://www.example.com vs https://static.example.com)?
If you can't see anything that isn't using SSL, then this is usually down to a broken SSL certificate somewhere. I don't know of anything off-hand that will tell you what exactly what the problem is, but you can get a list of everything that's loaded easily enough.
The media tab on Firefox's 'page info' dialog (right click on the page) will do it, it might also be worth having a go with Fiddler (which is an excellent, and extremely useful piece of software).