: Search results for my website show content that isn't mine including pharmacy (Viagra and Cialis) I have a website and when I try a search like this: site:dichthuatviettin.com it gives me bunch
I have a website and when I try a search like this: site:dichthuatviettin.com it gives me bunch of result like this :
Those pages do not exists on my website, how did they get there?
I don't know what happening with my website anymore ! Any help or explaination why this happen ?
More posts by @Yeniel560
3 Comments
Sorted by latest first Latest Oldest Best
I have had this happen to me a while back on a shared server. Wexford's list is pretty comprehensive, but I wanted to include that the attacker also added their own key under .ssh/authorized_keys and was able to reinfect my site after I removed everything. I'm not sure if this is the case in your setup, but being on a shared server can expose you to attacks by other compromised sites (users) on the same server. Any world-writable directories can have web shells dropped in by any user on the server, and any world-readable application files containing database credentials can be read by other users, so your web application doesn't need to be vulnerable in order to be compromised. Hardening permissions on any sensitive files/directories is a good start, and removing the world-readable bit (but leaving the executable bit) on one of the top-most directories is another good step.
Your website has been compromised and it is being used by blackhat SEOs. This is a pretty common thing amongst spammers and the like. Take a look at: My site's been hacked - now what?, by Google.
Download a backup of your website. Make sure that you also backup the database, not just the files.
Get in contact with your web host and explain the situation.
Check to see if your software is out of date (Joomla, Wordpress). Do the same for all of your plugins. Search around to see if anyone else has reported any vulnerabilities in the plugins that you use.
Change all FTP passwords and usernames.
Ensure that your admin login is secure. Use usernames other than "admin" and "user". Change your password and make sure that it isn't easy to guess. Make sure that your site guards against brute force attacks as bots are constantly trying to break into Wordpress panels (two of my Wordpress-driven websites see attacks on a daily basis).
Take the site down for the time being until you've fixed the issue. Do what Google suggest and return a 503 HTTP status code.
If the site is custom, contact the developers.
Once a part of your website has been compromised, you should assume that everything on your website has been compromised.
A complete wipe and a fresh re-install of your software (Wordpress, Joomla) is in order. Sometimes, hackers will leave backdoor scripts that give them remote access or they'll inject code into core parts of your software.
Try to avoid applying 777 permissions to directories.
Looks like you've been 'hacked'. Someone found a method to upload pages to your server en got them indexed. Go through your site/database and do a deap search for those keywords.
Tip: with the commandline you can find and sort files on last edit date (this does last 25):
find . -type f -printf '%T@ %pn' | sort -n | tail -25 | cut -f2- -d" "
After that, check for holes, wrong rights, your uploads etc. If it's a Wordpress, Joomla Drupal site, or another framework, read into security about that framework. 'Hackers' love those sites and exploit them with bots.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.