: Website marked as "may be hacked" by google My website is marked by google as "may be hacked". Through the admin panel of google search console, I see several links that are list as "URL
My website is marked by google as "may be hacked". Through the admin panel of google search console, I see several links that are list as "URL injections".
My site is built with opencart. As you can see from the image there are two new entries of today(7/4/2016). I open these two links and there are no actual contents on them, just opencart's 404 page. I go through the HTML but no abnormal script or content is found. I use google's "fetch as google" feature, it seems what google fetches is not different from what I see from browser's view source panel.
So my questions(mostly out of curious, not merely aiming to solve the problem) are:
How does google determine these pages are compromised if there are no malicious code can be found from both my browser or google's "fetch as google"?
How does the hackers take advantage of these "injected URLs" if there are no actual malicious content or script on them? Or is the malicious content/script only visible to some certain people(not including me obviously)?
More posts by @Ann8826881
1 Comments
Sorted by latest first Latest Oldest Best
How does google determine these pages are compromised if there are no malicious code can be found from both my browser or google's "fetch as google"?
Google may be using a separate IP address that is not the same as that used when the "fetch as google" operation is performed. For example, someone actually working at google might be randomly manually scanning your page and could find something different.
How does the hackers take advantage of these "injected URLs" if there are no actual malicious content or script on them? Or is the malicious content/script only visible to some certain people(not including me obviously)?
The latter. Your server is programmed to deliver different content based on IP address and/or group of IP addresses. Look for configuration files like .htaccess if you have apache and remove any lines that look like IP addresses. You want to serve the same guest content to all guests to your site.
Also, check the opencart PHP code and look for anything in there that would cause different content to load based on remote IP address. It's likely that your .htacccess or the PHP code itself is modified to the hackers needs.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.