WordPress.org

Ready to get started?Download WordPress

Forums

Cialis ad displaying only to google bot (3 posts)

  1. dionsis
    Member
    Posted 2 years ago #

    I'm perplexed how this keeps getting in

    I've done all the usual items of files to 644 folders to 755, delete all files and install again to clean directories. Installed a firewall and that.

    However every week or so, I find a new malware is inside my WordPress install, this time, it's a advert for Cialis that only shows to Google Bot.

    I had to use a google bot emulator to see it as the site looks normal in an actual browser.

    If anyone wants to see what this is doing
    use the link
    http://www.goldenplec.com/news/bressie-play-whelans/
    and use
    http://www.smart-it-consulting.com/internet/google/googlebot-spoofer/index.htm

    and click view as google bot. It's ruining my search engine positioning with advertising for cialis in the meta description and content.

    Anyone seen this or link me to this issue seen before, I tried search but none of the issues coming up seemed the same.

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    every week or so, I find a new malware is inside my WordPress install, this time, it's a advert for Cialis that only shows to Google Bot.

    Either you have a bad host with poor server security or you are not cleaning the hacker's back doors out of your site. See:
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

  3. dionsis
    Member
    Posted 2 years ago #

    I have done everything on the first link verbatim, I am doing it so regularly it's stuck in my head process wise.

    The second link
    I have a script I wrote to grep my entire webfile for eval(base64 and the backwards version of it and mail me with the locations of files with such in them (and I eliminate the one's that are in the standard WP). This now runs every 2 hours to keep me informed of any hackings

    wp-config.php is clean and standard
    index.php is clean and standard

    I know you are now going to point towards the host but I have root access I can change anything if I know how they might be getting in. It only seems to be wordpress that I'm getting caught on.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.