WordPress.org

Ready to get started?Download WordPress

Forums

False subdomain URL links to spam (not 404 page) even though site is clean. (4 posts)

  1. MSC.000
    Member
    Posted 10 months ago #

    Hi there,

    I cleaned up this site (http://www.seydwaysactingstudios.com) a few weeks ago after it was hacked and it has since passed the Google malware health test.

    However, I noticed today that when I type in a subdomain URL for a page that doesn't exist such as http://www.seydwaysactingstudios.com/acting, instead of going to a 404 page, it goes to a spam page that is obviously not related to the content of my site.

    I have not received any notices that the site has been hacked since I have cleaned it up, so I believe it to still be clean. All internal links work within the site.

    Does anyone know what may be causing this and/or what the solution might be? The 404.php template is also clean.

    Thanks!

  2. Pioneer Valley Web Design
    Member
    Posted 10 months ago #

    It's not a redirect - so it's either in the DB (and hidden from the page editor) or actually is still there (could be a page template).

    See:

    http://validator.w3.org/check?uri=http%3A%2F%2Fwww.seydwaysactingstudios.com%2Facting&charset=%28detect+automatically%29&doctype=Inline&group=0&ss=1

  3. MSC.000
    Member
    Posted 10 months ago #

    Thank you so much for getting back to me so fast! This is really helpful!

    The only missing piece for me is I don't understand which file I need to alter in order to get rid of the click3.php and /vg2 files. All of my page templates look fine.

    You mention it could be hidden from the page editor; would I be able to see it in the cpanel and if so, do you have any ideas what it might be called? I've been digging through it with no luck so far...

    Thank you!

  4. Pioneer Valley Web Design
    Member
    Posted 10 months ago #

    The ? indicates that the data may be dynamic - that points to a .js file, your DB, or both...

    but I found this related (from a few days ago)

    http://stackoverflow.com/questions/15712922/unknown-website-redirect-could-client-somehow-be-hacked

    Google "click3.php?" (Be very weary visiting any unknown sites/links, stackoverflow is well known)

    BTW, the links are in your menu:

    <ul id="menu">
    
    <li><a href="/click3.php?S7QysarOtDKyzrQyBGITKG0KpY2t_axrAQ" title="Home">Home</a></li>
    <li><a href="/click3.php?S7QysarOtDKyzrQyBGITKG0KpY2t_axrAQ" title="U.S">U.S.</a></li>
    <li><a href="/click3.php?S7QysarOtDKyzrQyBGITKG0KpY2t_axrAQ" title="WORLD">WORLD</a></li>
    <li><a href="/click3.php?S7QysarOtDKyzrQyBGITKG0KpY2t_axrAQ" title="BUSINESS">BUSINESS</a></li>
    <li><a href="/click3.php?S7QysarOtDKyzrQyBGITKG0KpY2t_axrAQ" title="POLITICS">POLITICS</a></li>
    <li><a href="/click3.php?S7QysarOtDKyzrQyBGITKG0KpY2t_axrAQ" title="ENTERTAINMENT">ENTERTAINMENT</a></li>
    <li><a href="/click3.php?S7QysarOtDKyzrQyBGITKG0KpY2t_axrAQ" title="LEISURE">LEISURE</a></li>
    <li><a href="/click3.php?S7QysarOtDKyzrQyBGITKG0KpY2t_axrAQ" title="HEALTH">HEALTH</a></li>
    <li><a href="/click3.php?S7QysarOtDKyzrQyBGITKG0KpY2t_axrAQ" title="SCITECH">SCITECH</a></li>
    <li><a href="/click3.php?S7QysarOtDKyzrQyBGITKG0KpY2t_axrAQ" title="OPINION">OPINION</a></li>
    <li><a href="/click3.php?S7QysarOtDKyzrQyBGITKG0KpY2t_axrAQ" title="SPORTS">SPORTS</a></li>

    If using a custom menu, dump it.

Reply

You must log in to post.

About this Topic