WordPress.org

Ready to get started?Download WordPress

Forums

Pharma Hack advice? (6 posts)

  1. Konn Lavery
    Member
    Posted 11 months ago #

    Hi everyone,

    I've got a challenging Pharma Hack with a client. I have been dealing with that is very similar to the thread I found here:
    http://wordpress.org/support/topic/pharma-hack-variant-anyone-experienced-it

    So I did some further research about it and found a number of resources:

    I have cleaned out my files looking for injected code, re-installed wordpress, updated/changed out dated plugins, cleaned out database (reverted to an older database prior to the hack), new ftp user, new passwords, new wordpress passwords, new mysql database/password

    After this, I have resubmitted the site to Google, updated sitemap and request crawling for individual pages.

    Yet the titles in Google search still appear on a number of the pages when searching the site. However, searching directly for the site with Google's search operator site: the titles are as intended.

    Could this just be Google's cache not updating yet or is it possible the injected code is still being applied?
    Note: After reinstalling wordpress last night I checked this morning to see if any new files have been injected into the site and there doesn't appear to be any.
    I've contacted my server provider (Dreamhost) about this and waiting for a response too.

    Any advice would be of huge help.

    Thanks.

  2. esmi
    Forum Moderator
    Posted 11 months ago #

    Yet the titles in Google search still appear on a number of the pages when searching the site.

    It may take a while for Google's index to update fully. I did notice that you were missing one really good post-hack resource: http://ottopress.com/2009/hacked-wordpress-backdoors/ Could be worth a read.

  3. Konn Lavery
    Member
    Posted 11 months ago #

    Thanks for getting back to me Esmi, that resource is pretty informative about what backdoors exactly are.

    Dreamhost got back to me and they scanned through the site and didn't find any suspicious files. I'm seeing if we can do a further scanning with the other ftp users on my account like mentioned in the other thread to see if the code is originating elsewhere.

    Or perhaps it's as simple as Google's cache just needs some time to update.

    I'll post back with updates or if anyone has other ideas.

    Thanks again.

    EDIT: I did search through the database based on the article you shared Esmi and reviewed the custom theme I built for for any backdoors. Since the database and theme are the two consistent pieces that is being re-uploaded after a fresh install. Yet they come back clean too.

  4. esmi
    Forum Moderator
    Posted 11 months ago #

    No probs. Fingers crossed that it's just Google being a bit slow.

  5. leejosepho
    Member
    Posted 11 months ago #

    Just a guess here, but I recently learned Google Webmaster Tools will let you remove a link from their database, and maybe doing that plus re-submitting your site map could speed things up a bit.

  6. Konn Lavery
    Member
    Posted 11 months ago #

    Thanks for the advice leejosepho. I requested google to remove the specific pages from their database and re-submitted the pages to crawl for and it worked.

    So Google just needed more time to refresh their cache from the hacked pages.

    Thanks for the assistance everyone!

Reply

You must log in to post.

About this Topic

Tags