WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Searches Forwarding elsewhere (7 posts)

  1. joetaxpayer
    Member
    Posted 2 years ago #

    I posted here about my being hacked. Many helpful links to articles/advice resulted, thank you.

    One issue remains - searches on Bing, Yahoo etc forward elsewhere. (I shut down google from even bothering to list me for now)

    To spell it out - I search on me, JoeTaxpayer, in Bing, and see my page in the results. The link looks normal, but when clicked it forwards elsewhere. Even when I take my site offline, this still happens. Has anyone ever seen this, and is there more to do than wait for searches to fix themselves? I was getting a decent level of visits from searches on my topics. They are now zero.

  2. rokk
    Member
    Posted 2 years ago #

    I's probably on of these reasons;

    1. Your domain has been repointed to another dns server.
    2. They have left some code on your server. Check for RewriteRules in your .htaccess, header(location: ) in your php-files, response.setHeader in your html/js and q->redirect if you have any cgi perl scripts.

    /rokk

  3. esmi
    Forum Moderator
    Posted 2 years ago #

    You might also want to have a word with your hosts about this in case there's a problem outside of your WordPress site.

  4. joetaxpayer
    Member
    Posted 2 years ago #

    htaccess:
    ---------------------------------------
    Options All -Indexes
    AddType x-mapp-php5 .php
    AddHandler x-mapp-php5 .php
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress
    -----------------------------------

    Will keep looking around. DNS points to my server folder. And the URL resolves correctly. It's only the search results that do this.

  5. joetaxpayer
    Member
    Posted 2 years ago #

    esmi - I am researching a new host. Current host has nothing to offer for this or any hacks.

  6. joetaxpayer
    Member
    Posted 2 years ago #

    Final update - very clever hack. A visitor to my site saw no issue. A click on a search result led elsewhere.
    I wrote a detailed description to my host who replied "google searches refresh after a few weeks."

    A kind reader of the webmaster forums at Google wrote a Simple script to find base64_decode in your files which uncovered the offending code. It's a simple PHP script you put in your main directory and just go to yoursite.com/findstring.php and it lists offending files.

    In the end, it was the code for my theme which was infected. So not knowing the source, I might have just reloaded the entire site to clear out anything. The real issue was the symptom was clever enough to lead me to think it was search engine related. The Code from the site linked here can easily be changed to find anything, iframe code, etc.

    I ask - Should a host, when asked about these symptoms have been able to advise I still had an issue? i.e. I had base64 injected code. If not, I accept that and need to be my own IT guy. I would just like to understand what service I should expect, and if mine is so low I should move on to a new host.

  7. joetaxpayer
    Member
    Posted 2 years ago #

    I got a warning from my host that my server was sending a tremendous volume of email bouncing as spam. A tech in the abuse dept was very helpful. A back door to my server was created through a joomla installation I had in an old folder. This tech helped me isolate all corrupt files, and I deleted the joomla/drupal/wiki stuff I had tinkered with but never used.

    I hope this ends the issues long term.

Topic Closed

This topic has been closed to new replies.

About this Topic