WordPress.org

Ready to get started?Download WordPress

Forums

Site hack showing wrong search information on Google search (6 posts)

  1. mrkenray
    Member
    Posted 3 years ago #

    hi - I've been researching this all morning.
    when you google my site - WestTrinity.com in google, the description comes up an an online pharmacy...and we are a blues band.
    I don't have the skills to know what is going on behind the code, but I did download ALL of the site files from the surface down, and can not find the word "pharmacy" in the code.

    there is a post on http://wordpress.org/support/topic/security-issue-site-hack-showed-wrong-search-information-on-google-search?replies=1

    about a similar experience, but I can find none of what he mentions in my code.

    also, I see this expliot has happened to several of the other sites I host at dreamhost.com - ruecler-durham.com being another example.

    is anyone else getting this???

  2. mrmist
    Forum Janitor
    Posted 3 years ago #

    It sounds like a fairly typical redirection hack.

    Check your .htaccess file for anything odd, then check the index.php against a clean download of the WordPress zip.

    See also http://codex.wordpress.org/FAQ_My_site_was_hacked

  3. mrkenray
    Member
    Posted 3 years ago #

    I've looked in both places - the HTACCESS and index.php files side by side and there is no difference...I wish this on was that easy...

  4. mrmist
    Forum Janitor
    Posted 3 years ago #

    Ok, Google must be being redirected somewhere along the line to produce the behaviour you have seen in the search results.

    Are you signed up to Google Webmaster Tools? If so you can use their labs -> fetch as googlebot on one of your URLs to see what it sees.

    What does show up in your site root .htaccess?

  5. You may want to check ALL your files. Like your plugins too.

    Read http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php

  6. mrkenray
    Member
    Posted 2 years ago #

    Just wnted to let everyone here know, the solution to the "pharma" hack is to list your PHP files by SIZE in FTP.
    your index, or any other PHP file in wordpress ain't gonna be 90K.
    when you see the one that is rediculously large, replace that file with the 5k (or smaller) file from the newest download of wordpress.

    THe code that is injected to make the pharma hack work looks like junk.
    If you are browsing through a php file in notepad, and you see thousands of lines of crap like: akljfnh laweuhfiaweughfoiawghfjbawliucgfwiueg roa wuigherp2983yr5 pawuhert pavwyheo;awehrvpiaweuhfraoweuh
    then that is the file that is infected.
    replace that file and all will be well.

Topic Closed

This topic has been closed to new replies.

About this Topic