WordPress.org

Ready to get started?Download WordPress

Forums

Somebody hack me ? (12 posts)

  1. Balisugar
    Member
    Posted 5 years ago #

    Hello..there. I need help. I think I have a few pages with strange url, that i can see from my wassUp stats. That xxx is a porn site. And Google crawls it all the time. I never link to them in the first place. Please help. How to remove and block it because it's not only one page.
    eg :
    /page/92/?ref=www.xxx.com-www.xxx.com-www.xxx.com-www.xxx.com

    Please reply

  2. UseShots
    Member
    Posted 5 years ago #

    Hi,

    What happens when you open such links? Will it open a page on your site or redirect you to that porn site?

    You might need to check your .htaccess file.

  3. Balisugar
    Member
    Posted 5 years ago #

    Thankyou for your reply. A page on my site opens, not a redirect to the porn site. I did check my .htaccess but don't see any suspicious entries. Do I have a big problem?

  4. moshu
    Member
    Posted 5 years ago #

    Yes, you do.
    Go there:
    http://wordpress.org/support/topic/218836?replies=4
    and follow the links (for search)

  5. whooami
    Member
    Posted 5 years ago #

  6. Balisugar
    Member
    Posted 5 years ago #

    O my God...

    is very scary ! Thanks for all help and please always help me !!

  7. UseShots
    Member
    Posted 5 years ago #

    Hi,

    I can see those strage pages but I don't see them doing anything illegal. They just load the appropriate page of the blog archive and seem to ignore the ref part of the URL.

    Can anyone tell me what's wrong with them?

  8. whooami
    Member
    Posted 5 years ago #

    They just load the appropriate page of the blog archive

    No they dont. If what you were saying is true, they would be sent to the front of the blog. And even that happening doesnt rule out what I'm suggesting.

    I cleaned out a very similar hack from a site about 3 months ago, and theyve been discussed here before.

    I had to really hunt to find the thread I was thinking of but I did find it:

    http://wordpress.org/support/topic/211645?replies=2#post-880182

    thats actually an 'after the hack' cleanup. It was a very similar situation, the only difference being the variable, in this case ?ref.

  9. Balisugar
    Member
    Posted 5 years ago #

    Everything is too hard for me :sad:

    I'm waiting until WP 2.7 That's the only thing I think I can do.

    Is there someone who can fix my problem and does't cost too much?

  10. UseShots
    Member
    Posted 5 years ago #

    @whooami: Really, I still can't see what's wrong with those pages except for the unwanted ref parameter, which seems to be ignored. When I click those links I see appropriate pages of the blog archive. Here you can see the screenshots:
    http://useshots.wordpress.com/2008/11/22/strange-refs/

    I don't see anything sinister there.

    @Balisugar: You can also request Google to remove those links from their index via there Webmaster Tools (http://www.google.com/webmasters/tools/)

  11. Balisugar
    Member
    Posted 5 years ago #

    Thanks to all who have given me some attention. I really appreciate it.

    I've been removing those links with my webmaster tools and blocking with robots text.
    But I found something strange in my WassUp plugin, which sometimes shows:

    209.190.85.114 2008-11-23 11:24:36
    /feed
    Referrer: From your blog
    Hostname: 209.190.85.114
    FEEDREADER: wp-autoblogSimplePie

    IP 209.190.85.114 is not mine. How come I get a referrer from my own blog? Like, am I supposedly visiting myself ? I know nothing about wp-autoblogSimplePie.

    I don't have dedicated server. My IP is not static but my IP always start with:
    Home : 125...
    My 3G Phone: 114

    Those referrers "from your blog" is not the only one weird thing. I forget now which one else, but when I clicked the "Hostname", it landied in my homepage with a link like this:
    http://www.balisugar.com/wp-admin/balisugar.com
    Is that normal? And the incoming links in my dashboard are always gone!

    Sometimes I'm "visited" by balisugar.com/ or http://balisugar.com
    My URL used to be http://balisugar.com until I redirected it to www because of duplicate content. How many am I? I have only one URL (I thought)! I'm only using Bluehost as my webserver. I feel like there might be another person in my blog, like a hidden user.

    I've made robots.text files like :
    Disallow: /wp-admin
    Event I block :
    Disallow: /contact/
    Disallow: /author/
    Disallow: /wp-*/

    According to webmaster tools, wp-admin is allowed. Hmm, maybe I put something wrong there! It's very confusing for me. I copy and paste from people.

    Sorry to confuse everybody. I'm still learning.
    I can't wait for WP 2.7 to come out. I will upgrade my blog.
    Don't leave me alone!

  12. Balisugar
    Member
    Posted 5 years ago #

    sorry... I mean sometimes i'm visited by balisugar.com/
    or http://balisugar.com

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.