Deleting a ?ref=ARKADASBUL.NET hack (6 posts)

  1. michaellinder
    Posted 6 years ago #

    Google Webmaster tools turned up several pages on my site that seem to have been hacked by a Turkish dating web site anxious to boost its search presence. I suspect that a now-deleted plugin with hidden malware may have infected my WordPress site at some point since these entries exist in a limited time frame.

    In any case, it leaves behind the site name as a ?ref for previous and next entry links.

    A typical page shows up as /page/20?ref=ARKADASBUL.NET

    A Google search of ?ref=ARKADASBUL.NET turns up zillions of pages that have been so infected on all kinds of web sites. Can someone help me disinfect mine?


  2. esmi
    Forum Moderator
    Posted 6 years ago #

  3. michaellinder
    Posted 6 years ago #

    Nuking the entire site seems a rather extreme cure to remove one little command that once wrote some ?ref names to a few posts.

    Can someone tell me in which file a ?ref write command may be lurking, or how to exorcise them from some specific posts?

    It'd be a far more surgical strike to repair that .php page than to subject my server and site to the WordPress equivalent of radiation and chemotherapy.

  4. Samuel B

    Posted 6 years ago #

    well unless you find the way the hack was inserted you are never rid of it
    really up to you

  5. michaellinder
    Posted 6 years ago #

    WordPress clearly seems to be to blame for failing to prevent this Google cloaking hack.


    And WordPress' best response is to nuke your site and start over? Until the next time it strikes? That's pretty lame. So much for WP sophistication. Just cut and paste an "if you've been hacked" message and look the other way.


  6. michaellinder
    Posted 6 years ago #

    ...and let's hear it for WordPress' Matt for further clouding the issue with an ego rant instead of searching for solutions.


    WP has a serious, unsolved problem and amateurs are thumping their chests. Just what we need.

Topic Closed

This topic has been closed to new replies.

About this Topic