Sounds like you’ve been hacked. Could be a sneaky redirect based on Googlebots IP address, htaccess, cookie presence based or by some other nefarious means.
Whatever, these links will get you started.
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
Thread Starter
icash
(@icash)
Thanks for the response alism. Yes, I have been hacked. I would like to determine where the hack occurred if at all possible.
I deactivated all plugins and looked at the results the googlebot fetched, and still had the problem.
Has this problem happened to anyone else?
Many times. You’ll need to do some detective work yourself. Take a look at your server logs, see if you can spot anything there. Scan your PC for malware, in case your FTP login details are being stolen. If you’ve been running an old version of WordPress for some time, it might be due to that. Look for extra/hidden admins. Might be via an insecure script your using elsewhere in your webspace. Perhaps its come through shared hosting.
There’s loads of possibilities and only you can really find the answer as to how it happened. The above links outline most of the steps needed to fix though.
Thread Starter
icash
(@icash)
alism, again, thanks for the response. I am on the latest version of WordPress. I have scanned my PC for malware, and in fact, had FTP access locked down and restricted the last time that my WordPress sites were hacked.
This isn’t the ole extra/hidden admin hack. It is quite different.
This is a very specific hack. They are cloaking or redirecting the googlebot to content that is different than my pages.
Has this specific hack happened to anyone else? If so, any pointers on where they may have made changes to do this cloak or redirect?
This type of hack is by no means new.
Might be a hacked script somewhere in the WordPress core, your theme or in one or more of your plugins detecting the useragent/ip and serving the otherwise hidden content, or could be based on your .htacess file. Changes to plugins and themes are common as they won’t get overwritten when you upgrade.
Thread Starter
icash
(@icash)
alism, again thanks. I never said it was new.
I’ve dug through my .htaccess file – that was one of the first things I tried. I’ve deactivated my plugins and checked the googlebot results and get the same results – google sees content other than the real content when it crawls the pages, all about pharmaceuticals.
I’ll keep trying to track it down.
If anyone has experienced this issue and has resolved it, I’d love to hear from you. Thanks in advance.
