I’ve noticed that when i search for my website on google my meta description for most my posts are being shown as: Play games in casinos online to win hefty prizes, you will definitely love to win more. Choose always the legal and casino no deposit bonus to enjoy playing.
Meta description as displayed on google: http://goo.gl/30Kv9T
I have posted about this before and I think it is similar to the pharma hack that i’ve been reading about, or it probably is. it was suggested to perform grep commands via SSH
to find the below
#grep -irl “sn8up6” ./*
#grep -irl “casino” ./*
I am unsure of how to use SSH, to do these commands so could anyone give me any advice before I enable my SSH, also my host is asking for a photocopy of a utility bill, or either a photocard driving license or photo page of passport , is this normal to ask for when asking for SSH access? I dont know if I feel comfortable emailing these documents.
I have thought about paying for this to be removed via sucuri but I cant pay for one time jobs. Does anyone know how I can do remove this, I am nervous to delete or reinstall anything, also because I need this website to be submitted as part of my assessment soon at university, so do not want to mess anything up. If I do reinstall everything and export the WordPress XML file of my posts from the site, is it possible any malicious code could be in there?
Does this hack affect anything else apart from the meta descriptions, I have seen the casino related descriptions before a few months before and thought nothing of it until now, any advice on what to do?
Learning to use SSH is a little outside the norm of help given here.
That has some directions.
grep is a search tool, it doesn’t delete or edit anything (which you can google to learn about that too).
Thanks, I have contacted my host to see if they can remove it for me, waiting for a reply.
If it is a plugin which is adding malicious code on your website then you must disable all plugins and check if the code is still present through source code check. Let us know that as well.
Rijo, Pharma is a hack that came in through a plugin but infects the database, so it’s harder than most to fix :/
I went through my plugins, deactivating all then activating one by one to see when the code would appear and I think it is in the Tumblr Photoset Like Gallery for WordPress plugin, so what shall I do now to fix? I would still like to use this plugin? I just tried reinstalling the plugin, but it is still there, so unsure what to do now, guess next best thing is to wait for my host to reply.
You need to start working your way through these resources:
- The topic ‘Pharma hack, how to use SSH?’ is closed to new replies.