Support » Everything else WordPress » Somebody hack me ?

  • Hello..there. I need help. I think I have a few pages with strange url, that i can see from my wassUp stats. That xxx is a porn site. And Google crawls it all the time. I never link to them in the first place. Please help. How to remove and block it because it’s not only one page.
    eg :
    /page/92/?ref=www.xxx.com-www.xxx.com-www.xxx.com-www.xxx.com

    Please reply

Viewing 11 replies - 1 through 11 (of 11 total)
  • Hi,

    What happens when you open such links? Will it open a page on your site or redirect you to that porn site?

    You might need to check your .htaccess file.

    Thankyou for your reply. A page on my site opens, not a redirect to the porn site. I did check my .htaccess but don’t see any suspicious entries. Do I have a big problem?

    Yes, you do.
    Go there:
    http://wordpress.org/support/topic/218836?replies=4
    and follow the links (for search)

    whooami

    (@whooami)

    Member

    O my God…

    is very scary ! Thanks for all help and please always help me !!

    Hi,

    I can see those strage pages but I don’t see them doing anything illegal. They just load the appropriate page of the blog archive and seem to ignore the ref part of the URL.

    Can anyone tell me what’s wrong with them?

    whooami

    (@whooami)

    Member

    They just load the appropriate page of the blog archive

    No they dont. If what you were saying is true, they would be sent to the front of the blog. And even that happening doesnt rule out what I’m suggesting.

    I cleaned out a very similar hack from a site about 3 months ago, and theyve been discussed here before.

    I had to really hunt to find the thread I was thinking of but I did find it:

    http://wordpress.org/support/topic/211645?replies=2#post-880182

    thats actually an ‘after the hack’ cleanup. It was a very similar situation, the only difference being the variable, in this case ?ref.

    Everything is too hard for me 🙁

    I’m waiting until WP 2.7 That’s the only thing I think I can do.

    Is there someone who can fix my problem and does’t cost too much?

    @whooami: Really, I still can’t see what’s wrong with those pages except for the unwanted ref parameter, which seems to be ignored. When I click those links I see appropriate pages of the blog archive. Here you can see the screenshots:
    http://useshots.wordpress.com/2008/11/22/strange-refs/

    I don’t see anything sinister there.

    @balisugar: You can also request Google to remove those links from their index via there Webmaster Tools (http://www.google.com/webmasters/tools/)

    Thanks to all who have given me some attention. I really appreciate it.

    I’ve been removing those links with my webmaster tools and blocking with robots text.
    But I found something strange in my WassUp plugin, which sometimes shows:

    209.190.85.114 2008-11-23 11:24:36
    /feed
    Referrer: From your blog
    Hostname: 209.190.85.114
    FEEDREADER: wp-autoblogSimplePie

    IP 209.190.85.114 is not mine. How come I get a referrer from my own blog? Like, am I supposedly visiting myself ? I know nothing about wp-autoblogSimplePie.

    I don’t have dedicated server. My IP is not static but my IP always start with:
    Home : 125…
    My 3G Phone: 114

    Those referrers “from your blog” is not the only one weird thing. I forget now which one else, but when I clicked the “Hostname”, it landied in my homepage with a link like this:
    http://www.balisugar.com/wp-admin/balisugar.com
    Is that normal? And the incoming links in my dashboard are always gone!

    Sometimes I’m “visited” by balisugar.com/ or http://balisugar.com
    My URL used to be http://balisugar.com until I redirected it to www because of duplicate content. How many am I? I have only one URL (I thought)! I’m only using Bluehost as my webserver. I feel like there might be another person in my blog, like a hidden user.

    I’ve made robots.text files like :
    Disallow: /wp-admin
    Event I block :
    Disallow: /contact/
    Disallow: /author/
    Disallow: /wp-*/

    According to webmaster tools, wp-admin is allowed. Hmm, maybe I put something wrong there! It’s very confusing for me. I copy and paste from people.

    Sorry to confuse everybody. I’m still learning.
    I can’t wait for WP 2.7 to come out. I will upgrade my blog.
    Don’t leave me alone!

    sorry… I mean sometimes i’m visited by balisugar.com/
    or http://balisugar.com

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Somebody hack me ?’ is closed to new replies.