Results 1 to 17 of 17
  1. #1
    Caruso is offline Public Member
    Join Date
    August 2003
    Location
    England
    Posts
    878
    Thanks
    5
    Thanked 409 Times in 214 Posts

    Default Can someone explain what has happened here?

    Here's my penultimate article:

    http://www.hundredpercentgambling.co...icle.php?id=96

    Click that and you'll go straight through.

    Now put it into the Google search box:

    https://www.google.co.uk/?gws_rd=ssl....php%3Fid%3D96

    What in the f**k has happened? Look at the link text! If you click that link, which correctly lists the link but with that...whatever link text, it takes you straight through to any number of porn sites?

    I have no idea what's happened.

  2. #2
    Progger's Avatar
    Progger is offline Public Member
    Join Date
    November 2014
    Location
    New Zealand
    Posts
    1,422
    Thanks
    282
    Thanked 931 Times in 584 Posts

    Default

    Your Page is hacked....not only yours..some godaddy pages are hacked

    post your .htaccess file here...

    https://productforums.google.com/for...rs/Pwxg8amFaIE
    https://productforums.google.com/for...o/OzBe7EHZAwAJ

  3. #3
    Caruso is offline Public Member
    Join Date
    August 2003
    Location
    England
    Posts
    878
    Thanks
    5
    Thanked 409 Times in 214 Posts

    Default

    Only think that file says is "AuthType Basic"

  4. #4
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,040
    Thanks
    2,230
    Thanked 7,923 Times in 4,996 Posts

    Default

    Please do NOT post the contents of an htaccess file, especially one that may be compromised without using the "code" tags.

    There have been times where posting such code that might contain redirects have rendered threads inaccessible.

    Caruso, take a gander around in cpanel, if you have that access and look closely at the redirects there, just in case the sever or your cpanel was compromised.

    If your site is html, take a look at the head statements in your template, if it is wordpress, look closely at header.php within the theme folder (named the same as the theme you are currently using).

    It seems that article 96 seems to have a redirect in it.

    Let me know if I can help.

    Rick
    Universal4

  5. #5
    matthewt's Avatar
    matthewt is offline On Vacation
    Join Date
    July 2006
    Location
    US
    Posts
    526
    Blog Entries
    2
    Thanks
    1,003
    Thanked 141 Times in 112 Posts

    Default

    Maybe someone has your hosting logon.

  6. #6
    Progger's Avatar
    Progger is offline Public Member
    Join Date
    November 2014
    Location
    New Zealand
    Posts
    1,422
    Thanks
    282
    Thanked 931 Times in 584 Posts

    Default

    read the 2 links who i posted above and you can fix this error

  7. #7
    Caruso is offline Public Member
    Join Date
    August 2003
    Location
    England
    Posts
    878
    Thanks
    5
    Thanked 409 Times in 214 Posts

    Default

    Thanks, all. I've used GoDaddy's "Sitelock" - cost me 40 but it seems to have cleared everything. There were a bunch of pages with a load of weird **** on them, copies of which I've kept for nostalgia reasons. All those redirects are now OK (you can check on the page I posted) but the link text is still showing as before.

    I've requested a Google review, should clear all that and put it back to normal.

  8. #8
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,040
    Thanks
    2,230
    Thanked 7,923 Times in 4,996 Posts

    Default

    Glad to hear you are getting this taken care of.

    Just to be on the safe side of caution, I strongly encourage you to change your password for logins to the site, ftp etc, and if in fact root access was gained, you really should change the database password since any kind of ftp access could have viewed the configs to see the db passwords.

    GoDaddy can likely help you with those things and might be covered under their sitelock payment if you ask for help with that during the first few weeks.

    If it is a wordpress site, it is suggested to remove the askimet plugin if you are not using it, and if you are be sure to update that to the latest version as Leopold found a number of articles a while back that gave the indication the older versions of that had a flaw in it.

    If you need help with anything, be sure to let us know as there are a number of guys here that can help make recommendations on best practices etc...

    Rick
    Universal4

  9. #9
    FictionNet is offline Closed by Request
    Join Date
    December 1969
    Posts
    5,265
    Thanks
    1,437
    Thanked 1,252 Times in 653 Posts

    Default

    Yep, seeing some dodgy results. Number one result is "Hooters women models pics"

    I'm in

  10. #10
    Progger's Avatar
    Progger is offline Public Member
    Join Date
    November 2014
    Location
    New Zealand
    Posts
    1,422
    Thanks
    282
    Thanked 931 Times in 584 Posts

    Default

    You pay 40 pounts for fix ?

    xxhttps://aw-snap.info/articles/redirects.php
    xxhttps://aw-snap.info/articles/malware-of-the-day.php

    You need to close this gap or you get hacked again.

    regards

  11. #11
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,040
    Thanks
    2,230
    Thanked 7,923 Times in 4,996 Posts

    Default

    I have removed the links in the above post since the pages linked to gave an antivirus warning due to an iframe vulnerability.

    If anyone wants to research them, I suggest putting the link into google and then reading the cached page since visiting the page gives the warning.


    Rick
    Universal4

  12. The Following User Says Thank You to universal4 For This Useful Post:

    -Shay- (23 March 2016)

  13. #12
    Caruso is offline Public Member
    Join Date
    August 2003
    Location
    England
    Posts
    878
    Thanks
    5
    Thanked 409 Times in 214 Posts

    Default

    Quote Originally Posted by Progger View Post
    You pay 40 pounts for fix ?

    xxhttps://aw-snap.info/articles/redirects.php
    xxhttps://aw-snap.info/articles/malware-of-the-day.php

    You need to close this gap or you get hacked again.

    regards

    I have no idea what this means. I clicked one of those links and immediately got a virus warning.

    The programme I used located all the dodgy code - I tracked it down myself before letting it delete everything. I suspect something got into my machine and found its way into Godaddy, as the password was remembered. I've since changed it and set it to not remember it.

  14. #13
    Caruso is offline Public Member
    Join Date
    August 2003
    Location
    England
    Posts
    878
    Thanks
    5
    Thanked 409 Times in 214 Posts

    Default

    Quote Originally Posted by FictionNet View Post
    Yep, seeing some dodgy results. Number one result is "Hooters women models pics"

    I'm in

    If you click them they go to my site OK now.

  15. #14
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,040
    Thanks
    2,230
    Thanked 7,923 Times in 4,996 Posts

    Default

    Caruso,

    If you suspect your machine was compromised, you should scan it for virus and malware. Malwarebytes is one of the best anti-malware programs, and a scan from any number of antivirus programs would be a good thing.

    If you have a local tech that helps you with the geek stuff, be sure to discuss this with them.

    I took a look at page96 and it looks clean now.

    Rick
    Universal4

  16. #15
    Caruso is offline Public Member
    Join Date
    August 2003
    Location
    England
    Posts
    878
    Thanks
    5
    Thanked 409 Times in 214 Posts

    Default

    Thanks. Still waiting for Google to do a rerun. Hopefully then all that daft link text will disappear from the SERPS. I run Malwarebytes and Eset regularly. My IE browser is still getting hijacked but the hack issue seems clear.

  17. #16
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,040
    Thanks
    2,230
    Thanked 7,923 Times in 4,996 Posts

    Default

    Caruso,

    Try running cwsshredder. It is a freebie and may or may not help with browser hijacks. It does a decent job of removiong some of the search stealing programs.

    If that doesn't work, you could consider hijack this and then posting the log in one of that many helpful hijack/tech/geek forums or let me know and I can try and help.

    Rick
    Universal4

  18. #17
    Caruso is offline Public Member
    Join Date
    August 2003
    Location
    England
    Posts
    878
    Thanks
    5
    Thanked 409 Times in 214 Posts

    Default

    Might as well consign these post-hack issues to one thread.

    Google SERPS - two different, weird results:

    https://www.google.co.uk/?gws_rd=ssl...o_warnings.htm

    Look at the top result - the link text is correct, but the short descrition contains all this shyte:

    Pornhub Redding. Sie interessieren sich f�r Pornhub Redding?. Pornhub Redding - Alle Infos hier!.
    Doing a site search, the first two SERPS are clean, but the fun starts on page 3:

    https://www.google.co.uk/webhp?hl=en...hl=en&start=20

    That Totesport page has not only the porn description text, "Holen Sie sich Informationen zu Swedish Tween Girls Underware" (yes please, but not from my site), but the link is also wrong - "Swedish teen girls", LOL.

    ALL the links, however, are pointing where they should - you can click any one of them with complete impunity. The Google description, both text fragment and link, are what's screwed up

    Will that resolve itself over time when Google crawls them and realises everything is OK? It's definitely affecting search results, as the screwed up pages aren't showing up in searches for content relevant to the pages. Example, my "single deck" page is screwed thus (https://www.google.co.uk/webhp?hl=en...ingle_deck.htm) and the page seems to have fallen right out the SERPS - searches for single deck BJ, where that page used to rank quite well, now don't return that page at all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •