SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Guru
    Join Date
    Aug 2009
    Posts
    636
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Virus on the site?

    Hi Guys,

    Not sure where I would post this but just recently when you search modo in Google or trying rto click on our website through Google Search Engine it doesnt go to modocom.ca

    It goes to some forbidden url thing.

    Heres link for Google

    https://www.google.ca/#hl=en&output=...=1448&bih=1232

    Click on modo* | Brand Strategy + Design

    It just started to do this would any experets here have any idea why?

    Thanks,

    Mike
    Last edited by Mittineague; Nov 26, 2012 at 20:06. Reason: please don't link to infected sites

  2. #2
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The google link looks ok, so the problem must be on your site - your index file might have been tampered with. The divert appears to swing into action only if the inbound request is coming via a search engine, easily detected. (I tried it on bing and yahoo with same result). All 3 links go to forbidden(dot)4pu(dot)com - obviously a spam site or something similar.

    I would guess that your site has been hacked and your index file has been tampered with, so you'll need to change all your access details immediately, and then you'll have to start the clean up. If you're not responsible for managing the site, then speak to whoever is.

    There's probably a lot more I could say here, but it's a start.
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  3. #3
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,085
    Mentioned
    255 Post(s)
    Tagged
    5 Thread(s)
    I don't know how much this helps, but I only experience the redirect if I enable JS (for Google, rather than your site).

    Be sure to also check your .htaccess file for unauthorised changes.
    Take plenty of exercise walk round and round the garden
    or
    sign up now for the Isle of Jura 10K or Half Marathon!

  4. #4
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    Your site has been hacked.

    While it might display normally while visiting it directly, malicious code activates when viewed through a search engine.

    Usually this code resides in PHP files in a eval(base64_decode()) function.

    The best way to take care of this is to go to a backup of the site which doesn't have this, and restore it. There's no telling what damage was done within your files and databases.

    You're running a very old version of wordpress, so this is no big surprise. Older versions have vulnerabilities that hackers can take advantage of.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  5. #5
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Force Flow View Post
    You're running a very old version of wordpress, so this is no big surprise. Older versions have vulnerabilities that hackers can take advantage of.
    Good point about the old version of WP. I didn't realise you were using WP. Once you have your site cleaned up, you might try installing the Wordfence plugin (search for it in the 'add new' plugins control panel) - it has some nice features and among many other things, it generates warning emails when plugins or WP need updating.
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  6. #6
    SitePoint Enthusiast
    Join Date
    Nov 2012
    Location
    Cape Town, South Africa
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You may have some link in your headers ,etc. That usually is the case. Edit the index file and see whats in there. If there are any weird links then remove them.

  7. #7
    SitePoint Member
    Join Date
    Nov 2012
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Backup all file, download to PC then scan virus, delete all file on host the reinstall these file, if your site is still harmful, change the hosting!

  8. #8
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,644
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    cm,

    Download viruses to your PC? IMHO, that's just NOT a good idea.

    Instead, have your host run a maldet scan on the 'nix-hosted website. That will find (and often correct) malware. However, do that after CHANGING AND strengthening your passwords.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  9. #9
    SitePoint Guru
    Join Date
    Aug 2009
    Posts
    636
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Thanks everyone, I was hoping not having to reinstall Wordpress but looks like that may be my only option I've changed much of the code to remove code which I noticed was not suppose to be in there but still no luck.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •