Why does my URL bring up dating website?

When I go to Google and put my URL as http://example.com/ I eventually find a strange dating website show up. I never registered for this website!! Why is this showing up? Can anyone give me a reason why this happened and how I can fix this problem? :frowning:

Thanks

My first thought would be that your site has been hacked. (Assuming that what you mean is, this site is showing up under your domain?)

There is a fairly comprehensive post on recovering from a hack here:

Resources on web application security - #31 by dklynn

1 Like

I’m not really clear what you are doing. Why would you search for your domain in Google?

To be clear, are you putting your url in the Google search box, or in your browser address bar?

I’m looking up my personal url in Google: http://justpretendthisismydomainname.com/ and searching for it.

It brings up this crazy adult dating website… :frowning: as one of the search results. I never registered for it.

Is this a static site or a WordPresx site? It really sounds like your site has been hacked. A client of mine has a Drupal site thst was hacked this way.

Were you searching for your URL and the adult dating website was one of the search results or did you click your website from the search results and it got redirected to the adult dating website? There is a difference.

1 Like

To use this topics original example domain, if one were to search for "http://example.com" there will be many pages that come up in the results.

They have nothing more to do with that domain other than having it in their page content.

If you are referring to the midbergen site, I found no “dating website” in neither the first 100 search results for the domain nor by clicking around the site.

More clarification even if not revealing the actual domain name could help.

eg. Is this something you saw on page 28 of the SERPs?

1 Like

As I tried to ask before (obviously not very clearly): are you saying that this content is showing up on your domain? Is it your domain name in the URL for this site?

If yes, then I stand by my original assessment that the site has been hacked.

If no, then there’s probably not much you can do about it, but there’s no real cause for concern. As @Mittineague says, if you search for a domain like that, you will get many results which are not that site. (You need to do a site:example.com search to search for only those pages which are indexed for your site.) What are the chances that potential visitors to your site would search for http://example.com? (If they already know the URL, why would they bother searching?)

If by that you mean your name-based domain, then I highly recommend that you do a site:example.com search. The results which show up for that domain with the www. prefix are very different from those that show up without the www. prefix. It looks to me very much as if the site has been hacked, and the sooner you get it cleared up, the better.

Still not clear. If the other site appearing when you click on the result for your site. Or is it another domain that appears in SERPs when you search for your domain?

Following with example.com, something like this?

As in it is at its own domain, but in the serps for yours?
Obviously I edited that third one in, but notice that results appear for other domains, such as Wikipedia, not because they exist at, or have anything much to do with the site, but because example.com is mentioned there. That’s quite normal.

1 Like

Is this a static site or a WordPresx site? It really sounds like your site has been hacked. A client of mine has a Drupal site thst was hacked this way.

My website was a Joomla website… I was only coming soon section of the website from a well known Joomla template company. How can I know if my website was hacked?

If these strange search results are appearing under your domain, then that’s a fair indication that the site has been hacked.

You need to look at all the site files and directories, to check if anything has been added or altered. Remember to check things like the cgi directory, even if you expect it to be empty.

The post I linked to earlier has more detailed information.

As you can see from the number of replies you’ve received, people are willing to help. If you answer those questions which have been asked, we might be able to offer more than vague generalities and guesses.

4 Likes

Joomla had a couple of critical updates recently. If you haven’t updated then you are most likely compromised. Sucuri is getting ready to do a webinar on how to clean a hacked Joomla site: https://sucuri.net/webinars/how-to-clean-hacked-joomla-site

I’d suggest registering as they’ll probably give some info on how to tell if you have been compromised.

One thing you could do is test your site on a service like http://www.isithacked.com/

1 Like

I’m sorry for my late reply. Thank you for your responses.

My hosting service emailed me and stated I had malware.

They took out some of the malware but not all of it. They gave me a list of php files I should remove. I’m not sure how to go about doing this.

Does this malware breach my security on my computer itself? As I stated, it’s a joomla website.

Below a google search of my name shows my site was hacked.

Thanks again.

Are you sure they want you to remove all the files on their list, or are some of them core Joomla files that need to be cleaned up? Also, do you have a backup of your website?

You need to go through the list file by file and locate those files in your Joomla installation. Compare them to the files in a fresh version of Joomla - that way you will know if they are extra files, or belong to Joomla. If they are extra, delete them (using your FTP client).

If a file on the list is part of the Joomla core that has been infected, often the malicious code is at the top of the file, but tabbed way out to the right so you can’t see the code immediately in your text editor. The best bet here is to delete the file and replace it with a fresh one.

I don’t really trust that the list of files the hosting provider gives is always complete.

I had the same situation with a client’s Drupal site that kept getting re-infected even though I spent a lot of time deleting or cleaning all the files on the list given to me. It wasn’t until I went through the whole website file by file dealing with infected files that were not on the list, that the site finally stopped being reinfected.

I would also give your computer a really thorough virus scan, and change all the passwords associated with the website.

Someone else might have a better, faster way of doing this, but I hope this helps you.

2 Likes

I was thinking a recursive script that compared md5 hash values would be faster.

I Googled and found this but it’s PHP ver 5.3 and was last updated 2 years ago.

NOTE - untried and untested.

https://www.phpclasses.org/package/8527-PHP-Check-if-directory-files-change-using-MD5-hashes.html


The closest thing I have that I could find is this hacky DIY

<?php
error_reporting(E_ALL);
ini_set('display_errors', 'true');

//$path = 'ocportal'; /* 33.3 MB */
$path = 'x7chat-3.2.0a2'; /* 1.06 MB */
//$path = 'rotatee-master'; /* 412 KB */

$rDirectoryIterator = new RecursiveDirectoryIterator($path);
$rIteratorIterator = new RecursiveIteratorIterator($rDirectoryIterator);
$iterator_filter_pattern = '/^.+\.(php|sql)$/i';
$RegexIterator = new RegexIterator($rIteratorIterator, $iterator_filter_pattern, RecursiveRegexIterator::GET_MATCH);

$query_patterns_array = [
            '/ALTER(?:.)*TABLE[^;]*\;/im'
            , '/CREATE(?:.)*TABLE[^;]*\;/im'
            , '/DELETE(?:.)*FROM[^;]*\;/im'
            , '/INSERT[^ei][^;]*\;/im'
            , '/SELECT[^_>e][^;]*\;/im'
            , '/UPDATE[^ds](?:.)*SET[^;]*\;/im'
            ];

$function_patterns_array = [
            '/class[^{)\],.]*{/im'
            , '/function [^{;]*{/im'
            ];

$regex_pattern = $query_patterns_array;
//$regex_pattern = $function_patterns_array;
$folder_exclude = "template";
//$folder_exclude = "oneimpossiblylongstringthathasnochanceofbeingafoldername";

$found_array = [];            
foreach($RegexIterator as $path_file => $object){
  if (file_exists($path_file) && (strpos($path_file, $folder_exclude) === false)) {
    $file_content_string = file_get_contents($path_file);
    if ($file_content_string !== false) {
      foreach ($regex_pattern AS $pattern) {
        if (preg_match_all($pattern, $file_content_string, $matches, PREG_SET_ORDER) > 0) {
          $found_match_str = "<b>$path_file <span style=\"color: #393\">FOUND</span></b><br>";
          foreach($matches AS $match) {
            foreach($match AS $match_str) {
              $found_match_str .= preg_replace('/[\t ]{2}/', " ", $match_str) . "<br>";
            }
          }
          $found_array[] = $found_match_str;
        }    
      }
    }
  }
}
$found_array = array_unique($found_array);
echo "<pre>";
print_r($found_array);
echo "</pre>";
?>

In addition to the link I gave you above, you might find this article helpful:

The only way to know whether or not you have a problem locally is to scan your own computer, to check whether or not you’ve downloaded infected files. You should also check for keyloggers, etc., on the off-chance that that is how the hackers gained access in the first place. Malwarebytes is a good option to use for this.

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.