dansino Posted March 8, 2010 Share Posted March 8, 2010 Hi guys, My website: www.officeconsumables.com.au Recently, I found there is a problem: when I use the google, search for keywords, such as "canon g&g Ink Sydney" I was redirected to another site. then pop up a window But this issue just happen One time everyday, and then, after that, looks normal. I had been to Cpanel, found the CPU Usage is very high. anyone can tell what's happen to the site? Thanks very much! Dansino Link to comment Share on other sites More sharing options...
spooks Posted March 8, 2010 Share Posted March 8, 2010 It would appear your site has been hacked & is linking to a fake anti virus site. Disable your site now (google will do so soon too if you don't take action) Check all your site files against your last uploaded ones & check any altered ones for hackers code. Once you have confirmed the hack, , get host to wipe site & restore with your backup, then add security. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
germ Posted March 8, 2010 Share Posted March 8, 2010 I would guess you're a victim of this hack I looked at a page cache of your in google and it had many hiddem spam links in the source. If I visit the page myself the links don't show up. The hackers have it coded to show their junk only when search engines spider the site. They probably are keying on IP addresses. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
dansino Posted March 11, 2010 Author Share Posted March 11, 2010 I would guess you're a victim of this hack I looked at a page cache of your in google and it had many hiddem spam links in the source. If I visit the page myself the links don't show up. The hackers have it coded to show their junk only when search engines spider the site. They probably are keying on IP addresses. Thanks Jim, what should I do for this website, following this:? ------------------------------------------------------------------------------------------------ To clean your site you have two options, 1, delete the entire set of PHP files on your server, (this hack will infect every single PHP file regardless of where it belongs, i.e non osC files will also be infected) And restore from a good back up. This is the best and easy route. 2, You need to find the source of the files that have been placed on your server, they are always hidden well away from the top level, to do this you need to copy the top line and paste it to a Base 64 decoder, I have my own file for this but you will be able to use any of many on the internet, here is one This will reveal the location of the files you have to remove, note that it could be from 1 file to upto 30, and in some cases they will overwrite the files that should be in the host folder. Once this is done, and the original files are restored, you have to go through every single PHP file and remove the code from the top line, I suggest you use a search / replace tool for this or its going to take you a very long time! When this has been done it will be good practice to “drop” your database, and upload a recent backup you took prior to infection, also check that there are no new users on the database, I’ve not come across this yet, but have heard it happens. Now your site is free on the code, you need to prevent it from happening again. ----------------------------------------------------------------------------------- Thanks very much! Dansino Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.