Msg#: 4270588 posted 3:55 pm on Feb 22, 2011 (gmt 0)
Somebody implanted links on my website to their horrible spammy viagra/cialis sites. These links are revealed when I use the Fetch as Googlebot option in Google's webmaster tools, as well as when I run a site: query on google.com.
How do I clean these from my site? They don't show up in my code, so I can't just delete them. Is there a tool I can run to disinfect my site? It's running on a shared server at bluehost.
Msg#: 4270588 posted 3:40 am on Mar 10, 2011 (gmt 0)
Something in your site is testing whether the request is coming from googlebot, and serving alternate content if it is.
That can be done in .htaccess. Check your .htaccess for redirect code. Also search for new .htaccess files that aren't supposed to be there.
It can also be done by a malicious .php script embedded somewhere in your site. It would have to be in a script invoked for every page load; for example, a header or include file.
If your site is not just showing "links" but also the drug sales pages, it's possible the hackers have embedded their entire drug website inside your site, possibly bundled into a single big .php script with the contents base64_encoded to make it harder to find with text searches.