homepage Welcome to WebmasterWorld Guest from 54.166.10.100
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
Website Hacked - Where Are Spam Pages?
Hacker created new pages on site, can't find them, how to delete them?
suga




msg:4156394
 12:50 am on Jun 22, 2010 (gmt 0)

Noticed in Google Webmaster Tools a bunch of pages on my site that I didn't create. When I click on the link, the page comes up and the URL still lists my site. However, I cannot find the page in the directory on my server OR in my database. All links on the new spam pages are relative, so the links just go to more spam pages on my site.

I see about 15 pages in Google Webmaster Tools (showing as having too short of meta descriptions), but I have no idea how to find them all.

1) How do I find out how these pages are being parsed? Since the pages don't exist in the directory, they're obviously being redirected somehow... but where is the source code?

2) How do I block the spammer?

3) What the heck is going on?!?

Thanks in advance everyone.

 

phranque




msg:4156451
 2:09 am on Jun 22, 2010 (gmt 0)

try using the "Fetch as Googlebot" feature in GWT.
perhaps that will expose something or at least give you some clues.

too much information




msg:4156465
 2:50 am on Jun 22, 2010 (gmt 0)

Check your htaccess files for redirects or includes, change your passwords and check your logs to see if you can spot when the hack took place. That might help you spot how your site was hacked.

Also check with your host, maybe someone else's site was hacked which let the hacker gain access to more sites on the same server. Not much you can do about that but at least you will know if your site is secure on it's own.

lammert




msg:4156522
 4:46 am on Jun 22, 2010 (gmt 0)

If you are on shared hosting, the hacker could have inserted code in the central httpd.conf file which adds malicious links to all sites which are served by that server. In that case you won't find the pages on your site. Your host can check if something is wrong in their central config file. If the pages are on your site, they may also be able to find out how the spammer created them. Informing your host about the spam issue is therefore a good thing to do.

tangor




msg:4156660
 8:59 am on Jun 22, 2010 (gmt 0)

Noticed you said "database" run a check on meta descriptions in your database for length to find the "short ones".

SteveWh




msg:4156762
 12:15 pm on Jun 22, 2010 (gmt 0)

In addition to the other advice you've received,

the pages are sometimes put into the site in encoded form.

Try searching the source code of your pages for the string "base64_decode".


When I click on the link, the page comes up and the URL still lists my site. However, I cannot find the page in the directory on my server OR in my database.

Since the pages don't exist in the directory, they're obviously being redirected somehow.

If the URL still shows your site, it may be that the requests are being rewritten (a different page served than the one requested, without informing the visitor's browser that this has been done) rather than redirected (which sends a message BACK to the visitor's browser to please request the different page).

The question is whether the bad pages are inside your site or whether visitors are being redirected. The circumstances seem to suggest that the bad pages are hidden in your site somewhere.

For further investigation, the Firefox add-on called Live HTTP Headers will show you in real time whether any actual redirects (301, 302) are occurring.

If you turn off JavaScript, that would make it impossible for window.location (document.location) code to do a redirect. That is, if you go to a page and get redirected, but when you turn off JS, you *don't* get redirected, it means that redirect was being done with JS, though I tend to doubt that's the case here.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved