19 {{ upvoteCount | shortNum }}
19 {{ upvoteCount | shortNum }}

URGENT!! I think my site has been spammed or hacked!!

by Ashley Gable
16 replies
  • WEB DESIGN
    • |
Hey I am sitting here very very concerned, im really hoping someone can help.

I recently changed the title of my webpage and i wanted to see what it looked like in the search results, so i went to google and put in "site:mysite.com keyword" to find the particular page I had changed.

To my shock there were 14 results (my site only has about 8 pages) and when I looked closer they had nothing to do with my site, they were irrelevant words and phrases. But they were all extensions of my site. Some were even downright scary (see 4th one)

Here are some examples...

"emporio video
скачать worms armageddon.jar, sonia eys, dougherty introduction to econometrics, caribbeancom pass, black bible hentai, twisties passwords, muskel guide ..."

" main aisa kyoun hu lashaya... rpm vida real download, beach hunters wmv, the secret to attracting money, hellride soundtrack download, missionary **** on bed, an introduction to gsm"

" unlocking samsung c300... brasil samba index rapidshare, veni vidi vicious, britney spears out from under, solutions introduction to bayesian econometrics, insomnia q ic bootleg .."

and the most startling of all...

" gay brother pixstuffit mac, garminc550 hack, cambridge introduction, key atomic mail sender 4.20, monster dildo insertion, wmv metallica, paul van dyk my home, ..."

What is going on, why are these things on my site? The all seem to be images because the url is always ...

www .mysite.com/images/unlocking-samsung-c300.html
www .mysite.com/images/gay-brother-pix.html

When you click the link it goes to a 404 error page, but none the less I want them off, I dont want people thinking my site is a gay incest fetish site!

Did I do something to allow this to happen. I only have 1 photo on my site along with some png buttons i made in gimp.

Can anyone help me? Please help me!
Ashley

PS i also ran the virus scanner in cpanel and nothing came up
#hacked #site #spammed #urgent
  • Profile picture of the author Ashley Gable
    Hey just a quick update.. I quickly went and searched for site:mysite.com in google with no keywords and there were 335 results!!!! I only have 8 pages!!

    I am really concerned. I found this one, i dont know if it has something to do with what is happening..

    keygenerator mathcad 13keygenerator mathcad 13, Tuberculosis Bahamas, counter-strike v 1.7, Furious SP 9.3 download cheat, Password Recovery Toolkit 1.8.0, maphack diablo 2 exp ...

    As i said in the last post the results that are images only go to a 404 error page, but there are also some that are like this..

    .com/subscription/6230i-civilization-3.html

    And these ones go to a page that looks like this..

    Index of 6230i civilization 3

    Name Last modified Size Description download dell gx260 vga driver
    mobitv patch jar 22-May-2009 21:39 -

    trip lee 2020 rapidshare 22-May-2009 21:39 -

    maya 6 0 license key 22-May-2009 21:39 -



    download cc particle world rapidshare 22-May-2009 21:39 -

    ms 6575 ver 3.1 download 22-May-2009 21:39 -

    cumfiesta sloan 22-May-2009 21:39 -

    There are quite a few of those subscription ones, some are obviously porn stuff and i dont know what to do.

    I dont know what i have done wrong or how to fix it.


    Ashley
    {{ DiscussionBoard.errors[808258].message }}
  • Profile picture of the author dave830
    That stinks Asley, I have no suggestions, but please keep us updated, as we're all at risk...
    Signature

    I don't have anything to offer, but have a great day anyway!

    {{ DiscussionBoard.errors[808264].message }}
  • Profile picture of the author Karen Blundell
    1st: place a blank index.html file in your images directory. That way that directory will no longer be accessible to prying eyes. Just open up a blank NotePad screen and then save it as "all files" and call it index.html and upload that file into your images directory in your domain's hosting account.

    Next: create a "robots.txt" file in Notepad and add these 2 lines:

    User-agent: *
    Disallow: /images/

    save the file and upload it into your hosting account and put it in where your home page is (usually the root directory of your server such as public_html directory)

    what that does is tell all robots and search engines not to crawl your images directory

    it could take a few days before it will affect the search results sometimes.

    good luck!
    Signature
    ---------------
    {{ DiscussionBoard.errors[808269].message }}
    • Profile picture of the author Ashley Gable
      Thanks for the help Karen. I am uploading the files as I type but the blank html file wont upload. It keeps saying:

      "index.html: unknown Bytes: 0% Complete FAILED! :Unknown error or disk quota exceeded."

      The other robots.txt uploaded fine.

      What should i do about the other html file?

      Also do you know how they got on there? Why would someone want to do this (if it is a person)? My site only get about 10 visitors a day lol so i dont know why they would pick mine.

      Also is uploading these files just hiding them, is there a way to get rid of them and stop future occurences?

      Thanks again

      Also what about the "subscription" ones? How do i get rid of them? I have a subscription folder in my root folder from my previous soholaunch application, but am unable to delete it... Does that have something to do with the subscription ones? ie .com/subscription
      {{ DiscussionBoard.errors[808315].message }}
      • Profile picture of the author Karen Blundell
        Ashley, that is very very weird...

        you should be able to upload the blank index.html
        I don't get why you can't
        that has me puzzled


        I also don't know why you can't delete the subscription folder
        unless there are files in there that you need to delete first
        are there?

        no one really knows why these jerks do what they do, it could be random, it could be a previous owner, a competitor, who knows.

        I strongly recommend you talk to your web host. Create a support ticket with them or call them if you can. Tell them what's going on and ask them to check to make sure your host account is clean.

        are you running any scripts of any kind on your site? Sometimes hackers find vulnerabilities or security holes in scripts and can get in that way.
        Signature
        ---------------
        {{ DiscussionBoard.errors[808453].message }}
        • Profile picture of the author Ashley Gable
          Originally Posted by Karen Blundell View Post

          Ashley, that is very very weird...

          you should be able to upload the blank index.html
          I don't get why you can't
          that has me puzzled


          I also don't know why you can't delete the subscription folder
          unless there are files in there that you need to delete first
          are there?

          no one really knows why these jerks do what they do, it could be random, it could be a previous owner, a competitor, who knows.

          I strongly recommend you talk to your web host. Create a support ticket with them or call them if you can. Tell them what's going on and ask them to check to make sure your host account is clean.

          are you running any scripts of any kind on your site? Sometimes hackers find vulnerabilities or security holes in scripts and can get in that way.
          I just emailed them asking to clean up my account and to delete the subscription folder.

          The subscription folder has 3 things in it, one is 125453.php the second is index.php and the third is pgm-db_config.php. When i delete the 3 files then delete the folder they are gon, but if i refresh the page they will show up again.
          The subscription folder is something to do with the soholaunch I installed and then tried to remove, I had to email my hosting company and have them delete the files, they had trouble deleting them at first and i guess they missed this folder.

          When you say upload to the "Image directory" do you mean just an image folder? Becuase i didnt have anything named images so i created an "Images" folder in the root directory and tried to upload it in there. Am I doing something wrong?


          I am worried as I am leaving town in a couple of hours and wont have internet access, i will be gone till sunday and am worried the hosting company might need me in order to fix it.

          Is this stuff easily removed?

          Anyways thanks so much for your help I am getting so worked up, i am scared my hosting company will delete my site or something!

          ashley

          ps yes i have one script, it updates my copyright date. Should i remove it, it inst really necessary just me being lazy. I also have to videos on my site, i dont know if this could be anything, the arent emebedded youtube videos they are in my account.
          {{ DiscussionBoard.errors[808625].message }}
          • Profile picture of the author NetMan
            Ashley,

            At this point you should not worry too much, I believe.

            PM sent.

            Regards,

            Andre Foisy
            {{ DiscussionBoard.errors[808699].message }}
  • Profile picture of the author Kezz
    Maybe also get onto your host and ask them to check your space out and ensure it is clean of bugs and nasties
    {{ DiscussionBoard.errors[808309].message }}
  • Profile picture of the author Richard Whyte
    Ashley

    When you were told to uplaod an empty index.html file and the system would not do it, I have had the same issue. What I did was make a index.html file, place the word empty on it and make the text the same color as the background. In effect what you are doing is giving the visitor a blank page.... I keep this file handy and drop it into every directory I have on my server that does not have an index.htm file it in....

    Most of my accounts are setup with the same dir structure.

    css (my style sheets)
    images (my images)
    js (my javascripts)
    swf (my flash files)

    If you have a dir and it has files in it, but no index.htm file, someone can easily enter it and see the directory listing and everything that is in the dir.

    Having the index.htm file stops that.

    Hope that helps,

    Have a Great Day!
    {{ DiscussionBoard.errors[809779].message }}
  • Profile picture of the author AndrewL
    make sure that you are typing the inurl:yoursite.com without a space in between the colon and yoursite.com. If this isnt the problem, I would say you are probably hacked.
    Signature

    Get your wordpress site set up for free. PM me or visit http://freewordpresssetup.com for details.

    {{ DiscussionBoard.errors[814071].message }}
  • Profile picture of the author Johnny52
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[814165].message }}
    • Profile picture of the author developerholic
      My site was recently hacked as well. Change your FTP password/s, reinstall or overwrite your files with your backup
      Signature
      Affordable WP Theme/HTML/FB/Logo/Banners/Convert to WP Designer/Coder
      {{ DiscussionBoard.errors[814192].message }}
      • Profile picture of the author Ashley Gable
        Originally Posted by Richard Whyte View Post

        Ashley

        When you were told to uplaod an empty index.html file and the system would not do it, I have had the same issue. What I did was make a index.html file, place the word empty on it and make the text the same color as the background. In effect what you are doing is giving the visitor a blank page.... I keep this file handy and drop it into every directory I have on my server that does not have an index.htm file it in....

        Most of my accounts are setup with the same dir structure.

        css (my style sheets)
        images (my images)
        js (my javascripts)
        swf (my flash files)

        If you have a dir and it has files in it, but no index.htm file, someone can easily enter it and see the directory listing and everything that is in the dir.

        Having the index.htm file stops that.

        Hope that helps,

        Have a Great Day!
        Thanks for the reply and thanks for the clarification, I didnt know what the blank index.html did but now i understand. I am going to do what you said and see how it works.

        by the way my hosting company said they think the problem is because of an undeleted "Subsription" folder leftover from my soho installation, but as i told netman, I think they are not entirely correct as some of the spammy results were based in images ie .com/images/spam


        Originally Posted by developerholic View Post

        My site was recently hacked as well. Change your FTP password/s, reinstall or overwrite your files with your backup
        Thanks but what would you suggest to someone who never used an FTP account. I just used Cpanels "File Manager" which allowed you to upload from your computer.

        Was i supposed to create an FTP account even if i wasnt going to use it? What i mean is, is there other reasons for creating an FTP account?

        Thanks, Netman is going to help me get rid of it all, so hopefull by the end of it I will have a Spam free website!!

        Thanks again everyone
        {{ DiscussionBoard.errors[815751].message }}
        • Profile picture of the author NetMan
          Originally Posted by AshleyAA View Post

          Thanks, Netman is going to help me get rid of it all, so hopefull by the end of it I will have a Spam free website!!

          Thanks again everyone
          Just PM you back Ashley

          Andre Foisy
          {{ DiscussionBoard.errors[815791].message }}
  • Profile picture of the author petevamp
    check out your site map if the pages are located in your sitemap then your account has been hacked. If they are not in your sitemap this is just a haker using your traffic from your main site index as there root to traffic to there own site. They are not very good since the redirect did not take effect and sends you to a 404 error page instead. View the source on the 404 error page it should give you an indication as to if it is your error page or someone else's. For the site map if you do not list something in a site map google and other search engines will not index pages not in the sitemap or as long as you have a disallow in your robots textfor particular pages it tells them not to crawl that set of files. Go to google webmaster tools and see if you have any errors in your site map this will be an indication if you need to fix anything. There are also a lot of virus scans available to run on your host account. good luck hope that helps.
    Signature
    Search Engine Domination At Affordable Prices Special Discounts To Warriors Don't let your Competitors Take Away Form Your Profits Fight Back and Get the Rankings You Deserve Today | Professional Affordable SEO Services You Can Trust Get Ranked In the Top 10 TODAY!!!
    {{ DiscussionBoard.errors[815811].message }}
    • Profile picture of the author Ashley Gable
      Originally Posted by petevamp View Post

      check out your site map if the pages are located in your sitemap then your account has been hacked. If they are not in your sitemap this is just a haker using your traffic from your main site index as there root to traffic to there own site. They are not very good since the redirect did not take effect and sends you to a 404 error page instead. View the source on the 404 error page it should give you an indication as to if it is your error page or someone else's. For the site map if you do not list something in a site map google and other search engines will not index pages not in the sitemap or as long as you have a disallow in your robots textfor particular pages it tells them not to crawl that set of files. Go to google webmaster tools and see if you have any errors in your site map this will be an indication if you need to fix anything. There are also a lot of virus scans available to run on your host account. good luck hope that helps.
      Well actually i dont have a site map. I read they are good or needed but havnt got around to it. But the search engines will index pages that are linked to from any indexed pages ... right?

      Or is it still better to have a site map?

      but i added the blank index.html files to all my directories, i also added the robots.txt file to my root folder, and Netman just got finished checking my site, he said he fixed it all and that it will take a couple of weeks for the search engines to reindex the pages, just as Karen said.

      Thanks
      {{ DiscussionBoard.errors[815958].message }}
      • Profile picture of the author petevamp
        Originally Posted by AshleyAA View Post

        Well actually i dont have a site map. I read they are good or needed but havnt got around to it. But the search engines will index pages that are linked to from any indexed pages ... right?

        Or is it still better to have a site map?

        but i added the blank index.html files to all my directories, i also added the robots.txt file to my root folder, and Netman just got finished checking my site, he said he fixed it all and that it will take a couple of weeks for the search engines to reindex the pages, just as Karen said.

        Thanks
        I do not know about you but losing traffic for a few weeks ins not something I want to do. If you got it fixed then we can start getting your pages indexed today not in a couple of weeks. Take your page you want re indexed. Then open up tree tabs enter in pingoat.com in one pingmyblog.com in another, and the infamous pingomatic in the last one. Enter in a title and the page you want to re index. in all three. Starting with pingomatic click send pings. Then after that go to Bookmark & Share - The Power of the Button | OnlyWire and social bookmark your pages there through all of the major social bookmarking sites. With in 30 minutes all the pages you want relisted will be listed again. I had to do this with my main blog after changing permalinks several months later. I got each page relisted with in a few hours of constant pinging. Making sure not to ping too much to get black listed.
        Signature
        Search Engine Domination At Affordable Prices Special Discounts To Warriors Don't let your Competitors Take Away Form Your Profits Fight Back and Get the Rankings You Deserve Today | Professional Affordable SEO Services You Can Trust Get Ranked In the Top 10 TODAY!!!
        {{ DiscussionBoard.errors[815980].message }}

Trending Topics