19 {{ upvoteCount | shortNum }}
19 {{ upvoteCount | shortNum }}

Help! Hacked by Bristol Viagra - what's this?

by Britt Malka
16 replies
Hi fellow warriors,

One of my friends told me that one of my sites looked weird, and since I didn't understand what he was talking about, I asked him to send me a screen shot. It looks like this:



The Danish text is my text, the English about viagra... not mine. But where does it come from? There is no such text in my source code, when I watch the site in my browsers.

However, it seems that viagra ads are trickered, and I've seen the same happen on one of my other Danish sites.

Do any of you have a clue about what's going on?

I've made a search for some of the text on Google, and it seems that even som .edu domains have been infected. I searched for "to blurt the drawer whole story" and "viagras bristol".

My site is on Tips | Tricks | Internet | Hjemmesider | PC | Computer | Software - saw the same ads on Godteposen | De bedste tip om programmer, internettet, hjemmesider og webdesign
#bristol #hacked #viagra
  • Profile picture of the author flamingphoenix
    If you speak to the host they should be able to backup from a previous install. If it's wordpress based make sure you are running at the latest version and have some security plugins to stop this happening again.
    Signature

    40 plus AMAZING SEO TOOLS , 1 LOW PRICE - SAVE $1000's >>>>> www.seogroupbuy.co.uk <<<<<<<

    For all your needs - click above for more information!

    {{ DiscussionBoard.errors[3739947].message }}
    • Profile picture of the author Britt Malka
      Originally Posted by flamingphoenix View Post

      If you speak to the host they should be able to backup from a previous install. If it's wordpress based make sure you are running at the latest version and have some security plugins to stop this happening again.
      Thanks, no, it's not WordPress, and I have the source code on my computer, so I can upload it, but I want to know what is happening. Should I re-upload everything on all of our 60+ domains? Or what? The problem is that I don't see the text on my source code, so I have no clue about what it's all about.
      Signature
      *** Idea Factory ***
      9 Simple & Fun Ways to Come Up With Ideas for Non-Fiction Books

      >>> Click here to get immediate access <<<
      {{ DiscussionBoard.errors[3740005].message }}
      • Profile picture of the author Anoop Sudhakaran
        Originally Posted by Britt Malka View Post

        Thanks, no, it's not WordPress, and I have the source code on my computer, so I can upload it, but I want to know what is happening. Should I re-upload everything on all of our 60+ domains? Or what? The problem is that I don't see the text on my source code, so I have no clue about what it's all about.
        Most probably your site has been a victim of SQL Injection or sort of Hacking Attempt. I advice you to Clean your server of any suspicious files. Make sure you have a backup of files before doing anything. Then get your source code checked by a professional for Vulnerabilities and reupload the Source on your servers after cleaning any present files (since hackers always root servers so that they can have access to it later on). Hope this helps
        {{ DiscussionBoard.errors[3740023].message }}
  • Profile picture of the author flamingphoenix
    Speak to the host - they should be able to identify some malware.
    Signature

    40 plus AMAZING SEO TOOLS , 1 LOW PRICE - SAVE $1000's >>>>> www.seogroupbuy.co.uk <<<<<<<

    For all your needs - click above for more information!

    {{ DiscussionBoard.errors[3740017].message }}
  • Profile picture of the author flamingphoenix
    Also change all passwords and do a virus scan on your local computer.
    Signature

    40 plus AMAZING SEO TOOLS , 1 LOW PRICE - SAVE $1000's >>>>> www.seogroupbuy.co.uk <<<<<<<

    For all your needs - click above for more information!

    {{ DiscussionBoard.errors[3740019].message }}
  • Profile picture of the author Delario
    Remove all of your webspace, reload everythink using backup and check that all your files are write prodected. cu
    {{ DiscussionBoard.errors[3740028].message }}
  • Profile picture of the author InternetSuccess001
    Very strange about the ads -- however probably somehow google is 'guessing' that is what you want to talk about.

    If you want to change the 'ad' type that google shows, you need to add this text:

    <!-- google_ad_section_start -->


    then your contextual "text", then

    <!-- google_ad_section_end -->

    Google will 'now' determine your ad type to be based on the text that you have there.

    So you could write something like 'furry kittens, fluffy kittens, big cats', etc,
    and all of the sudden your ads would be about cats.

    John
    Signature
    Pick a product. Pick ANY product! -> 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
    {{ DiscussionBoard.errors[3740032].message }}
  • Profile picture of the author talfighel
    I went to your site and everything seems to be OK. Nothing unusual like the screen shot above.

    Maybe your site was hacked before. I don't know.
    Signature

    ---> [URGENT] Here's How To Build Wealth With Gold And
    Silver And Earn Up To $7,000 Per Week!

    {{ DiscussionBoard.errors[3740035].message }}
  • Profile picture of the author Michael Mayo
    Before you do anything run a virus scan on your system and also check your system for keyloggers. It appears that they have access there fore they may have your FTP info to your site.

    Goto your site and change your ftp login info.

    Do not type in the info.

    Type a line or two of random letters and numbers in note pad and then select a section of the text and copy/paste the new selected password into your ftp host account. make sure you write the selected text down on paper for later usage.

    Keyloggers can't read a copy and paste function.

    Hope that Helps,
    Have a Great Day and Good Luck!
    Michael
    {{ DiscussionBoard.errors[3740042].message }}
  • Profile picture of the author WPpro
    If you need help cleaning it up PM me an email address - I clean up hacked sites.
    {{ DiscussionBoard.errors[3740151].message }}
  • Profile picture of the author Britt Malka
    Wow, thanks for all the incredible good help here

    I've contacted the webhost as recommended by flamingphoenix. As for uploading everything again, it can be done, but will take days, and the problem is that I cannot see anything wrong here.

    Great tip, Michael Mayo, about copy and pasting new data to FTP.

    My friend, who took the picture, is on a Linux computer and used Firefox 4. I'm on a Mac and have tried both with Firefox, Safari and Opera. I couldn't reproduce what he saw, but I still have the viagra ads.

    I'll let you know what I find out, just in case another warrior encounters the same problem.
    Signature
    *** Idea Factory ***
    9 Simple & Fun Ways to Come Up With Ideas for Non-Fiction Books

    >>> Click here to get immediate access <<<
    {{ DiscussionBoard.errors[3741481].message }}
    • Profile picture of the author Bradley J Anderson
      It's possible (actually, probable) that you can't see anything unusual on your end because the offending text isn't coming from your server. Your site looks fine to me, as well. It's more likely your friend's computer has an infection, and that's why he is seeing it.
      Signature
      BRADLEY ANDERSON - Tips, reviews & resources to make your online business more profitable.
      {{ DiscussionBoard.errors[3741725].message }}
      • Profile picture of the author Karen Blundell
        one thing I'd like to ask you, Britt is why, do you have Google Adsense?
        Why not get your own advertisers who will pay you a lot more than pennies a day?

        Because when I land on your site, your Adsense ads show these garbage links that have nothing whatsoever to do with your site:
        • Niagara Coupons
        • Canadian Drugs Online
        • Buy Viagra Online
        That's because Google serves up ads based on your site visitor's country. I would seriously either dump Google Adsense, or go into your Google Adsense settings and change them to block that crap.

        As for the mess your friend saw...yup, he's got the virus, not you, as far as I can tell.
        Signature
        ---------------
        {{ DiscussionBoard.errors[3741825].message }}
        • Profile picture of the author Britt Malka
          Originally Posted by Karen Blundell View Post

          one thing I'd like to ask you, Britt is why, do you have Google Adsense?
          Why not get your own advertisers who will pay you a lot more than pennies a day?

          Because when I land on your site, your Adsense ads show these garbage links that have nothing whatsoever to do with your site:
          • Niagara Coupons
          • Canadian Drugs Online
          • Buy Viagra Online
          That's because Google serves up ads based on your site visitor's country. I would seriously either dump Google Adsense, or go into your Google Adsense settings and change them to block that crap.

          As for the mess your friend saw...yup, he's got the virus, not you, as far as I can tell.
          Let me answer your question as to why I use AdSense: It pays my rent, my electricity, my water bill, my grocery bills, and then some. I make between 600 and 1300 euro per month with AdSense on sites that I don't update or only update from time to time. Since a lot of those are Danish sites, it's not possible to find private advertisers who'll pay me that much.

          The drugs and viagra ads are only temporary, and probably still there because they are in Google's cache.

          Our domains were in fact infected with malicious code, but I still have no idea why my friend could see it, while we couldn't.
          Signature
          *** Idea Factory ***
          9 Simple & Fun Ways to Come Up With Ideas for Non-Fiction Books

          >>> Click here to get immediate access <<<
          {{ DiscussionBoard.errors[3745539].message }}
  • Profile picture of the author Britt Malka
    Hi all - I wanted to give you an update on the situation, which should now be under control.

    I contacted Hostgator, who shortly after wrote back with a detailed list of files they had found contained malicious code in. Some of the files were from December last year, and we've just discovered that they were already there, when we moved from Dreamhost to Hostgator.

    For that reason, Hostgator couldn't tell exactly how the files had entered the system, but it was likely through a forgotten blog that hadn't been updated, since we didn't use it anymore. It is now deleted completely.

    Hostgator has changed our access password (ftp and sql), so we've now updated all the files that gave access to the database. We've probably forgotten some... but most of the work has been done

    What I still don't understand is why my friend could see the viagra text, when everybody else couldn't. Maybe it's because he uses Linux? Maybe the code were meant to be shown only to search engines for lots of backlinks, and not to the human eye so that we would notice something was wrong?

    Anyway, I really appreciated all your help and tips.
    Signature
    *** Idea Factory ***
    9 Simple & Fun Ways to Come Up With Ideas for Non-Fiction Books

    >>> Click here to get immediate access <<<
    {{ DiscussionBoard.errors[3745563].message }}
  • Profile picture of the author thebitbotdotcom
    Check your sites through a proxyserver to see what they look like to others...
    Signature
    Do Your Copywriting Skills Suck?

    Let Us Help You Develop Your Writing Skills!

    Submit Guest Posts With [ TheBitBot.Com ]
    {{ DiscussionBoard.errors[3745590].message }}

Trending Topics