Was Google hacked? Seriously!

18 replies
I have been using the big G since 1999 and I have never seen this type of thing before.

I have a web dev buddy who's client's site was apparently hacked but ONLY when a Google search.

First, go to this website - OC Zumba Fitness - Lake Forest CA - and it opens up just fine, right?

Now, do a search in Google for "oc zumba fitness" and click on the first listing and what happens? It redirects to another site, but ONLY from within the Google search. How is this possible?

The first redirect goes to costabrava.bee.pl and then some adserver and then a third redirect to a random site.

I found this article on Google regarding malware -
my client's site has been cleaned of an infection. Webmaster Tools confirmed it is clean. Search still shows Malware War - Webmaster Central Help

Any feedback would be greatly appreciated to help out my buddy's client.

Thanks in advance!

#google #hacked #malware #redirect
  • Profile picture of the author ActA
    I don`t think google is hacked.. I think it`s another thing involved.. :|
    {{ DiscussionBoard.errors[5589910].message }}
  • Profile picture of the author Raydal
    Just for the record I'm getting the same results as you reported.

    The only time I got something similar was when I had a virus
    on MY computer but this seems to be a different situation.

    -Ray Edwards
    The most powerful and concentrated copywriting training online today bar none! Autoresponder Writing Email SECRETS
    {{ DiscussionBoard.errors[5589919].message }}
  • Profile picture of the author Chris Chicas
    Google is not Hacked. It's simply telling you that the page got flagged by Google because it contains malware, or some app that it will compromise me or my computer.

    Don't take this the wrong way but I"m pretty weary when someone even sends me a link like that for me to check out. Those sites can def cause some damage.

    Best of luck.
    {{ DiscussionBoard.errors[5589975].message }}
  • Profile picture of the author goosefrabah
    Here's my thought, your friend is hacked. The hacker is checking if there is a referrer or not. If it is direct then he lets you see the site (hoping the owner never notices), if it is someone from a search he redirects you. You can check this in firefox, download the RefControl addon and add your friends url and block refer. Then when you go to google it blocks the refer and does not redirect you. I just tested it and unfortunately your friend is hacked.

    I tested it on Yahoo too and when I block the refer it works fine, otherwise it redirects you as well.
    {{ DiscussionBoard.errors[5589979].message }}
  • Profile picture of the author Chris Chicas
    If you don't know how to fix this problem go to the Warrior for hire section and have someone look over your website and find what's wrong with it. Best of luck.
    {{ DiscussionBoard.errors[5589990].message }}
  • Profile picture of the author SEOExpert999
    Yes your friend is definitely hacked. He needs to uninstall and reinstall his search plugin or the main website files.
    {{ DiscussionBoard.errors[5590022].message }}
  • Profile picture of the author mrclean78
    Google wasn't hacked man.....the site was and is doing a redirect based on referrer.
    {{ DiscussionBoard.errors[5590095].message }}
  • Profile picture of the author Sleaklight
    The site is hacked, not google. The hack detects referrer agent aand if Google is the referrer, then it does the redirect. I have the same problem on my site. Have your host fix it. It's a conditional hack redirect.
    {{ DiscussionBoard.errors[5590119].message }}
  • Profile picture of the author Justin Says
    I dealt with this when I was helping Kirby Ferguson with his website: Everything is a Remix

    When you searched "everything is a remix", his site was listed #1, but when you would hover it, the cache would show something totally different, and then when you clicked on the link, it would show something different again.

    We found that his site was hacked, not Google.

    My name is Justin Lewis. My digital marketing company has been in business for over 10 years with multiple six-figure years. We do provide a premium web design service.

    {{ DiscussionBoard.errors[5590165].message }}
  • Profile picture of the author felku
    I think that is a malware
    {{ DiscussionBoard.errors[5590192].message }}
  • {{ DiscussionBoard.errors[5590377].message }}
  • Profile picture of the author John Westbrook
    Yeah, your friend's server is hacked. This is an exploit hack of some sort, probably taking advantage of some "leak" in code on his site that is tied to Google tracking or similar. I don't see the purpose of only hacking from a Google search, so the code that's been compromised has to be tied to Google/tracking.

    If your friend wants help fixing this have him contact me...PM for deets. I can probably help...it's kinda what I do.
    {{ DiscussionBoard.errors[5590418].message }}
  • Profile picture of the author paul_1
    I don't think Google was hacked - that seems to be impossible. Otherwise, we should be hearing it in the news. I think it's kind of a virus/malware or something like that....
    {{ DiscussionBoard.errors[5590424].message }}
    • Profile picture of the author mikehansen
      Thanks for the feedback everyone. Got it fixed!

      Some code was added to 400 pages in the site. Pretty crazy! Some sort of security hole in Wordpress.
      {{ DiscussionBoard.errors[5596168].message }}
      • Profile picture of the author Paul Myers
        This is an exploit hack of some sort
        .htaccess is the most common current way to do this sort of redirect hack. There are others, but that's the "new thing" for this type of exploit.
        Thanks for the feedback everyone. Got it fixed!
        If you don't fix the security hole, they'll be back within days.

        Stop by Paul's Pub - my little hangout on Facebook.

        {{ DiscussionBoard.errors[5596620].message }}
      • Profile picture of the author Chris Chicas
        Originally Posted by mikehansen View Post

        Thanks for the feedback everyone. Got it fixed!

        Some code was added to 400 pages in the site. Pretty crazy! Some sort of security hole in Wordpress.

        Wait, now it's not Google but Wordpress the culprit?
        {{ DiscussionBoard.errors[5597305].message }}
  • Profile picture of the author Carl Juneau
    Hi yep - same here.

    I doubt it's Google though.

    For one of my sites, I had a script programed that would treat visitors from Google differently than any other visitors.

    Maybe that's the issue here.

    {{ DiscussionBoard.errors[5596850].message }}

Trending Topics