Announcement

Collapse
No announcement yet.

website hacked email from google

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] website hacked email from google

    Hello,

    I just got following email from Google "hacked content detected on http://www.medicalgeek.com"

    On Google search also it is showing the site may be hacked in search results. I didn't notice any change in my website or spam right now although last month there was some server attack and hosting provider had blocked those IP. Email from Google as received :

    "Google has detected that your site has been hacked by a third party who created malicious content on some of your pages. This critical issue utilises your siteís reputation to redirect your potential visitors away from your site to unexpected or harmful content. It also lowers the quality of results for Google Search users. Therefore, we have applied a manual action to your site that will warn users of hacked content when your site appears in search results. This manual spam action has been applied to medicalgeek.com/. To remove this warning, clean up the hacked content and file a reconsideration request. After we determine that your site no longer has hacked content, we will remove this manual action.

    Hereís how to fix this problem:

    1
    Check Security Issues for details of the hack
    Use the examples provided in the Security Issues of Search Console to get an initial sample of hacked pages that cause redirects.
    Security Issues
    2
    Look for other compromised pages or files on your site
    Make sure to check your entire site, including the home page, for any unfamiliar content that could have been added. The malicious code might be placed in HTML, JavaScript or other files on your site. It can also be hidden in places that you might overlook, such as server configuration files (e.g. .htaccess file) or other dynamic scripting pages (e.g. PHP, JSP). Itís important to be thorough in your investigation.
    3
    Use the Fetch as Google tool to isolate the malicious content
    Because some pages can appear one way to a user and another way to Google crawlers, you can use the Fetch as Google tool to reveal some kinds of hacking. Enter URLs from your site in the tool to see the pages as Google sees them. If the page has hidden hacked content, the tool can reveal that content.
    Fetch as Google
    4
    Remove all malicious content
    You can also contact your hosting provider and ask them for assistance. If youíre having trouble identifying and removing all the content on your site that is compromised, consider restoring an older backed-up version of your site.
    5
    Secure your site from any future attacks
    Identify and fix vulnerabilities that caused your site to be compromised. Change passwords for administrative accounts. Consider contacting your hosting service to get help with the issue.
    6
    Submit a reconsideration request
    Once you have fixed your site, file for reconsideration to remove this manual action. Include any details or documentation that can help us understand the changes made to your site.
    Reconsideration "
    More information which i got after logging in to google webmaster tools :

    "Code injection
    These pages may be hacked to redirect certain users to a spam site.

    Recommended actions
    1. Review our resources about hacked: code injection.
    2. Check your source code (such as JavaScript files) and server configuration files (such as Apache's .htaccess) for any unauthorised changes."
    Can anyone guide what to do? how to fix it? I have already emailed my hosting provider too and but posted here to ask what i can do from vbulletin point of view..
    If U Think Ur Life Getting Necrosed,Ur Dreames Inflammed,Ur Thoughts Thrombosed,Then Try This Out.Spread D Neoplasia Of Love Around U.
    V.H.SHAH

  • #2
    There are a few things you should do to ensure that your site hasn't been compromised:

    1) Run Suspect File Diagnostics under Maintenance -> Diagnostics. Replace any files not containing the expected contents. Delete any files that are not part of vBulletin and that you can't identify as belonging to your addons.

    2) Check your plugins list for any that are not part of a product you've added:

    AdminCP > Plugins & Products > Plugin Manager

    Any listed under 'vBulletin' at the top of the list should be examined carefully and removed if you're unsure as to what they are.

    3) Check your plugins for any base64 code. I recommend using against using any plugins or products that include base64 code in them. However some "lite" or branded addons will include this as a means to prevent you from cheating the author. You'll have to make a personal call on these if you use them. This is often a sign of a hacked site.

    4) Update the following passwords in addition to your AdminCP:

    - FTP
    - Database

    When updating the database password, ensure you also change your config.php file to use the new password otherwise your site won't be able to connect to the database.

    5) Secure your AdminCP directory via .htaccess/.htpasswd.
    Vote for:

    - *Admin Settable Paid Subscription Reminder Timeframe*
    -
    *PM - Add ability to reply to originator only*
    - Add Admin ability to auto-subscribe users to specific channel(s)
    - Highlight the correct navigation tab when you are on a custom page
    - "Quick Route" Interface...
    - Allow to use custom icons for individual forums

    Comment


    • vitrag24
      vitrag24 commented
      Editing a comment
      Thanks for your prompt reply.
      Sorry , i am not much technical guy and my technical support partner is out of country until 2 months, can you help me in checking all these? i will prov ide you login if u can..thx..

  • #3
    I got following reply from Google webmasters help forum , which suggest that it is vbulletin hack. Please help to fix it.

    There is a conditional redirect to myfilestore . com This is old but as far as I know this is how they are still doing the hack

    "http://club.myce.com/f20/vbulletin-myfilestore-hack-find-traces-remove-them-332219/"
    If U Think Ur Life Getting Necrosed,Ur Dreames Inflammed,Ur Thoughts Thrombosed,Then Try This Out.Spread D Neoplasia Of Love Around U.
    V.H.SHAH

    Comment


    • #4
      I had one of these a few weeks back, in the Google console it showed a link to the questionable post which just so happened to be a spammer advertising pirate DVD's... the post was removed and the poster banned, I then requested Google re check and all was OK..

      Comment


      • #5
        Originally posted by stuarttunstall View Post
        I had one of these a few weeks back, in the Google console it showed a link to the questionable post which just so happened to be a spammer advertising pirate DVD's... the post was removed and the poster banned, I then requested Google re check and all was OK..
        But still my website seems compromised and Google showing message "It may be hacked" in search results.

        I found about myfilestore hack. It seems similar hack on my website....Redirecting to myfilestore domaon from Google search results.

        Can anyone from vbulletin team help to fix this issue?
        If U Think Ur Life Getting Necrosed,Ur Dreames Inflammed,Ur Thoughts Thrombosed,Then Try This Out.Spread D Neoplasia Of Love Around U.
        V.H.SHAH

        Comment


        • #6
          You need to run through the instructions Trevor has posted. There isn't anything else we can advise, that is how to start fixing a compromised site.

          Are you running vBSEO? If so, uninstall it and remove all its files.
          MARK.B | vBULLETIN SUPPORT

          TalkNewsUK - My vBulletin 5.4.0 Demo - FEATURING "ROUTE BY NODE"!
          AdminAmmo - My Cloud Demo

          Comment


          • #7
            Originally posted by Mark.B View Post
            You need to run through the instructions Trevor has posted. There isn't anything else we can advise, that is how to start fixing a compromised site.

            Are you running vBSEO? If so, uninstall it and remove all its files.
            But how to find out particular - specific part affected where code is injected? Can you be specific and help..I m not much techno...

            I am running dbseo lite version. Vbseo is there but disabled...Should I uninstall it completely?
            If U Think Ur Life Getting Necrosed,Ur Dreames Inflammed,Ur Thoughts Thrombosed,Then Try This Out.Spread D Neoplasia Of Love Around U.
            V.H.SHAH

            Comment


            • #9
              Hello,
              Again i got email from google today that it is hacked.
              I checked myself, and it is true, it is redirecting to myfilestore.com in Google search results if we search after deleting cookies..Same hack like before.. any solution plz? I already deleted vbseo before and it solved my problem but now again same problem.
              If U Think Ur Life Getting Necrosed,Ur Dreames Inflammed,Ur Thoughts Thrombosed,Then Try This Out.Spread D Neoplasia Of Love Around U.
              V.H.SHAH

              Comment


              • #10
                Follow all the steps I gave previously and make sure you do step 4 and use secure passwords. This site will help you generate these:

                https://identitysafe.norton.com/password-generator/
                Vote for:

                - *Admin Settable Paid Subscription Reminder Timeframe*
                -
                *PM - Add ability to reply to originator only*
                - Add Admin ability to auto-subscribe users to specific channel(s)
                - Highlight the correct navigation tab when you are on a custom page
                - "Quick Route" Interface...
                - Allow to use custom icons for individual forums

                Comment


                • #11
                  Ok, can you plz do it if I rpovide u access? If needed, I can pay for it, for permanent solution
                  If U Think Ur Life Getting Necrosed,Ur Dreames Inflammed,Ur Thoughts Thrombosed,Then Try This Out.Spread D Neoplasia Of Love Around U.
                  V.H.SHAH

                  Comment


                  • #12
                    It happend 2 times again after last time i uninstalled vbseo.

                    LAst time i see one plugin which i didnt remember i installed and removed it and disabled and enabled dbseo and it was fine.
                    This time i didnt see any suspicious plugin, i disabled dbseo again and it is fine, i enabled it again and now also it is fine. Does it mean something wrong with dbseo?
                    IF no solution of this without removing deseo & i cant use dbseo,what can i do to keep url like vbseo/dbseo?
                    I followed all others steps Trever and mark told.

                    Please reply guys, i liked vbulletin a lot so sticked to it till now but if you guys dont help us, i would be helpless and need to move to other platform which is more secure and provide better support.


                    ==================
                    What should be permission of htacess file? (0644 on my server) how can i make sure file isnt edited and problem arent recurring due to it? can you show unedited htaccess file?
                    Last edited by vitrag24; Sat 20th May '17, 4:46am.
                    If U Think Ur Life Getting Necrosed,Ur Dreames Inflammed,Ur Thoughts Thrombosed,Then Try This Out.Spread D Neoplasia Of Love Around U.
                    V.H.SHAH

                    Comment


                    • #13
                      If someone has access to your server than having a tantram and moving to something else isnt going to help you.
                      Baby, I was born this way

                      Comment


                      • #14
                        Originally posted by Paul M View Post
                        If someone has access to your server than having a tantram and moving to something else isnt going to help you.
                        Than let me know what can help. No one has access except me and my friend , only two of us have access. I did all measures as told before except dbseo plugin. So I seek ur advise in finding solution so I can have dbseo or other such plugin for urk rewrite as well as running site without hack issues.
                        If U Think Ur Life Getting Necrosed,Ur Dreames Inflammed,Ur Thoughts Thrombosed,Then Try This Out.Spread D Neoplasia Of Love Around U.
                        V.H.SHAH

                        Comment


                        • #15
                          Originally posted by Trevor Hannant View Post
                          There are a few things you should do to ensure that your site hasn't been compromised:

                          1) Run Suspect File Diagnostics under Maintenance -> Diagnostics. Replace any files not containing the expected contents. Delete any files that are not part of vBulletin and that you can't identify as belonging to your addons.

                          2) Check your plugins list for any that are not part of a product you've added:

                          AdminCP > Plugins & Products > Plugin Manager

                          Any listed under 'vBulletin' at the top of the list should be examined carefully and removed if you're unsure as to what they are.

                          3) Check your plugins for any base64 code. I recommend using against using any plugins or products that include base64 code in them. However some "lite" or branded addons will include this as a means to prevent you from cheating the author. You'll have to make a personal call on these if you use them. This is often a sign of a hacked site.

                          4) Update the following passwords in addition to your AdminCP:

                          - FTP
                          - Database

                          When updating the database password, ensure you also change your config.php file to use the new password otherwise your site won't be able to connect to the database.

                          5) Secure your AdminCP directory via .htaccess/.htpasswd.
                          I followed all your steps.
                          I m stucked with this error since long and unable to get rid of it.
                          i updated my vbulletin, dbseo everything, yet this myfilestore redirect error is there.
                          i even disabled all plugins from plugin manager but even disabling all plugin didnt solve problem, after enabling/disabling any plugin, for certain period of time (24/48/72 hours) redirect happens again.
                          only thing helped to get rid of this error is completely disabling all plugins from hook (config.php), but if i remove that code to disable all plugin globally and keeping all plugins diabled from plugin manager, then also i get myfilestore redirect problem.

                          Can you plz help me to remove this problem from root?

                          If U Think Ur Life Getting Necrosed,Ur Dreames Inflammed,Ur Thoughts Thrombosed,Then Try This Out.Spread D Neoplasia Of Love Around U.
                          V.H.SHAH

                          Comment

                          Working...
                          X