I'm a real newbie in this world.
I just recovered from a serious attack, and I'm trying do things right at this time.
recently I made a quick Google search for my site and I found this page:
https://www.neocsatblog.info/CNC-Metalworking-&-Manufacturing-%C3%98-mm-for-Marble-Granite-Ceramic-Tile-312652-Woodworking-Supplies/
The problem is, my main site is a simple blog, so I do not sell anything, and obviously this link loads a completely different site from mine.
And this not the only suspicious site, which has link with my own domain while my main sites and pages loads on as usual.
Cloudflare shows many different links on firewall the request come from Russian federation, the strange thing is the other links what they trying to reach working to (Meanwhile I block all request from Russia, Singapore).
I don't understand this. I don't have this sites, on my ftp server, I don't have this site on my database.
Also I asked my hosting provider about this incident, they said my domain is registered and completely fine.
I'm using WordPress.
What's the next step?
How to remove this site from my domain?
I really would like to close all the backdoors.
Based on my inspections, I found the malware, which php code is this:
https://app.codingrooms.com/w/YgaXOdAllXsp
Its around 3000 lines, so I rather not paste in here, but you can view on the link.
Based on the code, do I need search more files on my ftp?
Related
I have 2 identical pages on my website. On can be shared on LinkedIn with photo etc., while the other cannot. The Open Graph checks are identical apart from the URL.
The page that can be shared with photo and text is:
https://gugin.com/dr-majlergaard-masterclasses/
The other one, that doesn't show photo is:
https://gugin.com/leadership-keynote-speaker/
I don't see any differences in The Open Graph checks
Please help
YES! I found out where the problem was after a loooong structured analysis. As we own a webhosting company too (rivierahosting.com) we have full access to everything.
Compared php settings with a site that can share and synchonised them. problem persisted
Tried with a default theme and plugins disables in the health check. problem persisted
Checked permission on all files and compared them with a site that can share on linkedin. no difference
Started to look at individual plugins. Bingo
On my wordpress installation, the plugin "StopBadBots" makes all the fuss. Once I disabled it everything worked fine.
Now I can watch the football worldcup final with peace tonight and hopefully see my country (France) win
The App:
I am running a WordPress WooCommerce website and did some modifications.
Users arrive at a page called /configurator/ where they get asked different questions. After answering all questions I lead the users to a page /summary/ .
On this /summary/ page an individual result is presented to the user based on their answers in the /configurator/. Also I create a cookie on /configurator/ with all answers.
I use the cookie also on /cart/ and /checkout/ to add individual information to the product we sell to the user.
The Problem:
When we went live with the website we turned on "production mode" for our website at the admin panel of our hoster. It basically turns on the CDN and enables caching.
Unfortunately users experienced problems on /summary/. It seemed that the page couldn't be loaded.
My analysis:
I think the hoster caches /summary/ and breaks my site. Following this article it makes sense that the site doesn't work any more: https://docs.woocommerce.com/document/configuring-caching-plugins/
„These pages need to stay dynamic since they display information specific to the current customer.“
What the hoster says:
The hoster says they cannot exclude any subpages from being cached: "The problem was caused by coding errors in combination with the cookies that we create on /summary/"
Current Status:
I need to leave the site in development mode (without CDN and cache) which is very slow. Based on what the hoster says I can't turn on production mode because it will probably break the site again and we lose a lot of money. Currently I cant reproduce the error on a cloned version of the site :(
You should rewrite your code and instead of using cookies use WC Sessions. Every customer has a session that already works and persists throughout the whole site, just set your data in it and use it at all pages you need.
First time posting so please bear with me.
I'm the unofficial web guy at the company I work for and I helped create our basic static HTML site.
Any work that I do to the site offline and then FTP shows up instantly on my machine. I rarely, if ever, need to clear the cache for changes to show up. However, within the company I work for, nearly half of the users never see the updates. Some do, some don't.
On the machines that don't I've cleared the cache in browser and through the internet control panel settings. Nothing. Still shows the stale content. The only thing that works - and I've seen this both in Chrome and IE is that when I add www in front of the URL is then shows the refreshed site. No big deal, right? Well for users who type in mysite.com without the in front will not see the updates. People who have favorited it like that, will not see the updates.
Now, on to what I've tried to fix it. After much research many people have steered me away from meta tag refresh so I haven't tried that, however, with the help of the IT guy we have, from what we can tell, set the HTTP header of the site to always refresh. This did not do anything for us.
I've tried changing image names in the HTML page when updating a photo and that didn't work either.
I haven't been able to find a .htaccess file so can I create one? If we (IT guy and I) changed the HTTP Header setting to always refresh but there is not .htaccess file will there be no change?
Any help or suggestions would be greatly appreciated.
I have searched on here for the answer and the two most suggested changes are HTTP Header and Meta refresh. HTTP header didn't help and it seems the Meta tag route is bad form.
This is a DNS issue. You need to ask the provider of your web services to add an A or a CNAME record for the domain's root.
If you don't understand the above, just call the provider of your web presence (the company that hosts your web server) and tell them you want yourdomain.com and www.yourdomain.com to go to the same place.
An issue was brought to me involving malware on a WP environment. When I search the brand in Google and click the corresponding link, I'm redirected to a 3rd party spam site.
This has been happening for a while (over a week), but my site hasn't been put on Google's blacklist. Additionally, site scanners like , Norton Safeweb, etc. all claim the site isn't compromised.
Additional details:
I found and deleted some suspicious PHP eval() functions and then did a search and replace in my pages and database for any remaining code. After the site cleared into un-blacklisted status with Google I thought it was all over, ran updates and took numerous measures to protect the site from future infection.
However the issue still persists.
Were the nameservers ever changed by the malware or attackers? Google could have the wrong DNS information for your domain and thinks its hosted at said spam site? Resubmit your site to Google or report the issue to them to resolve (may also be resolved automatically next time Google tries to crawl your domain)?
It is a strange issue I have not seen before either, have you looked at your .htaccess file in the root directory? It is also possible that this has a rewrite condition that if the referrer is Google to redirect you to the spam site.
Solved this issue. At the time when this happened, this redirect attack was fairly new.
HTTP requests from visitors who passed referrer data from Google Search or Bing were being redirected, some of the time.
By targeting only those coming in from search, the webmaster or site owner is less likely to see the issue (until informed by a third party), while still manipulating a decent amount of the traffic (50% of traffic for most sites comes from search engines).
When I originally posted this question in 2012, this attack was new and because the redirect was being served server-side (directly in a lone PHP file, not via .htaccess), malware signatures from scanners didn't detect this.
Running Maldetect (with an updated database) was the best way to quarantine this issue and analyze the extent of the damage caused by malware.
This issue seems due to wp-vcd Malware that creates rogue WordPress admin users and injected spam links. I faced the similar issue and it got resolved after following these steps.
The files you should check for and delete:
wp-feed.php
wp-vcd.php
wp-tmp.php
Multiple copies of class.theme-modules.php, and
remove a bunch of code from the start of all the functions.php files.
For details you can find on this issue at following links...
https://wordpress.org/support/topic/wp-feed-php/
http://labs.sucuri.net/?note=2017-11-13
http://labs.sucuri.net/?note=2017-11-13
I have a site who's search ranking has plumetted. It should be quite SEO friendly because its built using XHtml/CSS and has been run against the SEO toolkit.
The only thing I can think that may be annoying Google is
The keywords are the same accross the whole site rather than being page specific. (cant see why this would be a massive deal
Another URL has been set up that simply points to my site (without redirecting) (again - no big deal)
Non UK users are automatically forwaded onto the US version of the site which is a different brand. I guess this could be the problem. If google spiders my site from the US then it will never get the UK version
So the question is, does geo redirecting setting effect my SEO? Is it possible to detect if who is accessing your site is actually a search engine that is spidering my site. In this case I don't want to do any geo-location
Do not use same keywords on entire site. Try to use specific keywords per page.
Do not let several URL:s point directly to the same site since this will cause the inlinks from the different domains to be treated as to different domains. If you point URLs by redirect, all inlinks will be added to the target domain and thus increase it's "inlink score".
To detect is request is from a crawler, use the browsercaps project: http://owenbrady.net/browsercaps/