I have a website wich is registered with google analytic so I can see the statistics of it The problem is that sometime it shows me this link :
website.com/www.bndv521.cf/
or:
website.com/admin
I do not know if this is a hacker trying to hack me or something but I think nobody will try to access my admin for good
Can you help me to know what is this link refers to ?
Consider checking for a malicious code included on your pages. And yes it's likely that some one is trying to access those pages but it may not execute because it's invalid path. You should consider blocking such ip addresses after checking in logs.
Although trying to reach an admin page seems a suspicious action, in our website we come accross this issue every one in ten thousand requests.
We think that a browser extension or a virus like program tries to change URL or trying to add this keyword to URL. Not for a hacking purpose, but to redirect to their advertisement website.
Very similar issue here: Weird characters in URL
Related
I'm looking for an easy way to share through LinkedIn without all that hassle with OAuth 2.0 which I don't see required when I see other pages that use this kind of sharing (and they didn't required anything from - I can straight out share).
Straight to the issue:
this one works: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Frefair.me
this one doesn't: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Frefair.me%2Fjob%2F494
Seems like beyond main domain I can't get sharing working. For instance from other site a link that goes deeper and is still shareable: https://www.linkedin.com/shareArticle?mini=true&url=https://bulldogjob.pl/companies/jobs/2043-programista-java-warszawa-bms-sp-z-o-o&title=Programista+Java&summary=&source=https://bulldogjob.pl
I also tested with and without source and summary query params. Anyone had that issue?
LinkedIn uses the Open Graph protocol (http://ogp.me/) to determine how pages are shared in LinkedIn.
You may also use the LinkedIn Post Inspector (https://www.linkedin.com/post-inspector/) tool to debug how various pages would be shared in LinkedIn.
I decoded your URL so I could get a cleaner look...
https://www.linkedin.com/sharing/share-offsite/?url=https://refair.me/job/494
So, let's try to visit your URL: https://refair.me/job/494 . The webpage you are sharing DOES NOT LOAD.
Is your site down for everyone? Yes, your site is down for everyone.
In order to share a URL on LinkedIn, you must fulfill the following minimum requirements:
The URL must load.
If you just want to test out the API, try using wikipedia.org or google.com as test pages.
Surprisingly, the old refair.me URL by itself works fine in LinkedIn, but that could be from some internal cache, from way back in the day when the page once did work. It certainly does not do so anymore.
I recently opened up my google analytics and looked at the behavior panel all pages in depth for the first time and I noticed some strange pages such as:
/amobee/a3d-ad-loader.html?a3dWebglBanner=https://cdn-production.amobee3d.com/__integration__/9cbea9d/a3d-webgl-banner.js&adName=canon_sp&bucket=cdn-production.amobee3d.com&creativeId=phone&tpt={"tpt-click":"http://r.turn.com/r/tpclick/urlid/14BFxPtiFHxrmUcNdR4QHN-0x-Yel1rNyX3oaT1U1nk4Xtdr-WJQO1XlpD1d2cgzm_yn98_nqu0l-H7-6TDbnFAVUaa81rE5Va5TPoJV_1Ntn4-ZNPeiesLCUWGi5Q0pMIlxWeHujtiWU4hIRmxZhGDbLcisF5vf52pYjnxx7sgLDq60qaLSM9lSDH_P7r3m2LfHLNhuhT3pi82fEsIKY-zMcLaIqUa9FRu7ru1ABYiMCtsmIp-lbv-0tHQ0QtXb2XvAslSEVQju5WCkGeXtYPPWcOXdh4wRx2g-XrBQLJqyt0vA7eW1L6lLODoYREs9OBPuTEypwnf63U3p8t5FBYUJmQbyMz4eKCUfVCW3oZA8XwQsSlpxKWOwnR4ICWD6Hv0vAV2VuhJR0Xs53RIHS3H9Tz63br3HTEa4ZY_kKFET9A_ftQbvMsRO4u41FP6SKbtlYbh9rP6ujKbOzAN8TRFll4D4qUWscfwlVaUN_u2u5E4Vy42t_bSnl21XJcaYEQEFVUTsKZNXtOXj9z5KcYao4xmdD4GUUWyryckAdVyWahvx4V_d16JvQHawx4X3ioQH0_wNdsrb3RVATpziopDFpbZaBPUHiKLZ-bIyufGmXpZmxg-3vX-zu1vvsZPbJNqcc9li1Ympbj3ShiZ1AiIxqUrWzljp1f1In7Z8Im-yg3_KM0J57D8-gUsHIZ-oX3ZGD89yOo93M3XBqtzuW2Hsic-itJBXhnJzspzQ4UqNbGQz9oR24Gk94As9pRznxJBPBDq4ETbqpQBtH7BoKHQ/3c/https://adclick.g.doubleclick.net/aclk?sa=l&ai=C4Uxke2G6WaDwNofbpAOzu7eoBf7D7ZRGiM-B9pQBwI23ARABIABgyabejOCk0BSCARdjYS1wdWItODQ0NTQ5NjI3NTYxOTU2N6ABjPe59APIAQmoAwGqBHxP0Hg-A8VrFKLhd4VPGK02nOSLdJlNn7XiRxtz6uzu19NuxGmz5enbVlB2iirq6fTo1Hjk0ggr3O7qFuCqnbrLdm_fi-5tala6iCF3bFK5yG40vufVOofQQ-0YefypkSbFeGdRzK6ke5XOGaI8UaVEAoiTfHwrtnGA6nyzgAbd2MidmYzBhAygBiGoB6a-G9gHANIIBQiAARAB&num=1&sig=AOD64_06gu58j3wZF6kAoqQM6TYyaPYIBQ&client=REMOVED&adurl=/url/"}
/flashtalking/ftlocal.html?ifsrc=https://cdn.flashtalking.com/xre/271/2711110/1979640/js/j-2711110-1979640.js&ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_ifb=1&ft_domain=REMOVEDft_agentEnv=0&ft_referrer=REMOVED&cachebuster=750934.4320502493&click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=Ce9A4rOjBWbK7BMnWkgP6w6nwB4GMv7JMitPArpwG-7idztoIEAEg0JjELWDJ5v6GgICgGcgBCagDAaoEuAFP0IwsQBfm1IhnAEcv-Kxde6xOfh27RXolPw6jRU8iIA8UyhMCIzdPsjzlztPIEk-d6gwfr438fNB4ptnk2O2-NRq8iKLUF9M4vcKS2aV9IoNcN3v5gcOhtR8Woojv_R8C-z6cDbensRSTTYYVM9RS8OIGbiXrVvsrHcU7kb8vlmMS0EIKD_5NwhCenv4gRE9-_U1Q1r05lJPI1RAJ1m2m_LPSflL_nb5m8BpwYhfJFdBGanLwgh7LwASLsqq1rgHgBAOIBd3Zs7sDkAYBoAZN2AYCgAefycxeqAemvhvYBwCgCP-hpwSwCALSCAcIgGEQARgCyBPg1p0C0BMA2BMDghQTGhF3d3cudm9sdW1lYm90LmNvbQ&num=1&cid=CAASEuRoTBJWebFR9Y_pZL7ze3vdCg&sig=AOD64_2PqRgxPypUSzjJHrRA4kFBwKQPZQ&client=REMOVED&dbm_c=AKAmf-BdHzMrPFTxYQj06utKwilI6E9GHRDztBNwp4NEhB2BuaayZ6JG_BcT226zfnDtdwABfZhe&dbm_d=AKAmf-BWr8_Qqd0y7BMDQPUfEaK5z_iR3KXo8wstJkrl5wytBRYlArCAOqS_TR4m5kPBDNYQmT520pL98pRp6u4h6seeuW53gXANeGvEaPqByEZTbKzlzs7zvX_HqjcevAzg0oDNVrcKyt6jc0SRG5LJGM-YrbtMWCm0-ceIau7y4qp_WK-X5-c&adurl=&ftimpid=35502EEB8067F1&ft_id=&ftcustom=&ftsection=&fttime=1505880237&ftcfid=6825920&ftguid=3165AF587F7584
I removed the client value and some other fields and replaced with REMOVED for anonymity purposes but I was wondering if anyone can tell me if it's malware.
I have a site that uses wordpress in the cloud and I have scanned with wordfence saying that my site is clean.
Was wondering if I should look deeper, or if this behavioral page is normal.
Amobee and Flashtalking are both advertising platforms, so it looks somebody has configured advertising tags incorrectly. Probably those clicks should be routed through the respective platforms (e.g. to record data for bid management or something like that) and instead they go directly to your page with redirect Urls appended. If you do paid advertising then you should check with the people who configured this for you.
I recently built and published my Wordpress site at www.kernelops.com and submitted it to the google index and webmaster tools. Today I logged into webmaster tools and found 60 URL errors all with the same type of issue. The base domain address www.kernelops.com is being appended to all my sites page, category, and post URLs. An example of the failed URL looks like this:
http://www.kernelops.com/blog/www.kernelops.com
Google Webmaster Tools indicates that this weird link is originating from the base url "http://www.kernelops.com/blog" which obviously means the issue is on my end. My Wordpress permalink settings are set to use the post-name; I'm not sure if that could be causing this, i.e.:
http://www.kernelops.com/sample-post/
I can't seem to find any help resolving this weird issue with google searches and thought someone here may be able to point me in the right direction.
The Wordpress plugins that would potentially affect the site's URLs are the following:
All in One SEO
XML-Sitemap
But I can't see any sort of setting within these plugins that would be causing this type of issue.
Any ideas would be greatly appreciated - thanks in advance!
This is a long shot, but it may be happening if the Google crawler picks up a link that seems like a relative path and attempts to append it to the current directory. It's highly unlikely that Google would have such a bug, but it's not impossible either.
The closes thing I could find that may be considered a relative path is this:
<div class="copyright">
...
Kernel, Inc.
...
</div>
I doubt that this is the problem, but it may be worth fixing it.
Now, there is yet another possibility and that's if the website serves slightly different content depending on the User Agent string. When Google presents your website with a User Agent string, the SEO plugins detects it and tries to optimize things in order to improve your ranking (not familiar with that plugins, so I don't know what it does exactly). There may be a bug in the SEO plugin that will cause the www.kernelops.com URL to look like a relative path or to actually construct that faulty URL somehow.
You can possibly test this by setting the user-agent string in your browser (e.g. FireFox's user-agent switcher) to Googlebot's user-agent string and test what happens when you visit your website. Look at the page source that you receive and look for any links that might look like the one Google is finding.
However, if the SEO tool is smart enough, it will "realize" that your IP doesn't match one of the valid IPs for Googlebot and it will not make the modifications.
An issue was brought to me involving malware on a WP environment. When I search the brand in Google and click the corresponding link, I'm redirected to a 3rd party spam site.
This has been happening for a while (over a week), but my site hasn't been put on Google's blacklist. Additionally, site scanners like , Norton Safeweb, etc. all claim the site isn't compromised.
Additional details:
I found and deleted some suspicious PHP eval() functions and then did a search and replace in my pages and database for any remaining code. After the site cleared into un-blacklisted status with Google I thought it was all over, ran updates and took numerous measures to protect the site from future infection.
However the issue still persists.
Were the nameservers ever changed by the malware or attackers? Google could have the wrong DNS information for your domain and thinks its hosted at said spam site? Resubmit your site to Google or report the issue to them to resolve (may also be resolved automatically next time Google tries to crawl your domain)?
It is a strange issue I have not seen before either, have you looked at your .htaccess file in the root directory? It is also possible that this has a rewrite condition that if the referrer is Google to redirect you to the spam site.
Solved this issue. At the time when this happened, this redirect attack was fairly new.
HTTP requests from visitors who passed referrer data from Google Search or Bing were being redirected, some of the time.
By targeting only those coming in from search, the webmaster or site owner is less likely to see the issue (until informed by a third party), while still manipulating a decent amount of the traffic (50% of traffic for most sites comes from search engines).
When I originally posted this question in 2012, this attack was new and because the redirect was being served server-side (directly in a lone PHP file, not via .htaccess), malware signatures from scanners didn't detect this.
Running Maldetect (with an updated database) was the best way to quarantine this issue and analyze the extent of the damage caused by malware.
This issue seems due to wp-vcd Malware that creates rogue WordPress admin users and injected spam links. I faced the similar issue and it got resolved after following these steps.
The files you should check for and delete:
wp-feed.php
wp-vcd.php
wp-tmp.php
Multiple copies of class.theme-modules.php, and
remove a bunch of code from the start of all the functions.php files.
For details you can find on this issue at following links...
https://wordpress.org/support/topic/wp-feed-php/
http://labs.sucuri.net/?note=2017-11-13
http://labs.sucuri.net/?note=2017-11-13
What should I do when I see some IP in my logs scrolling through 100s of pages on my site? I have a wordpress blog, and it seems like this isn't a real person. This happens almost daily with different IPs.
UPDATE: Oh, i forgot to mention, I'm pretty sure it's not a search engine spider. The hostname is not a searchengine, but some random person from india (ends in '.in').
What I am concerned with, is if it is a scraper, is there anything I can do? Or could it possibly be something worse than a scraper e.g. hacker?
It's a spider/crawler. Search engines use these to compile their listings, researchers use them to figure out the structure of the internet, the Internet Archive uses them to download the contents of the Internet for future generations, spammers use them to search for e-mail addresses, and many more such situations.
Checking out the user agent string in your logs may give you more information on what they're doing. Well-behaved bots will generally indicate who/what they are - Google's search bots, for example, are called Googlebot.
If you're concerned about script kiddies, I suggest checking your error logs. The scripts often look for things you may not have; e.g. on one system I run, I don't have ASP, however, I can tell when a script kiddie has probed the site because I see lots attempts to find ASP pages in my error logs.
Probably some script kiddie looking to take advantage of an exploit in your blog (or server). That, or some web crawler.
It's probably a spider-bot indexing your site. The "User-Agent" might give it away. It is possible to have 100s of GET requests easily for a dynamically generated Wordpress site if it isn't all blog pages but includes things like css, js and images.