Google Search Results Show Viagra



Posted by admin on

Google Search Results Show Viagra

Search results for my website show content that isn't mine including pharmacy (Viagra and Cialis)

I have a website and when I try a search like this: site:dichthuatviettin.com it gives me bunch of result like this :

Those pages do not exists on my website, how did they get there?

I don’t know what happening with my website anymore ! Any help or explaination why this happen ?

3 Answers 3

Your website has been compromised and it is being used by blackhat SEOs. This is a pretty common thing amongst spammers and the like. Take a look at: My site’s been hacked – now what?, by Google.

  1. Download a backup of your website. Make sure that you also backup the database, not just the files.
  2. Get in contact with your web host and explain the situation.
  3. Check to see if your software is out of date (Joomla, WordPress). Do the same for all of your plugins. Search around to see if anyone else has reported any vulnerabilities in the plugins that you use.
  4. Change all FTP passwords and usernames.
  5. Ensure that your admin login is secure. Use usernames other than “admin” and “user”. Change your password and make sure that it isn’t easy to guess. Make sure that your site guards against brute force attacks as bots are constantly trying to break into WordPress panels (two of my WordPress-driven websites see attacks on a daily basis).
  6. Take the site down for the time being until you’ve fixed the issue. Do what Google suggest and return a 503 HTTP status code.
  7. If the site is custom, contact the developers.
  8. Once a part of your website has been compromised, you should assume that everything on your website has been compromised.
  9. A complete wipe and a fresh re-install of your software (WordPress, Joomla) is in order. Sometimes, hackers will leave backdoor scripts that give them remote access or they’ll inject code into core parts of your software.
  10. Try to avoid applying 777 permissions to directories.

Looks like you’ve been ‘hacked’. Someone found a method to upload pages to your server en got them indexed. Go through your site/database and do a deap search for those keywords.

Tip: with the commandline you can find and sort files on last edit date (this does last 25):

After that, check for holes, wrong rights, your uploads etc. If it’s a WordPress, Joomla Drupal site, or another framework, read into security about that framework. ‘Hackers’ love those sites and exploit them with bots.

I have had this happen to me a while back on a shared server. Wexford’s list is pretty comprehensive, but I wanted to include that the attacker also added their own key under .ssh/authorized_keys and was able to reinfect my site after I removed everything. I’m not sure if this is the case in your setup, but being on a shared server can expose you to attacks by other compromised sites (users) on the same server. Any world-writable directories can have web shells dropped in by any user on the server, and any world-readable application files containing database credentials can be read by other users, so your web application doesn’t need to be vulnerable in order to be compromised. Hardening permissions on any sensitive files/directories is a good start, and removing the world-readable bit (but leaving the executable bit) on one of the top-most directories is another good step.

Not the answer you're looking for? Browse other questions tagged search-engines content or ask your own question.

Related
Hot Network Questions

Subscribe to RSS

To subscribe to this RSS feed, copy and paste this URL into your RSS reader.

site design / logo © 2022 Stack Exchange Inc; user contributions licensed under cc by-sa. rev 2022.2.11.41438

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.