6 of my sites were comprimised because i did not update the wordpress for many years.
Now that i cleaned up the sites, i still have spam links on 3 of them.
I am not sure if this is because google doesnt update the search results for more then 2 weeks or i am still infected.
When you look up my site in google by typing in: site:homeremediesworld.com you will find many spam links coming from michael kors brand sites.
Can anyone have a look and what the problem is and if my site is secure enough for vulnerabilities etc so that i cant be hacked again.
Sucuri and many other scan sites say the sites are all clean.Any thoughts from the experts here.
We have found in our database of already analyzed websites that there are 28 websites hosted in the same web server with IP address 198.252.103.67 and IP hostname 198.252.103.67-static.reverse.arandomserver.com. Remember that it is not good to have too many websites located in the same web server because if a website gets infected by malware, it can easily affect the online reputation of the IP address and also of all the other websites.
Yes, my sites are on a shared hosting. 3 of the sites are mine. one has the magazine basic theme on it. The other 2 have seo in the domain name.Please have a look.I dont want to give away all the sites otherwise i can be hacked again. My sites are all clean except for virustotal.But when i check the bad ones mentioned on virustotal like bitdefender and scumware they are malware that date from 14.12. But i removed them after that date.I just let my host do another malware scan and found all clean.
So what can i do to remove the spamlinks from google search results?The strange thing is that the other 3 sites are totally clean.They also dont have any spamlinks anymore.
If you mentioned the sites here or not have nothing to do with the possibility that they can be hacked (again).
And how do you expect us to check if we don’t know what to check?
So what can i do to remove the spamlinks from google search results?
Well the first site i allready mentioned is: homeremediesworld.com. I first need to know what is wrong with this site?Why it still give me spam links in the google results.
Have you tested and seen same results when you check in google with site:homeremediesworld.com?
the other 2 you could find easily in the ip check you did with virustotal.The only 2 that have seo in the domain name.
Google doesnt help me alot.
I got this message from them:
Translated from dutch to english:
Request for reconsideration process for http://homeremediesworld.com/19 December 2014
Dear webmaster http://homeremediesworld.com/,
We have a request for reconsideration from a site owner processed http://homeremediesworld.com/. The site is checked for violations of our quality guidelines. Any manual spam actions were applied to the site, where applicable withdrawn or modified.
recommended Actions
Use the page Manual actions in Google Webmaster Tools to see the actions that are currently being used on your site.
If your site has been hacked, check the Vulnerabilities page on any additional actions on your site.
If your site is having trouble in our search results, please visit our Help Center to identify potential causes of these problems and remedy. Please note that from time to time, some fluctuation in ranking place when we make updates to deliver the best results to our users.
If you have any questions about how to resolve this issue, please visit our Webmaster Help Forum.
With regards,
The Google Search Quality Team
I did the manual spam check.When i click on i get the message:No manual spam action required/found.
When i click on security problem i go to a page that says that there are no security problems.
Not sure what to do with such a message. So is my site infected with malware or is it clean?
This can only be solved with a concerted trilateral action, 1. website owner and webmaster, 2. hoster and 3. Google should come and work together to repair/solve this abuse situation. When the website software is cleansed and up to date also the hosting server also securely configured to be no longer vulnerable to further attacks and hacks, then Google could consider to change the website status. Without a concerted action I cannot see any change in your situation. Bitdefender TrafficLight extension also blocks your website as with malware.
You have a mailserver problem: http://www.dnsinspect.com/homeremediesworld.com/1420642300 with with inconsistent reverse DNS entries.
Was -fpdownload2.macromedia.com checked against possible trojan activity?
Server redirect status Code: 503, content cannot be read. The default lsphp binary is vulnerable in Litespeed!
Attacks open up to htxp://lacreatina.net/ DOM XSS vuln: Results from scanning URL: htxp://lacreatina.net/wp-content/cache/autoptimize/js/autoptimize_ac10b8d90864d9a1b10d26ef6feac84d.js
Number of sources found: 14
Number of sinks found: 17
Results from scanning URL: htxp://lacreatina.net/wp-content/cache/autoptimize/js/autoptimize_ac10b8d90864d9a1b10d26ef6feac84d.js
Number of sources found: 14
Number of sinks found: 17
Results from scanning URL: htxp://homeremediesworld.com/wp-content/plugins/pinterest-plugin/snpin.js?ver=4.1
Number of sources found: 109
Number of sinks found: 89
Results from scanning URL: hxtp://homeremediesworld.com/wp-content/plugins/pinterest-plugin/snpin.js?ver=4.1
Number of sources found: 15
Number of sinks found: 11
So the dns part i need to mail the hoster about this issue.
Could you please explain what you mean by this: -fpdownload2.macromedia.com checked against possible trojan activity?Where can i find this file?
Also you mentioned another site which is not mine.lacreatina.net. What does this site have to do with mine? May i ask which scanner you used to pick these all up?I am mostly interested.
But if mostly its a server setup why arent my other 3 sites giving this error and why dont these sites show up with spam?
Ps how about seo-titan.com and seoconsulent.nl?do they have the same issue?
I will let the hoster take a look at this and see if they can help me out. They allready done a malware scan but found nothing. Hope they can fix the parts you mentioned.
thank you
Cleansing is always a good policy.
Still you have to do requests to be no longer listed as spam site,
alas that still should be honored before you are not blocked any longer.
Yeah sorry, i was still modifying my last message.
So if i do remove the plugins and the search image it would not be enough for google?I g=checked the image with http://jsunpack.jeek.org/dec/go? and http://wepawet.iseclab.org/view.php?hash=5b44fa44883f0a04b900855ccbf8d26f&t=1420663186&type=js and http://urlquery.net/report.php?id=1420664496220 but i could not find any malware.
I could only find this with virustotal:
content-length: 1112
via: HTTP/1.1 GWA
accept-ranges: bytes
x-google-cache-control: remote-fetch
vary: User-Agent
expires: Wed, 14 Jan 2015 20:58:25 GMT
server: LiteSpeed
last-modified: Wed, 17 Dec 2014 08:16:28 GMT
connection: Keep-Alive
etag: “458-54913bdc-2d5a2a1b62351e5”
cache-control: public, max-age=604800
date: Wed, 07 Jan 2015 20:58:25 GMT
content-type: image/gif
Is the problem with the cache control ?please explain.
The rest needs to be configured by my hoster. Is this correct?
But how come the other 3 sites of mine dont have this issue with spam links in this one does?
What is the issue with seoconsulent.nl en seo-titan.com?
Could you also tell me what scanner you use that picked up all these issues. I havent found one who could do this.
I appreciate your help.
Hope i can solve this soon
Thanks Polonus for all the help.
I contacted my host and told them to read the posts you had written down. They mitigated my sites to another ip address:
198.252.100.100. Would this be sufficient?Yeah it’s a free world. If they solve my problem all is fine.
Ps which scanner you used to find this:
Results from scanning URL: htxp://homeremediesworld.com/wp-content/plugins/pinterest-plugin/snpin.js?ver=4.1
Number of sources found: 109
Number of sinks found: 89
How and where can i find the links. In which files should i look to remove those links. 1 of the 3 is just the theme creator. The other 2 have nothing to do with my site.
How about the google browse difference?Would that be a problem?Or does each browser look diferently to a site.
I always combine the results of various specific scanners to try and get to reach any conclusive results. After over 10 years of experience you know what to look for and some experience here helps. The scanner I used for the possible DOM XSS sources and sinks result (depending on other factors if they are ever could lead to an actual exploit or attack) was: htxp://www.domxssscanner.com/.
The issues you found on the seo-titan dot com scan are no actualthreats as such and when the external links to check aren’t blacklisted or blocked there is no real danger.
The scanner I used for the security header scan (responsible for such security is your hosting party) was http://cyh.herokuapp.com/cyh and dns checked here: http://www.dnsinspect.com/ (also under the responsibility of those that host the website(s)).
well i found 2 links that werent mine at all through your scanner. So is there an easy way to find those particular links on my server. I checked all the posts and pages but found nothing. Your scanner is it a live scanner?
I really appreciate that you gave me links to the tools you use. I really appreciate it. Yeah i know about the the revslider vulnerability. REad about it on sucuri blog.
I had someone look at it and he said i was again compromised 3 days ago. He is looking into it. He is more of a malware remover. He is not a breach detector or knows how to secure a website.
Is there a way to check for vulnerabilities on a site that we can use online? So not searching for malware but more finding the backdoors hackers can use?
I have a raw acces log file. There i can see the spamlinks which i could not find anywhere on the server.Would you have a look at it?
let me know
thanks
For a quick and dirty you always combine a couple of real live scanners and their results. Best protection is to fully update and patch CMS and server software, but there you are also dependant on what the hosting party does or rather does not do. This is a good scan: http://aw-snap.info/file-viewer/ and combine with http://fetch.scritch.org/ Input output validation is always a good way to look where backdoors may lure and naturally working on some coding do’s and don’ts. Remember the main flaws and kernel software of CMS is well maintained, but it is the free plug-ins and themes where the issues come from.
I sometimes work as an exam surveyor on a higher Institute of Commercial, Media and IT Studies and there I found that security is sometimes left out of the curriculum or presented from the wrong textbooks. It is in the field and trying to keep a system up and free of malcode where the real training starts. A pity website security analyzing and website error-hunting is a last resort thing. I try to educate users as much as I can here, but sometimes I feel like the proverbial figure out in the desert preaching to the choir…
polonus (volunteer website security analyst and website error-hunter)
Yeah off course the best way to protect your websites is to update everything you can like cms,plugins, server config, firewall configuration even your own computer. But i learned the hard way. I never updated my plugins and cms.
But still in my situation i got everything cleaned out,patched everything i could, changed usernames where possible, removed databases that were not in use etc etc. By doing this i got the “your site hacked” removed from google results and it also removed the notifications in my webmaster tool account. Also all scanners tell me that the sites are clean but google still doesnt help me out. I have allready contacted someone at google forum but the only thing they do is let me walk in circles. Not much help. I told them the issue with the spam links i still have in google results and now they say that I am the one who needs to remove the spamlinks from my server. Even though i told them there are none.
I just replied to one of them. Hope they will help me out this time. Not much i can do for now.Took a lot of my time and other peoples time to get where i am now.
I am getting a bit frustated. This is going on more then 3 weeks.
Thanks for all the help.
Dear polonus,
as you might know i still have the 3 websites showing spamlinks in google search engine.
I found a access log file and i read this post http://aw-snap.info/articles/find-backdoor.php from redleg about checking for backdoors.
I found the following:
“GET /?mcm=mcm-stark-backpack-2014 HTTP/1.1” 200 111 “http://domainname.com/” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36”
54.215.13.26
GET /wp-login.php?host=domainname.com&action=register HTTP/1.1" 404 3825
208.109.119.221
