Jump to content
karnabal

Site WordPress hacké ? Pages introuvables redirigées

Rate this topic

Recommended Posts

Hello,

 

Mon site web semble avoir été hacké. Je trouve dans l'index de Google plusieurs milliers de pages, visiblement toutes redirigées vers un site web commercial. Vous trouverez la liste des pages créées avec cette requête Google. Impossible de retrouver ces pages dans mes installations WordPress. J'ai regardé également dans la BDD (une BDD pour deux installations), et je n'ai rien trouvé non plus.

 

J'ai contacté naturellement le site web cible des redirections, mais leur support commercial (tchat) me dit que l'IT va revenir vers moi, mais malgré les mails que j'ai pu leur adresser, évidemment, aucune nouvelle de leur part.

 

Savez-vous comment cela a-t-il pu arriver ? Et surtout, que puis-je faire ?

Edited by karnabal

Share this post


Link to post
Share on other sites

Manifestement, la redirection de tes pages est faite par googlbot.su ou par go.oclaserver.com, selon les pages ....

Tu as au moins un malware...

 

Regarde le résultat de cette page (cela met un peu de temps à s'afficher vu que ça scanne le site)

 

https://sitecheck.sucuri.net/results/fr.anthonycontat.com

 

Scan_Results.png

 

 

 

 

Share this post


Link to post
Share on other sites

Hi,

 

I have the same malware in my site. Google sent to me a message with the same strings than yours.

 

I'm have been scanning the site for days. Wp installation and dbs. But anything.

 

Have you found where it is located the malware?

 

Thanks

 

Best Regards

 

 

Share this post


Link to post
Share on other sites

Hi,

 

The original poster didn't show up in 8 days, thus I guess he didn't correct his website !

 

Did you scan your site on sucuri.net  ? https://sitecheck.sucuri.net/

After scan completion, it should show you the offending pages.

 

Best regards

 

PS: keep in mind that this board is exclusively french speaking

I saw from your IP that you are posting from south of Italy, but I feel more comfortable with English than Italian. ;)

 

 

 

Share this post


Link to post
Share on other sites

I'm sorry for my English and not French. This is one of the few place in which I have found information on these strings.

Securi.net is not able to find anything on my site.

It's a difficult task

 

Best Regards

Edited by bobrock4

Share this post


Link to post
Share on other sites

You should recursively search for strings like "googlbot.su" or "oclaserver.com" on your web site.

If the domain is on a dedicated server and you have a shell access, a simple

grep -r "googlbot.su" /your/website/directory

should find the file(s). You could issue a comparable command with "oclaserver.com" as search string.

Alternatively, a command like

find /your/website/directory -type f -mtime -15 -exec ls -l {} \;

should show all files modified during the last 15 days.  Change the -15 by any other value like -30 for last 30 days.

 

If you don't have a shell access, you should download your complete site and search locally with your O/S tools.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...