karnabal Posted May 16, 2018 Posted May 16, 2018 (edited) Hello, Mon site web semble avoir été hacké. Je trouve dans l'index de Google plusieurs milliers de pages, visiblement toutes redirigées vers un site web commercial. Vous trouverez la liste des pages créées avec cette requête Google. Impossible de retrouver ces pages dans mes installations WordPress. J'ai regardé également dans la BDD (une BDD pour deux installations), et je n'ai rien trouvé non plus. J'ai contacté naturellement le site web cible des redirections, mais leur support commercial (tchat) me dit que l'IT va revenir vers moi, mais malgré les mails que j'ai pu leur adresser, évidemment, aucune nouvelle de leur part. Savez-vous comment cela a-t-il pu arriver ? Et surtout, que puis-je faire ? Edited May 16, 2018 by karnabal
Dan Posted May 16, 2018 Posted May 16, 2018 Manifestement, la redirection de tes pages est faite par googlbot.su ou par go.oclaserver.com, selon les pages .... Tu as au moins un malware... Regarde le résultat de cette page (cela met un peu de temps à s'afficher vu que ça scanne le site) https://sitecheck.sucuri.net/results/fr.anthonycontat.com
bobrock4 Posted May 24, 2018 Posted May 24, 2018 Hi, I have the same malware in my site. Google sent to me a message with the same strings than yours. I'm have been scanning the site for days. Wp installation and dbs. But anything. Have you found where it is located the malware? Thanks Best Regards
Dan Posted May 24, 2018 Posted May 24, 2018 Hi, The original poster didn't show up in 8 days, thus I guess he didn't correct his website ! Did you scan your site on sucuri.net ? https://sitecheck.sucuri.net/ After scan completion, it should show you the offending pages. Best regards PS: keep in mind that this board is exclusively french speaking. I saw from your IP that you are posting from south of Italy, but I feel more comfortable with English than Italian.
bobrock4 Posted May 25, 2018 Posted May 25, 2018 (edited) I'm sorry for my English and not French. This is one of the few place in which I have found information on these strings. Securi.net is not able to find anything on my site. It's a difficult task Best Regards Edited May 25, 2018 by bobrock4
Dan Posted May 25, 2018 Posted May 25, 2018 You should recursively search for strings like "googlbot.su" or "oclaserver.com" on your web site. If the domain is on a dedicated server and you have a shell access, a simple grep -r "googlbot.su" /your/website/directory should find the file(s). You could issue a comparable command with "oclaserver.com" as search string. Alternatively, a command like find /your/website/directory -type f -mtime -15 -exec ls -l {} \; should show all files modified during the last 15 days. Change the -15 by any other value like -30 for last 30 days. If you don't have a shell access, you should download your complete site and search locally with your O/S tools.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now