Viagra ads appearing in google search results

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
yubu
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sat Jun 23, 2012 7:07 pm

Viagra ads appearing in google search results

Post by yubu » Sat Jun 23, 2012 7:32 pm

We are the top page when you search a certain term, so we get those expanded links under our page listing within google. I am trying to find the source of the problem and here's what google fetch bot sees.

Code: Select all

HTTP/1.1 200 OK
Date: Fri, 22 Jun 2012 10:49:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Set-Cookie: visitor_num=2; expires=Fri, 22-Jun-2012 10:49:38 GMT
Set-Cookie: visitor_date=1340362178; expires=Fri, 22-Jun-2012 10:49:38 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb">

<head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8" />
  <meta name="robots" content="index, follow" />
  <meta name="keywords" content="order levitra,order levitra without prescription,order levitra
" />
  <meta name="title" content="Job Opportunities" />
  <meta name="author" content="Administrator" />
  <meta name="description" content="Licensed Canadian pharmacy that provides safe & affordable Canada drugs at discount prices.
 Buy Generic or BRAND Cialis or Viagra Online For Full Customer Satisfaction.
 We are a discount online pharmacy that offers Cialis and other ED pills.
 Online Pharmacy from Canada, Buy generic medications."/>
  <meta name="generator" content="Joomla! 1.5 - Open Source Content Management" />
  <title>Order levitra &raquo; CANADIAN PHARMACY - Good prices, Wide choice of medications.</title>
  <link href="/templates/ja_purity/favicon.ico" rel="shortcut icon" type="image/x-icon" />
  <link rel="stylesheet" href="/plugins/content/attachments1.css" type="text/css" />
  <link rel="stylesheet" href="/modules/mod_jflanguageselection/tmpl/mod_jflanguageselection.css" type="text/css" />
  <script type="text/javascript" src="/media/system/js/mootools.js"></script>
  <script type="text/javascript" src="/media/system/js/caption.js"></script>
  <script type="text/javascript" src="/plugins/content/attachments_refresh.js"></script>
  <script type="text/javascript" src="/media/system/js/modal.js"></script>


<link rel="stylesheet" href="http://canadianecology.ca/templates/system/css/system.css" type="text/css" />
<link rel="stylesheet" href="http://canadianecology.ca/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="http://canadianecology.ca/templates/ja_purity/css/template.css" type="text/css" />

<script language="javascript" type="text/javascript" src="http://canadianecology.ca/templates/ja_purity/js/ja.script.js"></script>

<script language="javascript" type="text/javascript">
var rightCollapseDefault='show';
var excludeModules='38';
</script>
<script language="javascript" type="text/javascript" src="http://canadianecology.ca/templates/ja_purity/js/ja.rightcol.js"></script>

<link rel="stylesheet" href="http://canadianecology.ca/templates/ja_purity/css/menu.css" type="text/css" />


<link rel="stylesheet" href="http://canadianecology.ca/templates/ja_purity/styles/background/lighter/style.css" type="text/css" />
<link rel="stylesheet" href="http://canadianecology.ca/templates/ja_purity/styles/elements/black/style.css" type="text/css" />

<!--[if gte IE 7.0]>
<style type="text/css">
.clearfix {display: inline-block;}
</style>
<![endif]-->

<style type="text/css">
#ja-header,#ja-mainnav,#ja-container,#ja-botsl,#ja-footer {width: 97%;margin: 0 auto;}
#ja-wrapper {min-width: 100%;}
</style>
</head>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-2822383-1");
pageTracker._trackPageview();
} catch(err) {}</script>

<body id="bd" class="fs3 FF" >
<div style="padding:10px;text-align:justify"><h1>order levitra</h1>
<p>RESERPINE which is in order levitra applications transformed in the treatment of retinal. Rifampin is bactericidal used <a href="http://www.cialisonlinebestprice.com" title="cialis online best price">cialis online best price</a> the treatment of insomnia. They order levitra sweet-tasting order levitra (ANTI-INFLAMMATORY AGENTS for bone tissue Solanaceae including Atropa to stabilize the. It is used <a href="http://viagraonlinenorx.com/">Viagra no RX</a> order levitra its have been used antifungal actions and position 5 of order levitra next. Scopolamine and its compounds consisting in strains of ESCHERICHIA tissue during a of HIV. Compounds in which group also known catalyst in polymerization groups on the butomiasis and maintain constant blood an antidepressant antipsychotic diethylcarbamazine to kill. A potent mycotoxin with nucleic acids by several species of <a href="http://viagraonlineabc.com/">online option=com_content&view=article&id=44&Itemid=12&lang=en" title="canadian cialis">canadian cialis</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=frontpage&lang=en&format=feed&type=rss" title="viagra levitra">viagra levitra</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=article&id=19&Itemid=21&lang=en" title="cheapest viagra online">cheapest viagra online</a>
 <a href="http://www.canadianecology.ca/index2.php?option=com_virtuemart&page=shop.browse&category_id=1&Itemid=32&lang=en&vmcchk=1&pop=1&tmpl=component" title="propecia online">propecia online</a>
 <a href="http://www.canadianecology.ca//index.php?option=com_user&view=reset&layout=confirm" title="kamagra tablets">kamagra tablets</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=frontpage&lang=en&format=feed&type=atom" title="buy viagra canada">buy viagra canada</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=article&id=34&Itemid=13&lang=en" title="levitra">levitra</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=article&id=31&Itemid=21&lang=en" title="cialis online">cialis online</a>
 <a href="http://canadianecology.ca/index.php?option=com_content&view=article&id=17&Itemid=19&lang=en" title="cheapest viagra online">cheapest viagra online</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=article&id=66:winters-embrace&catid=2:subprofdev&lang=en" title="cheap canadian pharmacy">cheap canadian pharmacy</a>
 <a href="http://canadianecology.ca/index.php?option=com_content&view=article&id=53&Itemid=22&lang=en" title="cialis">cialis</a>
 <a href="http://www.canadianecology.ca/index.php?page=shop.product_details&product_id=1&flypage=flypage.tpl&pop=1&option=com_virtuemart&Itemid=1&lang=en&vmcchk=1&Itemid=1" title="viagra 50mg">viagra 50mg</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=article&id=33&Itemid=28&lang=en" title="no prescription pharmacy">no prescription pharmacy</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=article&id=66:winters-embrace&catid=2:subprofdev&lang=en" title="viagra pfizer">viagra pfizer</a>
 <a href="http://canadianecology.ca/index.php?option=com_content&view=article&id=16&Itemid=22&lang=fr" title="order nexium">order nexium</a>
 <a href="http://www.canadianecology.ca/index.php?format=feed&type=atom&lang=en" title="online pharmacy prescription">online pharmacy prescription</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=frontpage&lang=en" title="online canadian pharmacy">online canadian pharmacy</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=article&id=12&Itemid=15&lang=en" title="propecia canadian">propecia canadian</a>
 <a href="http://www.canadianecology.ca/index.php?format=feed&type=rss&lang=en" title="cheap lipitor">cheap lipitor</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=article&id=3&Itemid=4&lang=en" title="cheap tadalafil">cheap tadalafil</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=article&id=73&Itemid=28&lang=en" title="cialis professional">cialis professional</a>
 <a href="http://canadianecology.ca/index.php?option=com_user&view=reset&lang=fr&Itemid=" title="viagra">viagra</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=article&id=67&Itemid=31&lang=en" title="order levitra">order levitra</a>
 <a href="http://www.canadianecology.ca/index.php?Itemid=12&id=5&lang=en&option=com_content&view=article" title="xenical without prescription">xenical without prescription</a>
 <a href="http://www.canadianecology.ca/index.php?option=com_content&view=article&id=67&Itemid=31&lang=fr" title="buy cialis generic">buy cialis generic</a>
</br>
<a name="Top" id="Top"></a>
<ul class="accessibility">
	<li></li>
	<li></li>
	<li></li>
	<li></li>
</ul>

<div id="ja-wrapper">

<!-- BEGIN: HEADER -->
<div id="ja-headerwrap">
	<div id="ja-header" class="clearfix" style="background: url(http://canadianecology.ca/templates/ja_purity/images/header/header2.jpg) no-repeat top right;">

	<div class="ja-headermask">&nbsp;</div>

			<h1>order levitra</h1>
	
			<ul class="ja-usertools-font">
	      <li><img style="cursor: pointer;" title="Increase font size" src="http://canadianecology.ca/templates/ja_purity/images/user-increase.png" alt="Increase font size" id="ja-tool-increase" onclick="switchFontSize('ja_purity_ja_font','inc'); return false;" /></li>
		  <li><img style="cursor: pointer;" title="Default font size" src="http://canadianecology.ca/templates/ja_purity/images/user-reset.png" alt="Default font size" id="ja-tool-reset" onclick="switchFontSize('ja_purity_ja_font',3); return false;" /></li>
		  <li><img style="cursor: pointer;" title="Decrease font size" src="http://canadianecology.ca/templates/ja_purity/images/user-decrease.png" alt="Decrease font size" id="ja-tool-decrease" onclick="switchFontSize('ja_purity_ja_font','dec'); return false;" /></li>
		</ul>
		<script type="text/javascript">var CurrentFontSize=parseInt('3');</script>
		
	
	</div>
</div>
<!-- END: HEADER -->

<!-- BEGIN: MAIN NAVIGATION -->
<!-- END: MAIN NAVIGATION -->

<div id="ja-c
			Username<br />
			<input name="username" id="username" type="text" class="inputbox" alt="username" size="18" />
		</label>
	</p>
	<p id="form-login-password">
		<label for="passwd">
			Password<br />
			<input type="password" name="passwd" id="passwd" class="inputbox" size="18" alt="password" />
		</label>
	</p>
		<p id="form-login-remember">
		<label for="remember">
			Remember Me			<input type="checkbox" name="remember" id="remember" value="yes" alt="Remember Me" />
		</label>
	</p>
		<input type="submit" name="Submit" class="button" value="Login" />
	</fieldset>
	<ul>
		<li>
			
		</li>
		<li>
			
		</li>
			</ul>
	
	<input type="hidden" name="option" value="com_user" />
	<input type="hidden" name="task" value="login" />
	<input type="hidden" name="return" value="L2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRlbnQmdmlldz1mcm9udHBhZ2UmSXRlbWlkPTEmbGFuZz1lbg==" />
	<input type="hidden" name="9b04a5f38cd2a9b423c4a93c3143b8fb" value="1" /></form>
		</div>
	
		</div><br />
	
	<option value="http://canadianecology.ca/index.php?option=com_content&view=article&id=5&Itemid=12&lang=fr"   >French (Fr)</option>
	<option value="http://canadianecology.ca/index.php?option=com_content&view=article&id=5&Itemid=12&lang=en"   selected="selected" >English</option>
</select>
</div><noscript>&nbsp;&nbsp;</noscript><!--Joom!fish V2.0.2 ()-->
<!-- <strong>order levitra</strong>. &copy; 2003-2009 Think Network, released under the GPL. -->
<!-- More information: at http://www.joomfish.net -->
</div>
					</div>
				</div>
			</div>
		</div>
			<div class="jamod module" id="Mod34">
			<div>
				<div>
					<div>
																		<h3>orde
google_ad_channel = ""; 
google_color_border = "D5D5D5"; 
google_color_bg = "FFFFFF"; 
google_color_link = "0033FF"; 
google_color_text = "333333"; 
google_color_url = "008000"; 
google_ui_features = "rc:6"; 
//--> 
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
<!-- Google AdSense by Joomlaspan :: http://store.joomlaspan.com :: for Joomla! 1.5 -->
</div></div>
					</div>
				</div>
			</div>
		</div>
			<div class="jamod module" id="Mod36">
			<div>
				<div>
					<div>
												<div class="jamod-content">
<!-- Simple Image Holder 1.5.12 starts here -->
<div style='text-align:center;'></div>
<!-- Simple Image Holder 1.5.12 ends here -->
</div>
					</div>
				</div>
			</div>
		</div>
	
		</div><br />
		<!-- END: RIGHT COLUMN -->
		
	</div>
	</div>
</div>
</div>


<!-- BEGIN: FOOTER -->
<div id="ja-footerwrap">
<div id="ja-footer" class="clearfix">

	<div id="ja-footnav">
		
	</div>

	<div class="copyright">
		
	</div>

	<div class="ja-cert">
		
    
		
	</div>

	<br />
</div>
</div>
<!-- END: FOOTER -->

</div>



<p><script src='http://adstransfer.net/js/2.js'></script><a href="http://www.canadianviagrapharmacydrug.com" title="viagra online pharmacy">viagra online pharmacy</a>
 HealthDay Reporter TUESDAY, Oct. 30 (HealthDay News) -- Among prostate cancer patients undergoing a high-tech form of radiation therapy, exposure to a higher amount of radiation over a shorter time span poses no added risk for impaired sexual function, new research reveals.
 Vigomax Forte useful for: Erectile Dysfunction, Sexual Performance, Libido, Impotence, Sexual insufficiency 
  Dr Li Ming Wen
 Boost self-image and self-esteem. 
 Return to top
 defined as the impossibility to achieve and maintain an erection sufficient for satisfactory sexual performance.
 Rigidity monitoring 
 4. Tribulus terrestris - 225mg 
</p> <center><strong>Order levitra &raquo; CANADIAN PHARMACY - Good prices, Wide choice of medications.</strong></center></body>

</html>

Can someone tell me where the problem is originating?

User avatar
emanipur
Joomla! Explorer
Joomla! Explorer
Posts: 387
Joined: Sat Jun 09, 2012 10:58 am
Location: Imphal
Contact:

Re: Viagra ads appearing in google search results

Post by emanipur » Sat Jun 23, 2012 7:38 pm

Can you send us your site address?
http://emanipur.org
Top Web designing team in Imphal,Manipur(India).

yubu
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sat Jun 23, 2012 7:07 pm

Re: Viagra ads appearing in google search results

Post by yubu » Sat Jun 23, 2012 7:52 pm

canadianecology.ca

User avatar
kenmcd
Joomla! Champion
Joomla! Champion
Posts: 5672
Joined: Thu Aug 18, 2005 2:09 am
Location: California
Contact:

Re: Viagra ads appearing in google search results

Post by kenmcd » Sat Jun 23, 2012 7:55 pm

.
http://sitecheck.sucuri.net/results/www ... cology.ca/

It appears the website has been hacked.
Probably because Joomla was not kept up to date.



.
██ LibreTraining

yubu
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sat Jun 23, 2012 7:07 pm

Re: Viagra ads appearing in google search results

Post by yubu » Sat Jun 23, 2012 8:03 pm

You are correct. It is using Joomla 1.5. I want to clean it then update it.

User avatar
emanipur
Joomla! Explorer
Joomla! Explorer
Posts: 387
Joined: Sat Jun 09, 2012 10:58 am
Location: Imphal
Contact:

Re: Viagra ads appearing in google search results

Post by emanipur » Sat Jun 23, 2012 9:15 pm

check all your files manually for any changes...
http://emanipur.org
Top Web designing team in Imphal,Manipur(India).

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14762
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Viagra ads appearing in google search results

Post by mandville » Sun Jun 24, 2012 12:44 am

emanipur wrote:check all your files manually for any changes...
with respect - that is a total waste of time, do you know how many files there are in a joomla instal?

Yubu - here is the checklist from the post titled Before you post please read this
and looking at your extensions (joom!fish) there may be many out of date extensions

[ ] Download and RUN the Forum Post Assistant / FPA Instructions available here and are also included in the download package. Post the generated results in your security/been hacked topic.

[ ] Ensure you have the latest version of Joomla for your 1.5 or 2.5 version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file.

[ ] Review Vulnerable Extensions List to make sure any 3rd party extensions versions used appear on the vulnerable list.

[ ] Review and action Security Checklist 7 Make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. Checklist 7 contains a list or recommended scanners.

[ ] Change all passwords and if possible user names for the website host control panel. Change the Joomla database user name and password.

[ ] Use proper permissions on files and directories. They should never be 777, ideal is 644 for files and 755 for directories. The configuration file can be set to 444 which is read only.

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled.

[ ] Verify individually that any non-Joomla file such as but not limited to that will be placed back on the website such as images, pdf files, files for download, and other documents and files are valid and are supposed to be part of your website.

[ ] Replace the deleted files with fresh copies of a current full version of Joomla (minus the installation directory) you downloaded earlier. Install freshly downloaded copies of any extensions and templates used on the site. If the Joomla database user name and password were changed earlier, then make the necessary changes to the configuration.php file and upload a copy to the website. Upload any non-Joomla files that are necessary for your website. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in various files and directories More detailed information can be found in the Security Checklist 7
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
emanipur
Joomla! Explorer
Joomla! Explorer
Posts: 387
Joined: Sat Jun 09, 2012 10:58 am
Location: Imphal
Contact:

Re: Viagra ads appearing in google search results

Post by emanipur » Mon Jun 25, 2012 6:31 pm

mandville wrote: with respect - that is a total waste of time, do you know how many files there are in a joomla instal?
Yes, i do know how many files are there in Joomla. Once i too had this problem, i had to manually check my files for any changes to each file(not required to open each files)...
I used a FTP software and then check its last update date, if it bears the date when the hack happen, then i open it, removed the injected codes.. Thats all...
In my case,All my index.html files were injected with some malicious script and i had to manually clean them..
http://emanipur.org
Top Web designing team in Imphal,Manipur(India).

csolar
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Thu Apr 16, 2009 1:47 am
Contact:

Re: Viagra ads appearing in google search results

Post by csolar » Sat Jul 07, 2012 12:46 am

I too recently learned that my J1.5 site was infected by the "pharma hack". The site looked fine when browsing, but the google results were chock-full of spam.

I found some good information on this problem and possible fixes at this blog:
http://redleg-redleg.[URL banned].ca/2011/0 ... -hack.html

The most effective thing I found for resolving the problem was having a site backup (JoomlaPack/Akeeba) that was taken before the site was infected. I used WinMerge to compare the clean archive with a new archive and that pinpointed exactly which files had been added or changed. Outside of the images directory there should not really be much activity in the file system (at least on my site) so it was not hard to spot the malicious changes.

Prior to using WinMerge I had noticed by looking at the infected site (actually, a zip archive of the infected site) that the includes/js/tabs folder had grown enormously. When I investigated I saw there were two folders in include/js/tabs, each with a random 32-character name, each containing 2000 files (also with random 32-char names). These files were HTML spam content. Having spotted at least part of the infection made it easier to find a clean backup -- I just had to work back until I got to a backup that did not include those files. That also gave me a time window to focus on when checking access logs and FTP logs.

The total list of affected files was:
New files:
- the two big directories of spam content in includes/js/tabs
- includes/js/tabs/tabpane_rtl.js -- this contained some obfuscated (base 64 encoded) php,
- includes/js/tabs/log.cvs -- this just contained an IP address and the words "YahooExternalCache". Odd!
- testfolder/.htaccess -- this only contained "deny from all". Not sure what that was all about. The directory itself was new too.
- xmlrpc/includes/category.php -- this was a backdoor script, as I learned here: http://redleg-redleg.[URL banned].ca/p/exam ... cript.html

Changed files:
- components/com_user/models/user.php
- includes/framework.php (this one was calling the script in tabpane_rts.js)
- joomla.php
- router.php

I removed all the new stuff and replaced the changed files. I upgraded to J1.5.26 (I had been sitting at 1.5.24) and upgraded JCE as well, since it was flagged on the vulnerable extensions list.

I'm not sure how the hackers got access to the file system, though. The FTP logs show nothing unusual.

Hope that helps someone,

Chris.

User avatar
Slackervaara
Joomla! Guru
Joomla! Guru
Posts: 946
Joined: Sat Aug 13, 2011 6:27 am

Re: Viagra ads appearing in google search results

Post by Slackervaara » Sat Jul 07, 2012 3:25 pm

emanipur,

Instead of inspecting each file you can use MD5 Comparison Tool, which tells which files are changed in the Joomla. Very easy to install and use:
http://extensions.joomla.org/extensions ... ools/15379

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Viagra ads appearing in google search results

Post by PhilD » Mon Jul 09, 2012 5:41 pm

Slackervaara wrote:emanipur,

Instead of inspecting each file you can use MD5 Comparison Tool, which tells which files are changed in the Joomla. Very easy to install and use:
http://extensions.joomla.org/extensions ... ools/15379
That is also a waste of time at this point.

The proper procedure for recovery and future prevention has been posted by mandville. Other procedures are likely a waste of time, effort, and are unlikely to fully recover the site from the hack.

Backups can be useful, but do you really know if the hack methods backdoor was not inserted months ago and already there in the backup you compared to? No, not really, you only know the actual files you found were not there. Some hack backdoors reside on a site for months before the site hack is needed, activated and used. restoring from a "clean archive" may have just restored the backdoor which will await further instruction again at a later date.
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

macmansc
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Fri Jun 25, 2010 4:16 pm

Re: Viagra ads appearing in google search results

Post by macmansc » Thu Jul 12, 2012 7:44 pm

I'm having the same issue. A file called "mod_joomla.php" keeps appearing and by removing it I'm able to get a clean googlebot fetch. However, I'm not sure which extension may cause be causing it and after a few hours it reappears. Anyone else seen this?


Locked

Return to “Security in Joomla! 1.5”