Page 1 of 1

"This site may be hacked"

Posted: Mon Oct 29, 2018 8:19 pm
by KembleSteve2
Like many web managers, I find myself being labelled as having a site which is open to hacking.
I cannot disagree with Google on this, as they show me several URLs which are obviously not of my making.
So thanks Google, but my problem is how to find where these rogue URLs actually lie within my joomla code.
So for example, one of the example is something like...
http://kemble.co.uk/hgrc8yh/6u461ck.php ... video-rude
(I have changed a couple of characters, to protect the actual location)
As I can find no files containing any of these strings, I suspect it is tied up somewhere in the SQL database, but there again, I cannot seem to find anything to help me there either, allowing me to delete the hacked data.
Can anyone help?
Steve

Re: "This site may be hacked"

Posted: Mon Oct 29, 2018 8:36 pm
by sozzled
KembleSteve2 wrote:
Mon Oct 29, 2018 8:19 pm
Like many web managers, I find myself being labelled as having a site which is open to hacking. I cannot disagree with Google on this, as they show me several URLs which are obviously not of my making.
Yeah, these things happen. And, while you may not be able to argue with Google, many of these instances of rogue/unexplained URL references finding their way into Googles index may be the result of referrer (or ghost) spam.

If you've satisfied yourself that the URLs that Google has "complained about" are non-existent, then request Google to do a site review. It may be an idea to do some background reading about referrer spam; for example, https://www.google.com/search?q=%22who% ... site%3F%22

Re: "This site may be hacked"

Posted: Thu Nov 08, 2018 10:09 pm
by KembleSteve2
Many thanks for getting back to me "sozzled". I have only just picked up your reply as I assumed (being a new forum user) that I would get emailed if I had a response - I guess not.
Anyway, the problem I have is that I do believe the URL could be real, I just cannot see how to interpret it's contents, as it is obviously not as simple as following a link, as if it were a file in a directory structure.
Most of the examples are labelled as "redirected" - I guess some form of forwarding.

e.g.
This URL redirected to:

Code: Select all

https://www.kemble.co.ukuhs91sl/7dnqwko.php?oeuyrilfj=mat-card-height
I guess the different elements of the URL are in some way decoded by the SQL database, but even there I cannot find where I need to delete it before getting back to Google to plead my case.
Anyway, I will follow your link, and see if it helps.
Thanks again. Steve.

Re: "This site may be hacked"

Posted: Fri Nov 16, 2018 12:18 pm
by KembleSteve2
Ref the comments "Joomla forum is about Joomla CMS. Linking to your website that is not a Joomla website or a Joomla related website may be considered as spam, and may be banned and reported to stopforumspam.com and Google."

This site, www.kemble.co.uk is a full Joomla CMS site, so am surprised at the implication that it is anything other.
I was hoping that the knowledgeable members might be able to help with a genuine problem which I would imagine must be of real concern to others in a similar situation.

Re: "This site may be hacked"

Posted: Fri Nov 16, 2018 11:53 pm
by AMurray
KembleSteve2 wrote:Many thanks for getting back to me "sozzled". I have only just picked up your reply as I assumed (being a new forum user) that I would get emailed if I had a response - I guess not.
You can subscribe to receive notification by email of responses in the forum - but you need to "opt-in" to that. Edit your profile, the options are there. There's an option in the 'Board Preferences' in your profile area "Notify me upon replies by default: (Yes/No)."