1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anybody else been hijacked by google metatags?

Discussion in 'Black Hat SEO' started by raven123, May 20, 2012.

  1. raven123

    raven123 Regular Member

    Joined:
    Jan 18, 2012
    Messages:
    456
    Likes Received:
    278
    Hey guys,

    At around 2AM this morning, when I checked my rankings in google, I saw that my original meta description for the homepage has been changed to some irrelevant iPhone shit. Not only that, but it redirected my site to some iPhone site, after clicking the link in Google for mine.
    Iphone this Iphone that, buy it at the lowest price Irrelevant shit. ​
    I have never seen this text. The only thing I installed was a flags plugin called Flags Widget. So here is what I did:



    1. Uninstalled the plugin
    2. Deleted the plugin
    3. Contacted bluehost who said that my site had only the standard redirects and the problem wasn't host side.
    4. Deactivated all plugins
    5. Cleared cache
    6. Tried again

    Nothing. Its still the same.

    Now here is the real crazy part, as if this wasn't enough already:

    When I open google and find my website ranking in Internet Explorer, the metas are fine. But, in Chrome they ar this iPhone shit. And this isn't only me, I asked some friends to check it from their homes and they see the same thing while on Chrome.

    When I search on Google with the iPhone description, my site ranks #9, and there even my homepage title has been changed to some iphone shit.
    My site has also been deindexed by Bing and Yahoo, I never saw any results from them.

    I have Bulletproof security installed, so a hacking attempt is not very probable

    Guys, this is destroying my business. I hope nobody else is having this nightmare, but in case somebody has any ideas on how to fix this, I would really appreciate it if you shared.
     
  2. nanavlad

    nanavlad Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 2, 2009
    Messages:
    2,420
    Likes Received:
    892
    Gender:
    Male
    Occupation:
    SEO Consultant
    Location:
    Proxy Central
    I have this problem as well.
    Has anybody got a solution
    thanks
     
    • Thanks Thanks x 1
  3. raven123

    raven123 Regular Member

    Joined:
    Jan 18, 2012
    Messages:
    456
    Likes Received:
    278
    I just ran a Virus Total and SECURI checks on my site, which returned nothing. All said it was clean. All my htaccess files have been protected by Bullteproof, so being hacked is out of the question. Oh yes, my password is 21 symbols long.
     
  4. marcolav

    marcolav Newbie

    Joined:
    Jun 6, 2009
    Messages:
    7
    Likes Received:
    1
    Home Page:
    Check you .htaccess , that is what has been hacked most likely and then doing a conditional redirect to whatever crappy site
     
    • Thanks Thanks x 1
  5. Del Girl

    Del Girl Newbie

    Joined:
    May 3, 2012
    Messages:
    26
    Likes Received:
    3
    I had this on Chrome & Explorer too...its some sort of virus, & it affects other peoples sites too. Havent had it on my MACs but have on PCs. Run all the virus tests, & google it (cut & paste URL to prevent the redirect when clicking), & totally uninstall/reinstall the browsers. Dont forget not all anti virus software gets all viruses. Its not google though.
     
    • Thanks Thanks x 1
  6. raven123

    raven123 Regular Member

    Joined:
    Jan 18, 2012
    Messages:
    456
    Likes Received:
    278
    Ok I just ran a test with 10 PCs both on IE and Chrome. All the PCs which are from different countries, different IPs and visit different sites. All the PCs, both on IE and Chrome showed the same shitty description.

    I am now manually checking the htaaccess files, but they have already been secured by BulletProof, as well as back-uped.
     
  7. caspka

    caspka Registered Member

    Joined:
    Oct 13, 2011
    Messages:
    59
    Likes Received:
    19
    You all praise WordPress so much but is no fun when it gets hacked, Get yourself a simple html php site and you'll be fine.
     
    • Thanks Thanks x 4
  8. raven123

    raven123 Regular Member

    Joined:
    Jan 18, 2012
    Messages:
    456
    Likes Received:
    278
    Thanks but Getting a new site isn't an option.

    I am looking for help to save my business. Like I said Bulletproof has all the htaccess files protected.
     
  9. ComputerEngineer

    ComputerEngineer Senior Member

    Joined:
    Apr 25, 2012
    Messages:
    833
    Likes Received:
    70
    This is a standard hack. when they hack they only show hacked content to google robots not real humans.

    So your installation is infected :)

    They might also have made sub-domains that you are not aware.
     
    • Thanks Thanks x 1
  10. caspka

    caspka Registered Member

    Joined:
    Oct 13, 2011
    Messages:
    59
    Likes Received:
    19
    Not a new site, keep the design, and content, but plain html should fix it because you database may be corupted, even if you disable a plugin he still has stuff in the database and he can call JavaScript or so. Or you can wait and search for a magic button and see google pick it as malware & sandbox you to hell.
     
    • Thanks Thanks x 1
  11. raven123

    raven123 Regular Member

    Joined:
    Jan 18, 2012
    Messages:
    456
    Likes Received:
    278
    @ComputerEngineer: Ok this sounds right. How do I go about fixing this? Is there a way to bypass reinstalling wordpress? How do I check for those subdomains?
     
  12. raven123

    raven123 Regular Member

    Joined:
    Jan 18, 2012
    Messages:
    456
    Likes Received:
    278
    @caspka: I ran virus checks on 2ip.ru, seotest DOT com, SECURI, Virus Total and what not, they all showed negative. How do I go about cleanining my database from his code?

    Also, none of the description is in the source code of the site checked from Chrome and Firefox.
     
  13. garrido

    garrido Supreme Member

    Joined:
    Nov 28, 2011
    Messages:
    1,301
    Likes Received:
    341
    Occupation:
    Hacker / Developer
    Location:
    Hackerland
    You must to reinstall everything.
     
    • Thanks Thanks x 1
  14. raven123

    raven123 Regular Member

    Joined:
    Jan 18, 2012
    Messages:
    456
    Likes Received:
    278
    I also forgot to mention that this is only for one keyword and only for my main page. All other posts and keywpords are fine.

    The problem is, this is my main keyword. So when you search for lets say credit card in google, and my site comes up #3. Instead of the normal destription, I get some iPhone stuff. However when you search for credit card in New York, my site comes up #4 and the description is OK.
     
  15. raven123

    raven123 Regular Member

    Joined:
    Jan 18, 2012
    Messages:
    456
    Likes Received:
    278
    Garrido: Is there any way to not do this? I have a lot of posts, plugins and settings. A reinstall will destroy my rankings.
     
  16. ryan-isra

    ryan-isra Junior Member

    Joined:
    Oct 20, 2009
    Messages:
    165
    Likes Received:
    21
    Home Page:
    You'll need to look at it carefully, which line the 'hijack' comes up and find out the related plugins or wordpress
    system files.
     
    • Thanks Thanks x 1
  17. ComputerEngineer

    ComputerEngineer Senior Member

    Joined:
    Apr 25, 2012
    Messages:
    833
    Likes Received:
    70
    If you don't clean infection you will already get destroyed

    Actually i would start from my own computer if i were you. Format your computer and install kaspersky internet security

    then change your web site password and then start working
     
    • Thanks Thanks x 1
  18. raven123

    raven123 Regular Member

    Joined:
    Jan 18, 2012
    Messages:
    456
    Likes Received:
    278
    @ComputerEngineer

    Yes, I agree.

    I already changed the password, its next to impossible to brute force it in less than several days. Its 20 symbols long, letters numbers and symbols. I am changint it now again.

    I searched all the theme files, all the active plugin files, but didn't find anything that looks suspicious.

    Right now the enabled plugins are BUlletproof, Jetpack, Akismet, Meta SEO, All in One, Yoast, BackupWordpress, Social Widget,Wp-no category base.

    Can you please tell me what would you do in this situation? What do you mean by start working?

    I have a backup of the site from a few days before.
     
  19. raven123

    raven123 Regular Member

    Joined:
    Jan 18, 2012
    Messages:
    456
    Likes Received:
    278
    Also, with all the plugins disabled it still shows the same descrprion in google. Doesn't this leave the possibility of a database exploit?
     
  20. ryan-isra

    ryan-isra Junior Member

    Joined:
    Oct 20, 2009
    Messages:
    165
    Likes Received:
    21
    Home Page:
    Does google changing the meta description IMMEDIATELY?

    Take a look on the source code first!
     
    • Thanks Thanks x 1