1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Did my sites just get hacked?!?

Discussion in 'Black Hat SEO' started by greggggg, Feb 22, 2012.

  1. greggggg

    greggggg Regular Member

    Joined:
    Apr 24, 2011
    Messages:
    383
    Likes Received:
    21
    So over the weekend I noticed a few weird things with my site. My site dropped in ranking and my htaccess files got messed up. I have about 30 sites on my hosting and 25 of them are wordpress. THe non wordpress sites got their rankings messed up and they ended up losing their ranks. I am still trying to recover from this.


    Then I decided to check it out using unmaskparasite. Everything was clean on my five sites. I then took a look at my wordpress sites and noticed a link on all 25 of my wordpress sites that I did not place.

    This was in the footer of all of my wordpress domains <noscript><a href="http://XXX.luminous-solutions.net">SEO services</a></noscript>

    I checked out their site and noticed they had millions of links pointing to them.
    Obviously with the www instead of xxx. Did I just get hacked? What else could have happened to my sites? What do I need to look out for now?
     
  2. lanbo

    lanbo Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 23, 2009
    Messages:
    3,437
    Likes Received:
    595
    Home Page:
    It was most likely an infected WP plugin.
     
  3. Mountaineer

    Mountaineer Senior Member

    Joined:
    Oct 14, 2011
    Messages:
    912
    Likes Received:
    149
    Which plugins have you installed? It might be because of any infected one since it only happened with your WP sites.
     
  4. resistancee

    resistancee Registered Member

    Joined:
    Jun 22, 2011
    Messages:
    99
    Likes Received:
    40
    Either plugin, theme or malware. Clean your pc first and then speak with your hosts. I have Hostgator an they were very helpful
     
  5. TheMatrix

    TheMatrix BANNED BANNED

    Joined:
    Dec 20, 2008
    Messages:
    3,444
    Likes Received:
    7,279
    Seems like there was a backdoor in a plugin that enabled remote code injection. I suggest you check each plugin manually/or get it checked for any such backdoor. Also, you could try Googling for "plugin name hacked" and see if other people have reported any hacks for the plugin.
     
  6. Subsonic

    Subsonic Regular Member

    Joined:
    Mar 17, 2011
    Messages:
    367
    Likes Received:
    333
    Location:
    DNS root zone database
    And after you have sorted everything out, stop using nulled templates and/or plugins since that's the most obvious reason you have been hacked :)
     
  7. TheMatrix

    TheMatrix BANNED BANNED

    Joined:
    Dec 20, 2008
    Messages:
    3,444
    Likes Received:
    7,279
    Absolutely agreed.

    I once tried Pagelines theme (nulled) and after a month or so, my well ranked site just disappeared. On close inspection, I found that the theme was service sex/porn links to my visitor via obfuscated JS code. I tried to look in the theme files for that code, but couldn't! It was very genius obfuscation!
     
  8. greggggg

    greggggg Regular Member

    Joined:
    Apr 24, 2011
    Messages:
    383
    Likes Received:
    21
    The only one that I am using on all is all in one seo nulled. So that is probably the culprit. How can I see what other damage it did besides just adding the link. I want to make sure I 100% clean this.