1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My website was hacked using url injection

Discussion in 'Black Hat SEO' started by mogomotsi, May 31, 2016.

  1. mogomotsi

    mogomotsi Registered Member

    Joined:
    Feb 11, 2011
    Messages:
    97
    Likes Received:
    24
    My website was hacked and six pages were url injected. I am a noob when it comes to detecting and identifying such pages as they don't appear on my posts and pages tabs.
    I am asking for help on how i can remove these six pages and remove google blacklist from my website.

    Thanks in advance
     
  2. RuthSam

    RuthSam Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 19, 2010
    Messages:
    3,814
    Likes Received:
    979
    Gender:
    Male
    Home Page:
    What tools have you installed to prevent anyone to do that? is it wordpress you are using?
     
  3. dhslouisville

    dhslouisville Newbie

    Joined:
    Mar 24, 2016
    Messages:
    25
    Likes Received:
    0
    Gender:
    Male
    Location:
    Louisville Kentucky
    How would this happen? I am in the process of developing a website and I do not want this to happen to me.

    What safeguards should I put in place?
     
  4. mogomotsi

    mogomotsi Registered Member

    Joined:
    Feb 11, 2011
    Messages:
    97
    Likes Received:
    24
    I use wordpress. I have installed sucuri plug in to harden my blog. I can upload the sucuri website results if that will help.
     
  5. mogomotsi

    mogomotsi Registered Member

    Joined:
    Feb 11, 2011
    Messages:
    97
    Likes Received:
    24
    [​IMG]

    I can use Sucuri to clean my website but i don't have money to buy the subscription. Please anyone who can help me with removing the url injected pages is welcome.
     
  6. mogomotsi

    mogomotsi Registered Member

    Joined:
    Feb 11, 2011
    Messages:
    97
    Likes Received:
    24
    This happens due to malicious users hacking your website and using it to inject content that spreads malware. Knowing about this myself today and i hope it never happens to anyone. I am waiting for someone who knows Wordpress to help me identify such pages and help me remove them.
     
  7. RuthSam

    RuthSam Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 19, 2010
    Messages:
    3,814
    Likes Received:
    979
    Gender:
    Male
    Home Page:
    Well, if you are a paying member at SUCURI you can get them to fix your website! Also if you are not yet a customer of theirs you can become a member and they will try restore your site.. they are actually good at it.
     
  8. Conor

    Conor Elite Member

    Joined:
    Nov 7, 2012
    Messages:
    3,578
    Likes Received:
    5,959
    Gender:
    Male
    Location:
    South Africa
    Home Page:
    These should help:
    To remove malware: https://wordpress.org/plugins/gotmls/
    For security: https://wordpress.org/plugins/better-wp-security/
     
    • Thanks Thanks x 1
  9. v1rus4

    v1rus4 Newbie

    Joined:
    Apr 9, 2016
    Messages:
    7
    Likes Received:
    0
    You can PM me
    I'll try to help you detect
     
  10. sweguy

    sweguy Regular Member

    Joined:
    Jan 6, 2014
    Messages:
    291
    Likes Received:
    65
    Location:
    top of Mt.Alpen
    This is a very hard type to remove. They inject stuff inside wordpress core files as well.

    If you have shell access you can try search in all files for "eval(" and $GLOBAL and am sure you will get many hits of infected files. But its better to let someone who know this kind of stuff do it. Cause if you remove wrong file or edit it wrong site might not work.

    If you have an old backup i would suggest to use that and wipe the old site.
     
  11. mogomotsi

    mogomotsi Registered Member

    Joined:
    Feb 11, 2011
    Messages:
    97
    Likes Received:
    24
    I am not a member of sucuri. I cant afford to buy the membership since i am on low budget. Thanks
     
  12. ignotus

    ignotus Junior Member

    Joined:
    Oct 10, 2014
    Messages:
    119
    Likes Received:
    30
    If scanners wont work or remove it, with wordpress it might be easier to backup everything, including mysql, themesettings, plugin settings, all that.

    Delete all the files including wordpress files in the main directory
    download updated version of wordpress and install it.
    Restore theme settings, plugins.
    They probably got in with a plugin so maybe try downloading plugins again from a trusted source.
    Then do appropriate steps to secure site.
     
  13. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,316
    Likes Received:
    8,015
    back up your site, export your posts, back up your theme, reload wordpress, install theme, import posts and then just add back any customizations you made to theme, add back settings, add back uploads folder (But check for suspicious files), then you should be good to go.
    To prevent the issue from occuring in the future I recommend wordfence - even the free version is good enough.
     
  14. dugixxl

    dugixxl Registered Member

    Joined:
    Jul 22, 2011
    Messages:
    51
    Likes Received:
    1
    download new version of your wp theme and then overwrite all files with new one. Before that, you must identify how this malware infected your site. Check all plugins, probably one of them is the reason. In my case, reason was one old adsense insert plugin.