1. This website uses cookies to improve service and provide a tailored user experience. By using this site, you agree to this use. See our Cookie Policy.
    Dismiss Notice

SEO Technique- Site is Hacked

Discussion in 'Black Hat SEO' started by cycoshas, Feb 9, 2018.

  1. cycoshas

    cycoshas Regular Member

    Joined:
    Jan 2, 2012
    Messages:
    408
    Likes Received:
    104
    My site link - http://iphone-s.com

    Some SEO Person just setup more than 17000 Article on my site. And getting backlink as well as earning from my site

    Content upload Sample - http://iphone-s.com/library/dream-clarify-and-create-what-you-want

    he don't have any access of my site , i don't how's he's install this.

    Same thing happen in previous month , I found a folder " .X1-unix " in hosting folder , i delete it. everything is become fine.
    But Now again this folder appear
    please suggest me permanent Solutions !!
     
  2. yeahhub

    yeahhub Junior Member

    Joined:
    Jun 5, 2017
    Messages:
    154
    Likes Received:
    14
  3. MikeyMikey13

    MikeyMikey13 BANNED BANNED

    Joined:
    May 25, 2014
    Messages:
    2,340
    Likes Received:
    978
    http://iphone-s.com/wp-includes/wp-vcd.php

    OP this is the virus that keeps calling back the scripts.

    Delete this and then delete the code in your /wp-content/themes/your-theme/functions.php - the hacked code will be at the top somewhere.
     
  4. MikeyMikey13

    MikeyMikey13 BANNED BANNED

    Joined:
    May 25, 2014
    Messages:
    2,340
    Likes Received:
    978
    http://iphone-s.com/wp-includes/wp-tmp.php this is another one, I just called the install myself lol.

    Sort this sh't out op
     
    • Thanks Thanks x 1
  5. bllec1998

    bllec1998 Regular Member

    Joined:
    Jan 21, 2018
    Messages:
    221
    Likes Received:
    53
    Gender:
    Male
    It is probably a nulled plugin or theme you installed.

    Something similar happened to me with nulled shopkeeper thrme and it was hard as f*** to remove that redirection hack
     
    • Thanks Thanks x 1
  6. bllec1998

    bllec1998 Regular Member

    Joined:
    Jan 21, 2018
    Messages:
    221
    Likes Received:
    53
    Gender:
    Male
    Can you access wp dashboard?
     
  7. MikeyMikey13

    MikeyMikey13 BANNED BANNED

    Joined:
    May 25, 2014
    Messages:
    2,340
    Likes Received:
    978
    It is simple lol.

    Two files, one I posted above, and remove text from functions.

    There is some text in posts.php too, but you don't need to remove it.
     
    • Thanks Thanks x 1
  8. aidenhera

    aidenhera Elite Member

    Joined:
    Nov 30, 2016
    Messages:
    2,717
    Likes Received:
    706
    Gender:
    Male
    How did you know? O.O
     
  9. cocoholo

    cocoholo Regular Member

    Joined:
    May 4, 2008
    Messages:
    381
    Likes Received:
    234
    Occupation:
    seeker
    Location:
    Earth
    There's nothing wrong with using WordPress. You just have to keep it updated for the patches to void vulnerabilities.

    Usually hackers gain access from nullified theme and plugins, so be careful with that.
    You should always backup often. I use WP Time Capsule, because it's so cool...
     
  10. MikeyMikey13

    MikeyMikey13 BANNED BANNED

    Joined:
    May 25, 2014
    Messages:
    2,340
    Likes Received:
    978
    Had the same problem, installed a nulled plugin and got this issue.

    Took me roughly two minutes to find the new file that keeps changing my files lol.
     
    • Thanks Thanks x 1
  11. aidenhera

    aidenhera Elite Member

    Joined:
    Nov 30, 2016
    Messages:
    2,717
    Likes Received:
    706
    Gender:
    Male
    these are some Charlote Floate techniques
     
    • Thanks Thanks x 1
  12. MikeyMikey13

    MikeyMikey13 BANNED BANNED

    Joined:
    May 25, 2014
    Messages:
    2,340
    Likes Received:
    978
    The guy will be making a killing lol.

    Either links or those ads.
     
  13. redarrow

    redarrow Elite Member

    Joined:
    Apr 1, 2013
    Messages:
    10,213
    Likes Received:
    2,901
    null theme hack just delete the file as advised and then delete the info from the index.php page that activates the file you just deleted.


    then change your wp username and password for security.
     
  14. aidenhera

    aidenhera Elite Member

    Joined:
    Nov 30, 2016
    Messages:
    2,717
    Likes Received:
    706
    Gender:
    Male
    yeah but half of these links are removed quick and target domain marked as spam. my blog was once hacked with nulled and just for one link to unhealthy domain it dropped from first page to second.

    he would be better sending the link juice through shortener like goo.gl or two
     
  15. mapg

    mapg Newbie

    Joined:
    Aug 13, 2017
    Messages:
    42
    Likes Received:
    8
    Gender:
    Male
    You can install the Wordfence plugin and perform a scan.

    This scan will show you which files in your theme are different from the original files (usually this way you can find the malicious code) and repair it.

    It is not a bad idea to pay the wordfence premium subscription for a month. They will clean up everything.
     
  16. MikeyMikey13

    MikeyMikey13 BANNED BANNED

    Joined:
    May 25, 2014
    Messages:
    2,340
    Likes Received:
    978
    This one only activates when you get refereed to the site. i.e don't see when you directly go to the url as the scripts don't load, it is harder to find, I left it on a fe of my pbns. I bet plenty of people have too.
     
    • Thanks Thanks x 1
  17. ThatSEO

    ThatSEO Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2016
    Messages:
    1,299
    Likes Received:
    1,031
    Gender:
    Male
    Occupation:
    Self employed marketing stuff
    Location:
    Sometimes UK
    Also if you’re going to have blatant sponsored posts, I hope you’re adding a no follow tag to the keyword links.

    Hacked site, blatant selling links etc - not the best way to stay under the radar
     
  18. cycoshas

    cycoshas Regular Member

    Joined:
    Jan 2, 2012
    Messages:
    408
    Likes Received:
    104
    First of all Theme is not Nulled , i buy this theme & have license. Also i never shared login credentials of hosting or my wp-site.

    Also i already install Wordfence !!

    Please tell me the tools for finding malicious code in my site , so i can complete scan n remove the Code !!
     
  19. RandomX

    RandomX Jr. VIP Jr. VIP

    Joined:
    Jul 19, 2017
    Messages:
    200
    Likes Received:
    25
    Gender:
    Male
    You can use antimalware plugin to protect your site.
     
  20. Univa

    Univa Jr. VIP Jr. VIP

    Joined:
    Jan 15, 2013
    Messages:
    3,234
    Likes Received:
    1,592
    Gender:
    Male
    Location:
    Basement
    What about plugins are you using any premium nulled plugins?
    Also did you check what MikeyMikey13 posted?
    maybe try contacting some security researcher and see if that can help.