Virus Injection when GoogleBot accesses website - Also using GoogleFetch or Curl
- Posts: 1
- Thank you received: 0
- Home
- /
- Forum
- /
- Securitycheck
- /
- Bug report
- /
- 4540 High Level Malware after 3.9.4 updgrade
- Forum
- Security
- Joomla Security
- Virus Injection when GoogleBot accesses website - Also using GoogleFetch or Curl
Virus Injection when GoogleBot accesses website - Also using GoogleFetch or Curl
- it.systems.ltd
-
Topic Author
- Offline
- Fresh Boarder
-
Less
More
4 years 2 weeks ago #3694
by it.systems.ltd
Virus Injection when GoogleBot accesses website - Also using GoogleFetch or Curl was created by it.systems.ltd
Hello,
Malware Links are ONLY being injected into the pages of the website when it is accessed by GoogleBot.
So, Google is showing the website as "This Site May Be Hacked" underneath the link to the site.
When the page is displayed from the browser and I view the source the Malware Links are NOT showing.
I purchased Security Check Pro to find out where the infected files are located on my website; but when I run the scans it shows that all is OK. Is there something that I am doing wrong? Please advise.
Also...Under System Info it shows the following (but I'm not sure how to fix the problems):
Prevent access to .ht files
1 problem(s) found :
More Info
◦ Prevent Unauthorized Directory Browsing
1 problem(s) found :
More Info
◦ Protect against file injection attacks
1 problem(s) found :
More Info
◦ Protect against attacks using the /proc/self/environ method
1 problem(s) found :
More Info
◦ X-Frame Options
1 problem(s) found :
More Info
◦ Prevents 'mime' based attacks
1 problem(s) found :
More Info
◦ Use default banned user-agents list
1 problem(s) found :
More Info
◦ Disable server signature
1 problem(s) found :
More Info
◦ Disallow PHP Easter Eggs
1 problem(s) found :
More Info
◦ Disallow Access to Sensible Files
1 problem(s) found :
Below is a sample of what is being seen by GoogleBot; I used the curl command to view this:
<a href=http://okouchikobo.net/inyr/kutipan-pidato-ahok-di-pulau-seribu.html>wz, zk, lz, xb, k6, bu, jt, qi, jd, nw
Thank you!!!
Malware Links are ONLY being injected into the pages of the website when it is accessed by GoogleBot.
So, Google is showing the website as "This Site May Be Hacked" underneath the link to the site.
When the page is displayed from the browser and I view the source the Malware Links are NOT showing.
I purchased Security Check Pro to find out where the infected files are located on my website; but when I run the scans it shows that all is OK. Is there something that I am doing wrong? Please advise.
Also...Under System Info it shows the following (but I'm not sure how to fix the problems):
Prevent access to .ht files
1 problem(s) found :
More Info
◦ Prevent Unauthorized Directory Browsing
1 problem(s) found :
More Info
◦ Protect against file injection attacks
1 problem(s) found :
More Info
◦ Protect against attacks using the /proc/self/environ method
1 problem(s) found :
More Info
◦ X-Frame Options
1 problem(s) found :
More Info
◦ Prevents 'mime' based attacks
1 problem(s) found :
More Info
◦ Use default banned user-agents list
1 problem(s) found :
More Info
◦ Disable server signature
1 problem(s) found :
More Info
◦ Disallow PHP Easter Eggs
1 problem(s) found :
More Info
◦ Disallow Access to Sensible Files
1 problem(s) found :
Below is a sample of what is being seen by GoogleBot; I used the curl command to view this:
<a href=http://okouchikobo.net/inyr/kutipan-pidato-ahok-di-pulau-seribu.html>wz, zk, lz, xb, k6, bu, jt, qi, jd, nw
Thank you!!!
Please Log in or Create an account to join the conversation.
- Jose
-
- Offline
- Moderator
-
Less
More
- Posts: 4050
- Karma: 25
- Thank you received: 314
4 years 2 weeks ago #3696
by Jose
Replied by Jose on topic Virus Injection when GoogleBot accesses website - Also using GoogleFetch or Curl
Hi Michael,
Thank you very much for your confidence in my extensions!
This seems to be a Blackhat SEO attack; by default the malware scanner only looks for known patterns in files modified a week ago. To change this behavior, go to global Configuration --> malware scanner and set Timeline to 10000 and also enable the deep scan. This will scaan the entire filesystem looking also for suspicious patterns.
Regards,
Jose
Thank you very much for your confidence in my extensions!
This seems to be a Blackhat SEO attack; by default the malware scanner only looks for known patterns in files modified a week ago. To change this behavior, go to global Configuration --> malware scanner and set Timeline to 10000 and also enable the deep scan. This will scaan the entire filesystem looking also for suspicious patterns.
All those settings are related to the .htaccess protection feature. Just enable desired settings into this option and click on the "Apply" button. settings will be addded to current .htaccess.Also...Under System Info it shows the following (but I'm not sure how to fix the problems):
Regards,
Jose
Please Log in or Create an account to join the conversation.
- Forum
- Security
- Joomla Security
- Virus Injection when GoogleBot accesses website - Also using GoogleFetch or Curl
Time to create page: 0.070 seconds