Menu
  1. Forum
  3. Security
  5. Joomla Security
  7. Virus Injection when GoogleBot accesses website - Also using GoogleFetch or Curl

Topic-icon Virus Injection when GoogleBot accesses website - Also using GoogleFetch or Curl

  • it.systems.ltd
  • it.systems.ltd's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 years 9 months ago #3694 by it.systems.ltd
Virus Injection when GoogleBot accesses website - Also using GoogleFetch or Curl was created by it.systems.ltd
Hello,

Malware Links are ONLY being injected into the pages of the website when it is accessed by GoogleBot.
So, Google is showing the website as "This Site May Be Hacked" underneath the link to the site.

When the page is displayed from the browser and I view the source the Malware Links are NOT showing.

I purchased Security Check Pro to find out where the infected files are located on my website; but when I run the scans it shows that all is OK. Is there something that I am doing wrong? Please advise.

Also...Under System Info it shows the following (but I'm not sure how to fix the problems):

Prevent access to .ht files
1 problem(s) found :

More Info
◦ Prevent Unauthorized Directory Browsing
1 problem(s) found :

More Info
◦ Protect against file injection attacks
1 problem(s) found :

More Info
◦ Protect against attacks using the /proc/self/environ method
1 problem(s) found :

More Info
◦ X-Frame Options
1 problem(s) found :

More Info
◦ Prevents 'mime' based attacks
1 problem(s) found :

More Info
◦ Use default banned user-agents list
1 problem(s) found :

More Info
◦ Disable server signature
1 problem(s) found :

More Info
◦ Disallow PHP Easter Eggs
1 problem(s) found :

More Info
◦ Disallow Access to Sensible Files
1 problem(s) found :


Below is a sample of what is being seen by GoogleBot; I used the curl command to view this:

<a href=http://okouchikobo.net/inyr/kutipan-pidato-ahok-di-pulau-seribu.html>wz</a>, <a href=http://tosport.nl/qel0qo/proposal-pgri-guru-2016.html>zk</a>, <a href=http://sandrahalllaw.com/hi5on/domenica-6-novembre-salmo.html>lz</a>, <a href=http://royalwoods.ru/ljgflk9/debat-dina-diskusi-bahasa-sunda.html>xb</a>, <a href=http://xn--42-plcq9c.xn--p1ai/qvw3l21/campusen-sn-orientations-2016.html>k6</a>, <a href=http://gymbam.co.uk/cpr70e2/lirik-lagu-ingin-jumpa-ost-anugr.html>bu</a>, <a href=http://heyduk.net/jlveup/new-pallapa-antara-cin.html>jt</a>, <a href=http://revitol-skin-tag-removal.com/jccxpb/el-peluche-de-ozuna.html>qi</a>, <a href=http://monsterstudiophones.com/neoz/nivi-estephan-nua-playboy.html>jd</a>, <a href=http://hamza.work/bgtciatj/miraculous-as-aventuras-de-ladybug-tp-1-ep-7-completo-dublado-super-animes.html>nw</a>

Thank you!!!

Please Log in or Create an account to join the conversation.

More
2 years 9 months ago #3696 by Jose
Replied by Jose on topic Virus Injection when GoogleBot accesses website - Also using GoogleFetch or Curl
Hi Michael,

Thank you very much for your confidence in my extensions!

This seems to be a Blackhat SEO attack; by default the malware scanner only looks for known patterns in files modified a week ago. To change this behavior, go to global Configuration --> malware scanner and set Timeline to 10000 and also enable the deep scan. This will scaan the entire filesystem looking also for suspicious patterns.

Also...Under System Info it shows the following (but I'm not sure how to fix the problems):

All those settings are related to the .htaccess protection feature. Just enable desired settings into this option and click on the "Apply" button. settings will be addded to current .htaccess.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  1. Forum
  3. Security
  5. Joomla Security
  7. Virus Injection when GoogleBot accesses website - Also using GoogleFetch or Curl
Time to create page: 0.066 seconds
Powered by Kunena Forum

In order to provide you with the best online experience this website uses cookies.

By using our website, you agree to our use of cookies.

I agree

Login or Sign In