Account Options

  1. Sign in
The old Google Groups will be going away soon.
Switch to the new Google Groups.
Google Groups Home
« Groups Home
Google Webmaster Help
Home
About this group
Join this group
Message from discussion Our Google Listing Hijacked!
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Berghausen Google employee  
View profile  
 More options Jan 25 2008, 2:16 pm
From: Berghausen
Date: Fri, 25 Jan 2008 11:16:40 -0800 (PST)
Local: Fri, Jan 25 2008 2:16 pm
Subject: Re: Our Google Listing Hijacked!
Print | View thread | Report this message | Find messages by this author
Hi, geek-

Your situation is very unfortunate, though not uncommon.  I'm sorry it
had to happen to the geeks from such a good town.  I've have a soft
spot for Denver since I spent a vacation there shopping at Cherry
Creek and exploring the downtown nightlife with some friends who were
at DU for college and grad school.

The bad news is that it looks like JLH is right, you've been hacked,
and visitors from our search results are being redirected to a malware
distributor.

Although I cannot tell specifically how you were script-injected or
where the script that's doing the redirection is located, here are
some general pointers for cleaning up:

 - You're running Apache.  Check all your .htaccess files for code
that doesn't belong there.  Get rid of it.
 - Look for scripts [usually php] that you did not write.  Get rid of
those, if you can.  Sometimes permissions get hacked in unfriendly
ways, so you may need to contact your host for help.  Make sure to
look for hidden files and files whose names start with ., too.
 - Call your webhost and have them check the directories above your
site for sketchy files if you are on virtual hosting.
 - If you are running a CMS, image gallery, forum, or any other open
source CGI application on your site, make sure it's up to date.
Hackers often take advantage of known security holes in open source
software by attacking sites that have not kept their CMS up to date.
 - You're also running cpanel.  Have your host make sure it too is up-
to-date.  cPanel hacks can be nigh impossible to clean up with normal
login permissions, so you will almost assuredly need your host's help
to get rid of the injected scripts if this is the case.

That being said--best of luck!  I hope the short bout of "warm"
weather (well, 40's is warm for winter in Denver) can keep you cheery
as you take this on.

-Bergy

PS. Goodness, JLH and Abracadabra just posted in the time it took me
to draft this.  Thanks for helping, guys.  Nobody likes being hacked--
hearing the voice of experience is much appreciated.

On Jan 25, 9:10 am, geek wrote:

> Hello JLH,

> THANK YOU so much for such quick response. Sorry - not! I am very
> hopeful to hear that it is not the problem described in that link...

> Do you know where I can find some instructions to fix the problem?

> Would re-building my site from scratch solve the problem, or is it
> something happening above that directory where this site is located on
> my hosted server?

> What measures can I take to prevent this from happening in the future?

> Best regards

> On Jan 25, 1:39 am, JLH wrote:

> > It's not a 302 hijacking.  Sorry.

> > Your site has probably been hacked.

> > If you use a firefox add-on likehttps://addons.mozilla.org/en-US/firefox/addon/953
> > and change the referer when visiting your site to something from
> > Google ( I used  http://www.google.com/search?q=site%3Adenvergeeks.com)
> > every time you load up a page on your site you will be redirected to
> > the offending site.  It has nothing to do with Google or a 302
> > hijacking.

> > My guess is that you didn't intend for this to happen and that your
> > site has some security holes in it and someone has injected some code
> > into it.

> > There are many different hacks, but this is just one explanation,http://johnmu.com/hack-hidden-redirect/

> > On Jan 25, 1:31 am, geek wrote:

> > > This page describes exactly how the link in our Google listing (http://
> > > denvergeeks.com)has been hijacked:

> > >http://clsc.net/research/google-302-page-hijack.htm

> > > We are a computer repair company, yet our url is being redirected to a
> > > site that is infecting computers! It is devastating to us.

> > > I filed a spam report with Google more than two months ago, but no
> > > response has been received to date.

> > > Can anyone help?- Hide quoted text -

> > - Show quoted text -


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google