Anyone else getting massive “To66.Asia” content injection hacks?

  • Someone started abusing the WordPress search function (it would seem) and is creating URLS like [ URLs redacted ]

    In the past 2 months I now have 12K URLs like this (and they can be /?s- or /?n= or almost anything). If you try to go to the URL it doesn’t actually exist, and I also have a plugin that appends “noindex” to all search-oriented URLS and the like, so Google Search Console is telling me that I have around 12K of these kinds of URLs, always with the [ URLs redacted ] in the URL (and even sometimes the initialism “SEO” in them. It’s totally bizarre, and the only information I can find about it is this post in the google support forums here:?https://support.google.com/webmasters/thread/220613816/spam-urls-is-search-console?hl=en

    Fortunately, they aren’t being indexed by google as they are set to “noindex” by my security features (even though they don’t exist. But it’s insane watching the number of URLS keep going up every day).

    Also, if you do a search for To66.Asia in google you can see how many sites this person or persons is doing this to. Has anyone else noticed this in GSC or in general that got indexed? And any idea how to stop it? Thanks for any help.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Please don’t share URLs here like that again. It does not help you, it does not help others.

    Please remain calm and give this a good read.

    https://www.ads-software.com/support/article/faq-my-site-was-hacked/

    When you have successfully deloused your site then consider giving this a read too.

    https://www.ads-software.com/support/article/hardening-wordpress/

    Thread Starter war3rd

    (@war3rd)

    Well that’s the weird thing. I can’t find any of these pages or even the “To66.Asia” on the database. So I’m scratching my head like crazy about this. It’s as though if they existed, they vanished immediately. And all my google-fu comes up with is that one post on the google support forum mentioning it, and a bajillion pages (when I do a google search) that *do* have this junk in their title. Going to the site securely shows it’s just an ad for an SEO service, so it may be a trick to see if people will look it up and find their page, but I just haven’t figured out how they are doing this and how google can find 12K URLS with the domain in a URL, but the URL doesn’t actually exist.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    So, suppose your site is example.com and you’re using Google to record page hits. If I go to “https://example.com/somesortofjunk”, I’ll get a 404 from your site but it will record a hit on Google. So, really, “noindex” on a 404 is about all you can do. The rest is out of your control.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Anyone else getting massive “To66.Asia” content injection hacks?’ is closed to new replies.