HACKED! Scary page showing up in Google Analytics listing

  • mongrel

    (@mongrel)


    8 years ago

    Hey, all!

    Okay, so I’m kind of freaking out. I was looking at my Google Analytics and saw an entry for the page “/?s=secret.?oogle[dot]com” as being a top-visited page on my site. Note the special character in place of the the “g”. This URL is an obvious spam/malware site, and I have no idea where it came from.

    I can’t find this post or pages anywhere on my site greylockglass[dot]com.

    Why is this page showing up? Did someone actually find a way to create a post or page without my knowledge? Might this be part of a hacked plug-in? How do I locate and remove it?

    The only suspicious activity recently is that a registered user that had been dormant for months turned out to be a splogger and had created a bunch of spammy groups in buddy press. I deleted them and him.

    I’d appreciate any help you can offer.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator t-p

    (@t-p)

    Sucuri online check does not show any malware: https://sitecheck.sucuri.net/results/greylockglass.com

    Carefully follow this guide.

    When you’re done, you may want to implement some (if not all) of the recommended security measures.

    aCstudent

    (@acstudent)

    I am sure an expert or two will chime in soon. In the meantime I would not freak out. Looks like the suspicious url is a search results page. May be something you want to block, but not really a hack – at least I don’t thinks so. Sucuri scan does not report anything bad.

    carlosea

    (@carlosea)

    You haven’t been hacked the page is not real, it is Analytics Spam. I just saw it in some of my analytics accounts too.

    To take care of it (and any other spammer of this type) create a valid hostname filter in Google Analytics.

    Hope it helps,

    Thread Starter mongrel

    (@mongrel)

    Thank you SO MUCH, t-p, aCstudent, and carlosea! I can breathe again, after reading your responses and following up on your suggestions. I have been so lucky so far that I panicked the moment I saw something suspicious.

    Best regards—
    mongrel

    jonimueller

    (@jonimueller)

    But you should be using some security plugins anyway. I recommend Wordfence. ??

    carlosea

    (@carlosea)

    Glad to help @mongrel!

    I totally agree @jonimueller, also using a strong password and user (never use the default “admin”) .

    Thread Starter mongrel

    (@mongrel)

    Thanks, Joni! Yes, I found WordFence a few months ago, and I breathe easier every day. Kind of frightening to see the stats on just how many attempts are happening every day, isn’t it?

    And yes, Carlos—amazing how many hack attempts occur by trying the username “admin.” Yet, people still neglect to change it.

    —mongrel

    • This reply was modified 8 years ago by mongrel.
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘HACKED! Scary page showing up in Google Analytics listing’ is closed to new replies.