Website may have been compromised?

  • Hello, longtime fan and user of WordPress, but I’ve come across an issue with my site that I hope to be able to figure out with your help.

    I currently run a site with its own domain, and have done so for almost four years. This is the first time I have used WordPress for one of my sites, and have liked the look and ease of it. I have a few widgets for statistics and Twitter use, but came across something interesting in the last week.

    When I have an article or review on my site of interest to my Facebook followers, I will post a direct link. It will show a graphic or logo, along with a brief description of what the link is. When I press enter, people who see my latest post have the option to click the link. This is not the issue at hand. My site has a listing for categories, so if someone wants to see nothing but “blogs”, “music reviews”, “videos” or whatever it is, they will see everything that was tagged. However, when I post a link to a specific category page, the link to my site doesn’t show up. Instead, it’s a link to sellers in Canada and India selling ED pills.

    For example, let’s say this is a category on my site:
    ***.domain.com/category/blogs/

    If I use that link, with my domain, in FB before I post it, it will show links to ED pills. However, if you are on my site and directly click the “blogs” category, you will go to a page showing everything with blog listings.

    One page suggested I do a search on Google with “site:” and my domain. I found that a number of pages on my site are listed as those that may be compromised, while others go to their intended targets.

    Someone on FB suggested that perhaps the main theme I use has been compromised, or maybe an unused one (I’ve only used one in the life of my site). I don’t know if it has to do with one of the widgets I use. Any help would be appreciated.

Viewing 9 replies - 1 through 9 (of 9 total)

  • Please post your site URL

    Thread Starter thisisjohnbook

    (@thisisjohnbook)

    Sure:
    https://www.thisisbooksmusic.com

    No, Your site is not infected or hacked. Possibly, it may have been before updating WordPress. The new software if successfully installed, remove all such problems. What other problems do you face?

    See this report for your site for the past 90 days.

    This link appears as the second item on the first page of Google SERP, and there is a warning plus other things as you mentioned.
    https://www.thisisbooksmusic.com/category/music-news/record-crack/. I have just clicked it and it goes to your own site. Just click and see. Then report back so that I can tell you if some rogue sites are redirecting your site or not.

    Update: Yes, some of your links are being redirected to other sites. Can you check your .htaccess file

    Most of the links in this page https://www.thisisbooksmusic.com/2008/12/15/ are being redirected to other sites.

    Thread Starter thisisjohnbook

    (@thisisjohnbook)

    I decided to reinstall the theme I’m using for my site, so WordPress is up to date once again.

    I’m in the FTP, and it states the .htaccess file was last updated on January 19, 2012. Reading the file itself, it states this:

    ===
    # Use PHP5 as default
    AddHandler application/x-httpd-php5 .php

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress
    ===

    This is the first time I’ve dealt with .htaccess files. Is there anything here that would make it redirect? Is there more than one .htaccess within a full directory of a site? Can this file be removed if need be? I have not changed anything, I simply read the file.

    The redirect to other sites in a few of the tags and/or directories has been the only problem I’ve had. Never had an issue with anything on WordPress until this, so other than that, everything is working smoothly.

    You see some of the links of your site redirected from your site here.

    This seems to be strange, because most of the security tools do not show up any SPAM links or other problems. Anyway, you have to look for strange looking files in your directory, and possibly reinstall WordPress and tighten security. Change your passwords (FTP, host login, database, etc) immediately. After that you can start the cleanup.

    Also, revert to TwentyEleven theme immediately and remove your current theme. I have strong suspicion that the problem can the theme. You can install the plugin TAC (Theme Authenticity Checker) and scan your themes. It will show up spam links and other problems like harmful Base64 encoding, etc.

    Thread Starter thisisjohnbook

    (@thisisjohnbook)

    I will change PW’s all around. I will see how it is and if there are any further issues, I will come back.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Website may have been compromised?’ is closed to new replies.