JimSouza

I added the 50 after the code you sent didn’t work.

Am afraid to post my money site on public forum. Can I send it to your email?

Here is my update:

The border lines works perfectly.

However the Width reduction did not work at all. Here is what I did:

.tablepress-id-2 {
width:50 auto;
}

Result: My table size/width remain same even when I used ” width:10

I contacted my host, here is the reply:

“Please recreate the sitemap for your website and submit it to Google using Google Webmaster tool. Once this process completed, the issues with the search results should be resolved for your website.”

Could this really resolve the issue?

HERE Is What Is Happening Now!

1) I remove about 47 URLs
2) Few hours after I checked my site indexed in Google
3) The picture looks more gloomy. Only about 17 pages are indexed. Surprisingly almost all pages (except 3 or 4 pages) are either https or error pages. Even the home page not there.

What I Did More

I resubmitted sitemap

I Checked Sites Linking Back To My Sitetimes

1) The hacker site is linking back to me @ 66 times
2) 3 more sites linking in total of 139 times

QUE: Won’t the hacker site which is a 100% cloned of my site, become recognised in search engines?

Hey thanks. Got it now. ??

I found some of the error pages have double domain like these:

1) https://mysite.com/https://mysite.com/site-disclaimer/

2) https://mysite.com/https://mysite.com/side-effect-steroid/%3C/span

Note: I did not add these because I felt it may affect the home page.

Also some normal pages have ( https ) like this: https://mysite.com/dbal-srtrong/

Please what is your advice? Is my belief correct?
Thanks

Lastly do you know of a simple guide about removing indexed (error pages) pages via webmaster tools?

I tried as you suggested but hit a brick wall. And could not get a good instructions.

However I also discovered that my sitemap was returning error page. But was corrected after resubmitting and clicking save settings in wp.

Thanks so much. ??

Appreciate your immense assistance.

Again my apology for this mixed up.

Let state the issue below:

1) Some weeks ago my site was hacked
2) The hacker added a redirect script by https://www.Geolify.com to my site
3) He copied my entire site, VERBATIM. Then hosted the stolen version on a different domain here: https://www.CrazyBodyBuildingSupplements.com
4) Then all my traffic were automatically directed to the hacker’s domain

What I Did To Clean The Site

1) Someone helped me located the Geology.com script and removed it.
2) Few days after I realised that my traffic stopped. All ranking keywords were dropped.
3) It was discovered that hacker has further tampered with my site by ENABLING search engine (Google) NOT to crawl my site. So we corrected that.
4) Someone told me about WordFence and iTheme Security so I installed both
5) I also upgraded to SiteLock for malware detection and removal with my host

More Issues Later

1)After installing both security plugins I was receiving dozens of failed hacking attempts on my site daily.
2) Still my traffic remained almost zero. Then I started receiving those “File Delete/Added/Modify” and I complained to my host.
3) The support guy told me is a “backdoor script” that hackers normally leave behind a hacked site which they use to gain access even when password is changed. He further told me my SiteLock plan will not remove that so I should remove it manually.

I Opened This Thread After The Support Told Me The Above

Howeve with your support here, I’d been able to query my host further and they now confirm there is no problem. See the mail I received yesterday below:
————————-
“Yes, it is a normal process/activity by our default stats program.
The files inside stats folder will get automatically updates each
day according to the visitor statistics of the website files. The
provided reports also the same. No need to worry about these
changes since it is an automatic process.”

Sorry I was not clear enough. SiteLock is from my host, iPage so I bundled the service with my hosting package.

They told me my site has no malware. They also said SiteLock don’t remove “backdoor script an hacker may have added to regain access to a site even when password changed”

That actually inform my being worried that the hacker may still be having access to my site, hence the File Added/Modify/Deletion report I’d receving. Also iTheme Security has a feature that detect Files Change/Delete/Added they claim may be an hacker’s job.

Those two were the reasons for my worry couple with the fact that my site was badly hacked.

But now that you clarified that File Change/Delete/Added is normal I think I should rest.

Did I do any major change? I did not. However I installed both WordFence and iTheme Security after my site was recovered from hacker. Later I deactivated one of them and activated it again.

As per the cache. What do you suggest I do to stop occurrence. Or should leave things as is? I also notice they appearing in my statcounter stat yesterday after I asked Google to recrawl my site (the hacker stopped my site from Google crawl previously)

Hello,

First accept my apology for late response. My PC down am posting from tablet now.

Yes SiteLock report now malware but according to them will not detect or remove ‘backdoor scripts’.

As for cache I will rescan when my PC is okay. So do you suggest I use another cache plugin? If yes which one?

Am not 100% sure but I think iTheme Security is sending the “Files Added. Files Deleted. Files Modified” mails.

NOTE: Yesterday I receive same kind of mail for another site which has no malware issues.

————-

“A file (or files) on your site at: have been changed. Please review the report below to verify changes are not the result of a compromise. Scan Time: Thursday, February 26th 4:49 pm UTC”

Files Added: 6
Files Deleted: 2
Files Modified: 7
Memory Used: 17.1 MB
Files Added
File
Modified
File Hash
htaccess.txt
Friday February 20th, 2015 at 3:13 pm UTC
d573d56b42503d53c60dbc4a9fc4c6b9
stats/access_log_20150225.gz

Thursday February 26th, 2015 at 5:18 am UTC
d0e38658c86cce55c7989639ef9a4181
stats/access_log_20150226.gz

Thursday February 26th, 2015 at 4:19 pm UTC
ba0326959f67fac19a007e840ee39b12
stats/ftp_log_20150226.gz

Thursday February 26th, 2015 at 11:32 am UTC
f8b274e3ae4fdea6ddfd1b07f8e05103
stats/ftp_log_20150225.gz

Wednesday February 25th, 2015 at 10:32 am UTC
2629cf50242d4275da067ed751e83635
GZipNinjaSpeed_install_backup1424944051.htaccess

Thursday February 26th, 2015 at 9:47 am UTC
f9eebf4db43d2e897f9ac82b313a583d
Files Deleted
File
Modified
File Hash
stats/access_log_20150124.gz
Sunday January 25th, 2015 at 5:18 am UTC
6ad13e847bc3ade1f88562767ec021fa
stats/access_log_20150125.gz
Monday January 26th, 2015 at 5:20 am UTC
d636b055dfef097fd86e6f728fd8f209
Files Modified
File
Modified
File Hash
stats/access_log_20150224.gz
Wednesday February 25th, 2015 at 5:20 am UTC
50cc352df0784d1a6682306f9792923e
stats/webalizer.hist
Thursday February 26th, 2015 at 8:25 am UTC
1226829930528d2bfba367dcc16c7bd8
stats/index.html
Thursday February 26th, 2015 at 8:25 am UTC
47e85fb9dcb43a3cf6115f88dc70b14b
stats/cgi_error_log
Thursday February 26th, 2015 at 10:12 am UTC
99ab625206c0305001911d1a66394fc9
stats/webalizer.current
Thursday February 26th, 2015 at 8:25 am UTC
c9e54616646e2c57b4474275009a7a71
stats/usage_201502.html
Thursday February 26th, 2015 at 8:25 am UTC
c2eae6c35eeb0ee838fd08a99c8827da
.htaccess
Wednesday February 25th, 2015 at 2:18 pm UTC
f9eebf4db43d2e897f9ac82b313a583d

Hello,

Appreciate your kindest assistance ??

When I open the WordFence page, I saw a clean bill of health notice below. However I scan it and the 2 codes appeared again.

However I was able to delete the first one, while I continue to receive an error message thus:

“An error occurred”

“Could not delete file wp-content/cache/object/000000/da1/0bc/da10bc9e3c87e50ad4c299d47095decb.php. The error was: unlink(/hermes/bosoraweb122/b1422/ipg.garciniacambogiarevi/wp-content/cache/object/000000/da1/0bc/da10bc9e3c87e50ad4c299d47095decb.php): Permission denied”

Maybe the WordFence is clashing with my host security account I have called SiteLock?

Also I received mails from that someone got an access into my account. However the IP Address are not mine. Could the WordFence be telling me lies?

Am using the “WP Fast Cache” plugin. I clicked on Delete All Cached Url’s

Yes, the long strings of numbers on the end of the link match. They are EXACTLY SAME as the first ones I posted here.

1st:
This file may contain malicious executable code: /hermes/bosoraweb122/b1422/ipg.garciniacambogiarevi/wp-content/cache/object/000000/b0a/a31/b0aa310c0dd5df8fe4f0bb18cba12f03.php

2nd:
This file may contain malicious executable code: /hermes/bosoraweb122/b1422/ipg.garciniacambogiarevi/wp-content/cache/object/000000/da1/0bc/da10bc9e3c87e50ad4c299d47095decb.php

I just finished scanning. It brought out the TWO malicious warning again.

NOTE: Am using the free version of WordFence

Yes 2 files are listed:

———————————–

This file may contain malicious executable code: /hermes/bosoraweb122/b1422/ipg.garciniacambogiarevi/wp-content/cache/object/000000/b0a/a31/b0aa310c0dd5df8fe4f0bb18cba12f03.php

Filename: wp-content/cache/object/000000/b0a/a31/b0aa310c0dd5df8fe4f0bb18cba12f03.php
File type: Not a core, theme or plugin file.
Issue first detected: 1 min ago.
Severity: Critical
Status New

This file is a PHP executable file and contains an eval() function and base64() decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans.

———————————–

This file may contain malicious executable code: /hermes/bosoraweb122/b1422/ipg.garciniacambogiarevi/wp-content/cache/object/000000/da1/0bc/da10bc9e3c87e50ad4c299d47095decb.php

Filename: wp-content/cache/object/000000/da1/0bc/da10bc9e3c87e50ad4c299d47095decb.php
File type: Not a core, theme or plugin file.
Issue first detected: 1 min ago.
Severity: Critical
Status New

This file is a PHP executable file and contains an eval() function and base64() decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans.

I think is iTheme Security has been sending the report. Here is what is written on their website:

“File Change Detection”

“If someone manages to get into your site, they’ll probably add, remove or change a file. Get email alerts showing any file changes so you know if you’ve been hacked.”