• Resolved vaughancavca

    (@vaughanwalton)


    A couple of weeks ago, one of the websites I manage was hacked. I think it was a type of URL injection; there were files uploaded into the FTP in a folder, and although it didn’t seem to affect the site, Google had put a “this site may have been hacked” warning in their search results. The hacking has been resolved now, but I’m worried about some issues with Google Analytics.

    Over the past week, there’s suddenly been a huge amount of spammers trying to link to the files that were uploaded during the hack. I gather that I can’t remove or delete specific stats in Analytics to get my data back to normal, but I’m concerned that there’s still something wrong with my site. Scans with Sucuri and firewall plugins haven’t come up with anything malicious. Does anyone know how I can fix this problem?

    Here’s an example of the spam links I’ve been getting: https://s31.postimg.org/ltxlth4qz/spam_links.png

Viewing 6 replies - 1 through 6 (of 6 total)
  • The links might still be out in the wild / registered on google.

    Have you tried doing this in google:

    site:www.yoursite.com
    link:www.yoursite.com

    this gives you all the links google has indexed on your site and all sites that are linking to you.

    To cut the spam down you can always setup a htaccess rule to forward them on if they visit one of the links or series of links e.g. path includes /spqzssysys…

    You could also setup 301 redirects on the folder or each link

    You also have the option to setup a robots file for the folder to no-index.

    If you have not installed Wordfence i’d also suggest giving that a go, find it to be a great security plugin.

    Thread Starter vaughancavca

    (@vaughanwalton)

    I’ve looked at Google, and all the spam links have gone now. I’ll give the Wordfence plugin a go, thanks for the recommendation.

    Another problem has come up with Google Analytics, the number of visitors spiked on a couple of days when the spammers were sending traffic to my site, but the traffic now looks as if it’s stopped, which I know for a fact isn’t the case, as I’ve not had anyone telling me they’ve been unable to access it.

    Here’s whats been happening with the stats: https://s5.postimg.org/uedu1znrr/google_analytics_problems.png

    Well if you go rid of those links then they will redirect to your 404 which will have the GA code on it.

    I expect the spam files did not have your own GA code on there… You might want to build a better picture with logs, do you have AW stats on the server?

    Thread Starter vaughancavca

    (@vaughanwalton)

    I’ve found the AW stats, and they’re showing normal levels of traffic (apart from those two days I mentioned before). Is there any way of getting GA to ignore all the links that redirect to a 404?

    Depends how you have the GA in your theme you could problematically just not include it on the 404.php.

    I know in GA you can create a filter version of the profile but it only starts from the second you create the filter. e.g. it looks like the normal profile just without the 404 (or any other page) or any other criteria really.

    Thread Starter vaughancavca

    (@vaughanwalton)

    OK, thanks for all your help ??

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Aftermath of hacking’ is closed to new replies.