Fixing URL injection

  • Hi everyone,
    My website was recently the victim of a URL injection. I removed the suspected files and now my site appears to be clean. However I am receiving a lot of visits to non-existent pages, i.e.

    website-url.com/url_injection_folder/url_injection.php?vkep=nonsense_keywords

    I changed my robots.txt file to disallow visits to the specific folder, but am not sure if this is working

    User-agent: *
    Disallow: /url_injection_folder

    Is there anything else I need to do or can do?

    Thanks for the help

Viewing 11 replies - 1 through 11 (of 11 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    robots.txt does not stop visits to those pages. It just tells well-behaving search engines not to go there. You might want to use a redirect in .htaccess to send people to your home page with a 301 redirect.

    RewriteRule ^subdirectory/(.*)$ / [R=301,NC,L]

    at the top of your .htaccess file

    Thread Starter rickysmithy

    (@rickysmithy)

    Hi Steve,

    Thanks for the quick response!
    Should I still be concerned that bots are visiting the spam pages, even though the URL injection has been removed from the site?

    Cheers

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Nope.

    Are you using a security plugin like WordFence to help secure your site? If not, might be a good idea.

    Thread Starter rickysmithy

    (@rickysmithy)

    Yip, and I have run a number of scans as well.
    I still get these types of views after adding the code. Is there anything I can do about this?

    https://ibb.co/dvHxLc

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    It’s just a bot. Ignore it.

    Thread Starter rickysmithy

    (@rickysmithy)

    Great! Thanks for the help Steve, much appreciated!

    Hi,
    As an additional suggestion and if in doubts you should get you site scanned using some security tool or an expert.
    These scanning results in vulnerability report and then you can apply patches to make it more safe.

    Thanks,
    Satish

    Thread Starter rickysmithy

    (@rickysmithy)

    Hi Satish,

    I have run scans with Wordfence, Sucuri, Anti-malware GOTMLS and Quttera and the scans return no infected files. Is there anything else I should be looking for or using? I am no longer getting crawling bots viewing the URL injection redirects according to live traffic on Wordfence, so I assume it has been fixed.

    Cheers

    Thread Starter rickysmithy

    (@rickysmithy)

    Hi there,

    I am still receiving visits from bots, that look like this…

    website-url.com/?vkep=watch-live-sports-streaming-online-free

    Is this a concern?

    Thank you

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    I get hundreds of bot hits a day. Wordfence just keeps sending them away. I ignore them.

    Thread Starter rickysmithy

    (@rickysmithy)

    I see, so the code you provided sends the bot back to the home page, but what is the intention of the bot given the random keyword phrases?

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Fixing URL injection’ is closed to new replies.