SQL Injection Attack
Hi, this time I would like to ask about SQL Injection Attack on my website..As you can see, when you search my site on Google, you will see the label “This Sit May Be Compromised”..This is my domain http://www.ohsyok.com
When me finding the solution in internet, the first suggestion begin from to check from my hosting which is from Exabytes Sdn. Bhd. After that, me contacting the Exabyte’s engineer, and ask whether the hosting that me use distributed any malware or malicious software in my hosting that me used. Unfortunately, they check and found no malware or malicious software on my hosting.
After that, the second suggestion is asking my theme’s provider whether got any script which is contain any malware or malicious software that injected on my theme that me used now..How can I check this?
Any suggestion could be appreciated. Thanks.
p/s : Im not say that this theme’s distributed any malware or malicious software, but Im following the suggestion on internet how to fix this. And how they can injected that script on my themes or in my wordpress file. Thanks.
Well, I just checked your site. Have You checked here:
No, not like that, please search my domain at Google Search, and you will see uner my site’s title, “This site maybe compromised”. Google keep send me messages like this :
“Dear owner or webmaster of http://www.ohsyok.com/
We are writing to let you know that some pages from http://www.ohsyok.com/ will be labeled as potentially compromised in our search results. This is because some of your pages contain content which may harm the quality and relevance of our search results. It appears that these pages were created or modified by a third party, who may have hacked all or part of your site. Many times, they will upload files or modify existing ones, which then show up as spam in our index.
The following are some example URLs which exhibit this behavior:
I think there are two problems in what your writing!
Your WordPress Permalinks/slugs been changed so You receive 404 errors.
This just might be solved with this plugin: WCS Custom Permalinks Hotfix
If You are hacked: Backup? Change Your Admin username & password:
Hope You get there 🙂
This answer from Google Staff :
Looking at the headers returned by your site when I request
http:// www . ohsyok . com /wp-admin/zidane-wallpaper
your site does not respond with a 404 Page not found it responds with a 302 temporary redirect to
http:// www . ohsyok . com?s=zidane%20wallpaper&search_404=1
which responds with a 200 success and returns the search page. This setup is going to cause problems with Google. When a user requests a page that does not exist your server should respond with a proper 404. Using your custom search page as the 404 page would be OK as long as you are returning a proper 404.
Also suggest you block the /wp-admin/ from indexing in your robots.txt file.
p/s:anything wrong with my site or themes?Admin
Try replacing the contents of the Graphene theme’s
404.phpfile with the updated codes here: http://graphene.googlecode.com/svn/trunk/graphene/404.php
And then ask the Google staff to check it again. Please post in this forum again when the Google staff responds.
And btw, this is not an SQL injection attack, but merely the server sending a wrong HTTP response status code, so you don’t need to worry about it being a security issue.
- You must be logged in to reply to this topic.