I've been trying to figure this out for a while now. Google Adwords is requiring that we remove malware from my client's website, and we finally got them to send us a list of which URLs are affected.
They listed three .html pages, none of which exist on my client's website because all of them are .php. I think they are URLs from the previous version of the site, which was removed from the server a couple years ago...
Can anybody point me in the right direction to get this resolved for my client?
FYI: hosting is through Fatcow.
Related
So, I have a problem, and this may or may not be the place to ask this question, but I'm doing it anyway - since I've tried everything and nothing works …
Here goes:
I have a tracking script installed on a digital ocean server … it’s called CPVlab. It enables me to track clicks and gives me statistics on the click. What it does is catch info on a user and their behavior and it can rotate landing pages for split testing those landing pages. This is all done through internal redirects on the domain the script is installed on.
Let’s say it’s installed on : tracker.com
Another feature of the script is : I can enter an A record in the DNS I use and call it someothername.com and point it to the IP adres of the tracker.com.
This way, one can use different domains (tracking domains) in order to not have the main installation domain visible. This helps with customizing the look of different marketing campaigns (you don’t want them all to look like : tracker.com/? querystuff)…
So here’s the problem : It all used to work fine without https:// … But after installing letsencrypt (through an easyengine command for bothe tracker.com as well as tracking domains) the explained feature doesn’t work anymore.
When using **http://**someothername.com as an A record pointing to tracker.com, the server shows me a 404 not found status. And when I use a **https://**someothername.com as an A record pointing to the script, it tells me the connection is not secure. This while both domains have https certificates and they work if I put them in the browser direct. (it will show https).
However when I don’t use this tracking domain feature and just use the plain https://tracker.com domain, it works perfectly.
Maybe this question is a bit far out, but does anyone have an idea if this is related to letsencrypt ? I added the certificates through EE a few months ago, and I know EE uses certbot. However I am thinking that this problem may have something to do with letsencrypt not supporting wildcards at the time of install. Maybe this tracking script is designed in some way that the main domain uses the tracking domains as some sort of sub domain ?
Anyone have an idea about this ? I am definately STUCK here…
Thanks, Lex
Two months ago I launched a wordpress website(www). It didn't do so well so I decided to create a subdomain (develop) and create a new site on there.
After completing development I was instructed to copy the files from the sub(develop) over to the main(www)
This worked fine and everything was displaying as it should on the new www site, however.
I've recently installed the facebook-for-woocommerce-1.2.4 on my WordPress shop. When I push my products to facebook they get listed with my develop domain.
From my limited wordpress/woocommerce/facebook knowledge I found that the URL is called via get_home_url(). I've contacted facebook, my ISP and WooCommerce if they know how I can correct this but they couldn't give me the answer.
It's most likely in the database (they said) but I have less knowledge with mySql than PHP. I've clicked through the tables but found nothing.
All my permalinks are set up correctly, unless there is a hidden one I missed.
Can anyone assist me with this?
Look in wp_options table, you will find your site url, home url there. Change that... that's all.
I received email from Google search console saying my website contains social engineering contents. Sample URL is,
http://www.sanenthusiast.com/~stechies/Blessin/ba/index.php
Safety tip For your own safety do not type anything in the page.
Somebody hosted a mockup site of Google drive login page on these links. How to get rid of this? I have thoroughly checked my webserver an I dont see any of these folders or files. Looks likes ~stechies/ could be some other webserver and I guess using Apache they have pointed ~stechies/Blessin/ba/index.php and ~stechies/Blessin/ba/ to my webserver sanenthusiast.com/?
Is this correct? It will be of great help if someone could help to stop this redirection.
I checked who owns stechies and found https://www.stechies.com/ Are they behind this phishing scam? Or possibly someone else has hacked them?
Edit:
Another user in stackoverflow posted similar issue on his site - Someone put malicious code with "~" on my website
Tried all possible ways to mitigate the issue. But it was very hard to get rid of the URL redirect. My site runs on WordPress. I can confirm that WordPress was intact and not compromised. The possible issue is with the hosting account or the hosting provider itself.
Checked hidden file in the hosting account root directory, no where ~stechies/Blessin/ba/ to be seen. Finally I ended up migrating to a new hosting provider. Copied only mail and WordPress backup. Once done, the URL redirect is not working now. Submitted my site again for review and Google cleared the error and no more warning comes up.
This still not a effective solution but Google reporting Social engineering content on the site caused panic and I had very less time to respond.
We have a unified portal which links multiple services through a jQuery tab based interface making use of iframes to display content from different services. Our portal runs on a secure server with HTTPS/SSL. While most of our external services are HTTPS, two of them aren't. Obviously we are aware of the issues with mixed content and we didn't like the idea of having non-https sites within the portal, but we didn't have a choice. Everything was ok until a few days ago when Google updated chrome to version 30, which now silently blocks mixed content.This has created a great number of problems for us. We contacted the external services and asked them if they could upgrade their services to HTTPS and one of them has come back saying they have no plans to do so for the next 2 years.
Obviously this is a problem. We tried getting around the problem by getting this service to open into a new browser window, but this is a rather inelegant workaround which I would like to get rid of, if at all possible. Is there any way that I can use AJAX or PHP to prefetch the page in question and then display it within the portal iframe without Chrome blocking it?
I would be very grateful for any advice at all. I do understand how bad an idea it is to mix secure content with non secure content, but I have no choice in the matter as my manager is adamant that the service have to be a part of the portal.
Thanks in advance.
Regards
Alex
A somewhat simple solution would be to use a reverse proxy. You can configure Apache quite easily to take an HTTPS connection, fetch the requested content from another URL and return it. See mod_proxy. The problem is that the browser will necessarily see a different URL/domain on its part (your reverse proxy), which may or may not cause problems with cookies or hardcoded links.
I made one website xyz.com using php codeigniter framework. This website has modules, so modular extension is used. Now when this website is made live, every link shows index.php. So for this we can use .htaccess for modrewrite command. Till now my knowledge was cool enough. Now when my friend who has good knowledge of SEO saw my website links, he told me that your website will not come above(lower ranks) in google.
His reason is - your every request is pased through index.php. When google crawls your site, it will be redirected again to index.php which is main drawback. As he didnt have much knowledge about codeigniter, he told to fix this index.php issue as soon as possible. So I wanna know
IS HE GIVING A VALID REASON?? if yes...so how can I solve this problem.
Anything related to this issue from your side is also welcomed, as I may not have asked complete question.
Well, after your comment I can say that your friend is wrong. Google bot will never be redirected on the same page (index.php in your case). Of course is not very good that in each page url you have the "index.php" because you are losing important chars which otherwise can be used to put keywords.
Said that, your site will be indexed normally. Infact, many Joomla-based websites have the same behavior as you can see on this website (parlaritaliano.it) which is very well indexed on Google.
Anyway, I advice you to replace (using .htaccess) the index.php in every of your urls because it is better from a SEO point of view. I repeat...better, it does not will cause any Google bot loop.