Hi, Just received the below email. The TO address contained all my currently registered email addresses for my domain: Is this email real? My site is a forum with 10k+ pages (6k+ pages indexed in google) but I do monitor it and have never seen a page with spam on it! Cheers .... Gerald.
The e-mail seems to be real. You can see a similar example on matt cutts blog at http://www.mattcutts.com/blog/helping-hacked-sites/
Seems to be real, because you've got some problems: http://www.google.com/search?hl=en&q=zyrtec+site:delphi-php.net If you look into the source of this: http://www.delphi-php.net/category/examples/ you will find a ton of hidden links.
i think the email address was correct. I think if the question is about email address then the from and reply-to must be same. All the way everything is correct in mail.
all the details are correct. Matt cutts has specified always in his blog and interviews with many peoples like he said already in the blog, mattcutts.com/blog/helping-hacked-sites/ now they have improved many techniques and support team so there is lots of chances of get support with Email which you received. Now just take care about Guidelines which they has specified in email. Thanks John
First check to header of mail to see that you received it from Google if it's from Google, Go ahead check all your pages for the above words in database if your query returns go ahead and remove it... otherwise there is possibility that these might have posted by a spammer in athread using some technique and it might have been indexed by Google before the mods had removed it...
Hi, After investigating, the email is ligitimate and my site had been hacked. Someone had managed to copy two files to my blog: zip.php 1.zip Contained in the 1.zip file were .html files containing links to spam sites. They were also able to modify my header.php file to include a hidden section containing these spam links. I have since removed all the spam crap and changed my cpanel/ftp password, I've also changed the permissions on the folder where the files were found to 'read only'. I've just completed Google's online form requesting to be included again in the Google index. The only thing I can think of for them to be able to do this is a brute force password hack which must of taken them a while to do. What other way could they have done it? Cheers .... Gerald.
Well done investigating, my friend's site got the same problem and situation too, that zip file was found on his FTP folder. He's looking now for better web hosting.
Some kind of code/sql injection that would allow a further file upload. Wordpress is not that vulnerable, but one of the plugins might be... You can check if one of these fits: http://securitydot.net/search.php?sch=sch&metaname=all&query=word+press+zip