Hack 302-ing site to anyresults.net

[KenYN]

Someone I know's web site was hacked and chucked out of Google but he claimed to have fixed it recently. However, I noticed when I clicked through from Google Reader I ended up at http://anyresults.net. So, I decided to try this:

Code:

C:\>get -UdS -H "Referer: http://www.google.com" www.debito.org
GET http://anyresults.net/
Referer: http://www.google.com
User-Agent: lwp-request/2.07

GET http://www.debito.org --> 302 Found
GET http://anyresults.net/ --> 200 OK

Anyone familiar with this hack so I can tell him what to do? Google's not very useful at all. BTW, Yahoo! and Live do the same thing.

[mwill]

Yep! I just discovered yesterday that my site www.CoolBrit.net sometimes redirects to anyresults.net in Google search. I'm not sure if I've been tossed out of Google yet but my visitors have dropped dramatically. When I type in CoolBrit.net nothing comes up in Google but when I type in CoolBrit my site is still there

Any solutions for this redirect?

[BuenosAires]

Same thing is happening to me.

My visitors have dropped dramatically over the past week or so.I couldn't work out the problem, as my rankings in Google are still there.

Then a friend just told me that sometimes when he clicks on a link to my site it goes to anyresults.net

Funny thing is, I can access my site fine and never get redirected.

Does anyone have any idea how to combat this?I can't find any kind of redirect in my source code. I use Wordpress. Really very worried...

[wicked9690]

Hey folks,

This a new Wordpress exploit. Had the same thing happen to me last week. if you look here there is a solution:

http://wordpress.org/support/topic/1...=2#post-770581

[clasione]

After many hours of scanning the database and files with no luck, I believe I finally have the solution which is posted on my blog. This is what worked for me in my case: http://clasione.blogspot.com/2008/06...ck-search.html

[rootbinbash]

Yes this is a very big security hole at wordpress.Patch the current wordpress.

[scorechase]

Quote:

Originally Posted by KenYN

Someone I know's web site was hacked and chucked out of Google but he claimed to have fixed it recently. However, I noticed when I clicked through from Google Reader I ended up at http://anyresults.net. So, I decided to try this:

Code:

C:\>get -UdS -H "Referer: http://www.google.com" www.debito.org
GET http://anyresults.net/
Referer: http://www.google.com
User-Agent: lwp-request/2.07

GET http://www.debito.org --> 302 Found
GET http://anyresults.net/ --> 200 OK

Anyone familiar with this hack so I can tell him what to do? Google's not very useful at all. BTW, Yahoo! and Live do the same thing.

Help .. how can I run this get command that you run? I feel my website is hacked as well and want to confirm somehow.

[clasione]

Check your header file as noted here:
http://clasione.blogspot.com/2008/06...ck-search.html

They use a SQL Injection to add code to your header file.