I have recently noticed a few of my sites hosted on my shared plan with Hostgator have dropped their rankings on Google. When I checked further, Googles cache of some of the pages is full of pharmacy links and information. http://209.85.229.132/search?hl=en&source=hp&q=cache:articlespirit.com&aq=f&oq=&aqi= Some of the index pages have been deindexed and some are showing pharmacy text... http://www.google.com/#hl=en&source...shchair.com&aq=f&aqi=&oq=&fp=52e8f388e5caca67 But if you look at the sites or view the source, there is nothing to show that its been hacked or altered. It was only when I checked what Googlebot sees in my Google Webmaster account that I noticed the redirect. ---------------- HTTP/1.1 302 Moved Temporarily Date: Sat, 05 Dec 2009 23:22:32 GMT Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 X-Powered-By: PHP/5.2.9 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=30d6157c76c506bd9a1e7b965f59ae41; path=/ Location: http://easylegaldrugs.com/shabs/Generic_Cialis_Sale.html Content-Length: 741 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html ------------------ These are two of the sites that have the problem. http://www.articlespirit.com http://www.quinnybuzzpushchair.com I'd appreciate if you could offer advice on how to remove the redirect please? I have used this command in ssh but it didn't return any results. find /home/******/public_html -type f -exec grep -l "easylegaldrugs" {} /dev/null \; Thanks!
your site has been compromised Check the htaccess for any redirect also search all your sites php files for word 'easylegaldrugs' with it you will be able to find the malicious code which is doing the redirect you can restore the sites from old backup , change your login credentials and scan your computer for Trojans
Check your .htaccess file as well as check your web pages code and remove any suspicious code you find. They may insert the code in many different ways i.e. iframe code, PHP encoded, JavaScripts code etc. Kailash
From M-Walker There are nothing currently that points to 121.127.81.18 hssp://easylegaldrugs.com: www.quinnybuzzpushchair.com ---------------------------------- Protocol Ip address Reverse lookup Country http 62.216.237.124 United Kingdom http 74.52.165.178 gator376.hostgator.com United States http 8.18.233.11 United States http 74.125.77.102 ew-in-f102.1e100.net United States http 74.125.77.100 ew-in-f100.1e100.net United States http 74.125.77.118 ew-in-f118.1e100.net United States http 74.125.8.164 United States www.articlespirit.com ----------------------- http 74.125.77.156 ew-in-f156.1e100.net United States http 74.125.77.166 ew-in-f166.1e100.net United States http 74.52.165.178 gator376.hostgator.com United States http 8.18.233.11 United States http 66.102.13.138 ez-in-f138.1e100.net United States http 92.123.65.26 a92-123-65-26.deploy.akamaitechnologies.com http 93.184.220.20 http 68.64.128.103 United States http 92.123.65.18 a92-123-65-18.deploy.akamaitechnologies.com
Freakin spammers. Glad you got it sorted out. I had the same thing happen to a wordpress blog. It wasn't a redirect but they were sneaky and inserted all these hidden links on the homepage, which caused the homepage rankings to drop.
Same case with me i got my site dropped from search engines .I just redirected it to www.abc.com from abc.com
The redirect code may be inside a code block that is base64 encoded so that a text search won't find it. Instead of searching for the name of the site that is being redirected to, search your site for "base64_decode" and decode any large blocks you find. The Safe Decode As Text page at http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/SafeDecode.aspx is good.