Replies: 3
Hey there,
we’re having a massive problem with a pharma hack on our site, see link above, there’s tons of spam URLs.
What we know about the maechanics:
It’s diifcult. I would expect the google indexed pages to show manipulated content, at least when accessing them with a Google bot user agent. However, they don’t contain any visible hacked content, nothing visible in source code as well.
However, when there are cached versions of pages available at Google, they will be referrd to pages at lloydspharmacy com.
All links follow the same syntax, /?work=spammyStuff
There are several descriptions available online of wordpress pharmacy hacks, so we searched the code for typical patterns, for eval(* and base64*, for atypical filenames in plugin folders (.cache.php, ext-*.php,), for patterns in the Basel theme (inserting wp-page.php) and in the database (class_generic_support, widget_generic_support, wp_check_hash, rss_*). No matches.
We also asked our provider for a scan and used the Sucuri plugin. No matches.
I’m at a loss here. Any ideas?