

Adderall spam pages on my website? - klbarry

Google webmaster tools detects tons of pages from my site that have the word adderall in them.<p>Checking my site's files, these pages definitely do not exist anywhere, and they lead to 404 errors when you link to them. Any idea how to fix this?<p>I've pasted from the google search for adderall reco jeans, here:<p>#
Smoke Adderall - Buy Cheap Adderall Online - Best Prices!!!
IF YOU MISS A DOSE OF THIS Adderall Medication take it as. Possible for my Internet DOSE OF THIS Adderall for Schedule II Substances Schedule II substances ...
www.recojeans.com/shop/adderall-52.html - Cached
#<p>Adderall Overdose - Buy Cheap Adderall Online - Best Prices!!!
Attention Deficit Disorder medication DOSE OF THIS Adderall Medication take ...
www.recojeans.com/shop/adderall-65.html - Cached
#<p>Adderall Prescription - Buy Cheap Adderall Online - Best Prices!!!
Adderall XR webpage entitled DOSE OF THIS Adderall in adolescence was ...
www.recojeans.com/shop/adderall-70.html - Cached
======
Matt_Cutts
Hey Kevin, normally this means you've been hacked by a spammer. Often the
spammers do sneaky things like return a spam page if you have a google.com
referrer (e.g. if you click on search result on Google). Meanwhile, they might
return a 404 if you enter the url directly in the address bar.

The first place I'd check is your .htaccess file--that's a common place where
the hackers hide stuff. Also check for new/recently-added files in your
directory. Some WordPress hackers will go so far as to inject malicious code
straight into the WP database.

One tool you can use is a feature from google.com/webmasters called "Fetch as
Googlebot." Once you prove that you own the site, you can tell Google to fetch
your page and you'll see exactly what we see. This is a great way to tell if
you've really cleaned out the hacks.

Another tool is our automatic url removal tool, also at google.com/webmasters
. You can block a url in robots.txt and then use that tool to remove that page
from Google's index.

If you've gotten everything, then the pages should start to leave Google's
index after a few days. The hackers can be quite smart though, and if they
compromise your webhost then it's even more painful to scrape them off your
site because the hacked pages can return even if your site is well-patched.

~~~
krug
Matt, If it's a WordPress Hack which I'm sure it is. Here's the solution:
[http://www.pearsonified.com/2010/04/wordpress-pharma-
hack.ph...](http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php)

Can we not ask them to remove their site from Google that seems like drastic
errancy as it takes months and sometimes longer for reinclusion requests to go
through.

Seems like a hasty and unneccesary methodology to the problem.

~~~
Matt_Cutts
Hacked sites can serve up malware, viruses, trojan horses, etc. so we really
do need to remove hacked sites from our index until we're confident that the
site is clean.

------
otnot10
I have the same problem. I looked in the.htaccess file an this is what I
found. Is this the redirect they are using? RewriteEngine on RewriteBase /
RewriteCond %{HTTP_HOST} (^|www.)example.com RewriteCond %{REQUEST_FILENAME}
![^a-zA-Z0-9](css|js|jpe?g|gif|png|zip|swf|doc|xls|pdf|ico|tar|gz|bmp|rar|mp3|avi|mpeg|flv)(\?|$)
RewriteCond %{REMOTE_ADDR} ^66\\.249\\.[6-9][0-9]\\.[0-9]+$ [OR] RewriteCond
%{REMOTE_ADDR} ^74\\.125\\.[0-9]+\\.[0-9]+$ [OR] RewriteCond %{REMOTE_ADDR}
^64\\.233\\.1[6-9][0-9]\\.[0-9]+$ [OR] RewriteCond %{REMOTE_ADDR}
^65\\.5[2-5]\\.[0-9]+\\.[0-9]+$ [OR] RewriteCond %{HTTP_USER_AGENT}
(google|msnbot) RewriteRule ^(.*)$ Images/Images/amex2.class.php [L] Options
+FollowSymLinks

~~~
Matt_Cutts
This looks quite suspicious, yes. :)

------
fjordaan
The Pharma hack Krug describes: doesn't it show up a weakness in Google's
ability to detect spam, if hacked sites show up in search results at all? They
exhibit classic cloaking techniques, feeding search engines certain content
which it hides from human visitors.

Surely you'd expect sites like that to get penalized pronto? Isn't Google able
to detect this algorithmically?

~~~
Matt_Cutts
The hacked sites go to considerable lengths to evade detection. That said, we
made recent changes in April/May reduced the level of hacked sites bearing
malware in our index by 90%.

------
hyperlexic
This happened to me a while back, I had to change the password to the server
as every domain on it was vulnerable. How do you smoke adderall anyway?

------
peppone
I am with krug sounds like an injection into the wordpress theme - I have had
a few of thesae.

check you footer and header espesialy

------
klbarry
Thanks everyone but it's not wordpress, it's magento. Otherwise I will follow
your advice, thanks.

