Vesta Control Panel - Forum

I am having a weird issue.

At the moment I am hundred percent sure it is not some sort of hacking/injection issue. I triple checked everything and took best measures I can.

I noticed that I am getting traffic to urls like hxxps://www.outdoorhaber.com/page/2?p=online-casino-usa (pls replace xx with tt)

Those urls are random

hxxps://www.outdoorhaber.com/page/15?p=online-casino
hxxps://www.outdoorhaber.com/page/13?p=online-casino-reviews

approximately 70 more of these...

My issue is they should be returning 404 but they are not.

The weird thing and which makes me think it is not hacking related is instead of hxxps://www.outdoorhaber.com/page/13?p=online-casino-reviews if I type hxxps://www.outdoorhaber.com/page/13?p=jhakhlkd ... la12345456 I still do not get 404 and a page appears with blog posts listed.

Google somehow indexes those pages.

hxxps://www.outdoorhaber.com/?p=blablablatest123 doesn't return 404 either, but hxxps://www.outdoorhaber.com/blablablatest123 does!

Come on guys, this is not a hacking issue. Something vesta/nginx related because I host another website in vesta and it does the same behavior. But the sites in apache works properly and returns 404 when I input /?p=test123

Can you guys please put your wordpress sites here so that we can check if the same behavior happens in your vesta/nginx/php-fpm configurations.

You are 100% victim of remote "injection"
Usually this happens with bad/nulled themes and plugins that are infected with backdoor scripts.

Clean install Wordpress, purchase your theme and install it, and for the generated dynamic URLs you should edit your DB file and restore it.

I am not a victim of a hack %100 sure, you can browse my site with any ?p=xxxxx

when I take the site back to cpanel (apache) the issue stops and the site returns 404 for ?p=xxxxx pages.

I never use nulled scripts.

jesus (I'm not even christian) I didn't ask people's opinion if I got hacked!!!, this is a problem whether I got hacked or not.

Got Google Webmaster on the website?

Quick way is to fetch as Google: https://www.google.com/webmasters/tools/googlebot-fetch

It will let you know if you have been hacked as the casino links will show up.

Because ? is the start of a query string it will not show a 404 because those pages exist.

This shows a 404: https://www.outdoorhaber.com/page/99?p= ... casino-usa (page 99 does not exist)

cagatay wrote:

SS88 wrote:Got Google Webmaster on the website?

Quick way is to fetch as Google: https://www.google.com/webmasters/tools/googlebot-fetch

It will let you know if you have been hacked as the casino links will show up.

Because ? is the start of a query string it will not show a 404 because those pages exist.

This shows a 404: hxxps://www.outdoorhaber.com/page/99?p=online-casino-usa (page 99 does not exist)

I am not hacked, what's happening is people like you are posting links like this and google is indexing those pages.

You people are retarded, you don't read the post and put your opinions here. I am not asking help for hacking.

I am asking help for the 404 issue.!!!! read the post damn it !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

here's a video I did for those insisting on hack

https://www.youtube.com/watch?v=KvemYMb ... e=youtu.be

I was actually giving you a 100% verified way to check these types of hacks (which in turn helps other people fix that issue too) because the other responder didn't give you a solution for that. What you see with your own web browser is NOT WHAT GOOGLE SEES. These hacks don't show YOU spammy links they show GOOGLE only.

I also helped you with your 404 issue as it seems you don't understand how websites work.

Have a nice day. :)

cagatay, behave correctly on our forum and don't insult the participants