Hidden Chinese Meta titles - Hacking

[tapukatata]

Hi,

 

First of all I want to apologize for my bad English

 

Someone has hacked my website and put different Meta titles that are different from those that I've added. In Back office Meta titles are the same as I originally set but in google I see different Meta titles and Meta description which are in Chinese

 

Screenshot 1 is how I see it in google ( keywords: site:iskambg.com ) 

Screenshot 2 is how I see it in Back Office 

 

The URL is: http://iskambg.com/100-%D0%BF%D1%83%D1%88%D0%B0%D1%87%D0%B8

 

How I can remove that hidden Chinese meta titles and meta descriptions?

 

Thank you!

Edited March 9, 2017 by diyan1234 (see edit history)

[tapukatata]

 

 

My domain is: iskambg.com and izgodniceni.com (that domain izgodniceni.com has the same problem with Chinese meta title and description) A few months ago someone was using bot script for sending spam messages through "send to a friend" module. Do you thing that can be a reason for that cache problem?

[rocky]

Yes, the "Send to a friend" module is vulnerable to hacking. You should consider deleting the module if you don't need it or update the module if you do. See here for more information.

[tapukatata]

Yes, the "Send to a friend" module is vulnerable to hacking. You should consider deleting the module if you don't need it or update the module if you do. See here for more information.

 

I deleted this module, but now I do not know how to fix that Chinese Meta title and Meta Descriptions which I see in google when write: site:iskambg.com

 

Any idea ?

[rocky]

Do you have a backup of your database before the hack occurred? If so, you can copy the meta information from the ps_meta_lang, ps_category_lang and ps_product_lang tables and replace the Chinese meta information currently in your database. After doing that, you'll need to use the Google Sitemap module to generate a sitemap and then submit it on Google Webmaster. Then you just wait for Google to re-crawl your website and find the English meta information.

[Dh42]

This is a pain in the ass hack. Its not coming from the database it is coming from a file that is adding a line to the index.php of the site. But if you delete that require line it knocks the whole site down. I am pretty sure they are using an escalation hack to require the file in the php settings from what I have seen. We cleaned one of these off last week. 

[HanzCZ]

I think, it is related: https://developers.google.com/webmasters/hacked/docs/fixing_the_japanese_keyword_hack

 

Throughout old versions of send to a friend module was possible to send spam... this problem is different

 

 

[Dh42]

It is related to that. Its a nasty one too and a pain to clean up. 

[HanzCZ]

Is there any possibility to prevent this attack except strong passwords, .htaccess a .htpasswd in admin folder, access admin folder only from one IP etc.?

[Dh42]

There are and have been modules / themes in the past with security issues, that is what leads to this. Likely there is a hacked module or theme on the site that people used to break into the site. I would also look at the adminlogincontroller as well, they generally put a back door in that too. 

[HanzCZ]

There are and have been modules / themes in the past with security issues, that is what leads to this. Likely there is a hacked module or theme on the site that people used to break into the site. I would also look at the adminlogincontroller as well, they generally put a back door in that too. 

 

ok, thanks for this info.