Joomla with security problems in GSC

0

We have a site in Joomla, in Google it happened to appear with not secure, we verified in Google security problems with strange URLs.

We have seen that Google encounters problems with pages of this type: site.com.br/2122/whuk16867_/swphtxj/_36_vj.jp.shtml site.com.br/2885/whuk33625_/swphtxj/_36_vj.jp.shtml site.com.br/dictionary/sekaidaihyakka /

Thinking of really appearing to be an attack, we do not know how Google falls on these pages, nor can we visualize.

In the Google Search Console guide for security issues we see that it is considered a "spam invasion" and that the pages have "URL injection."

What we've already done:

  • We've updated Joomla and modules
  • We searched for these URLs or parts of them in the database and files, but we did not find anything
  • We installed plugins to customize the error pages, but when we try to get to these pages the error is "Not Found" instead of the custom pages

What do you think?

  • That only the bot sees these links or the pages
  • The URL is short-lived
  • That this occurs at least once a day
  • Unrelated to database data

What do you think?

    
asked by anonymous 29.09.2016 / 17:46

1 answer

0

Michael, if you have already checked all the files on the site, searching for malicious scripts, then we should look for other alternatives:

Check indexing

For a quick search here, according to the url informed, I was able to check that there are still indexed urls.

I believe some foreign page is linking to your site. Use Google Webmaster Tools to find out what site this is and take appropriate action.

Remove fake pages from index

Use Webmaster Tools to remove the mentioned pages from the index as well as the full complement of the url, for example: "/ 2885 / whuk33625 _ / "

Install WAF (Web Firewall Application)

The most recommended is the RS FIREWALL .

If you did not want to use it, in Joomla Extensions there are alternatives to it.

It also allows you to scan the site for malicious scripts.

Block Ips from outside the country

Release only the internal ips of Brazil to avoid scans and attacks from other countries. In RS Firewall you also have to free / block ips per continent.

Make sure the host maintains service updates

See if the host is with the latest stable versions of PHP, Apache / Nginx, Mysql / MariaDB, depending on the case. Also see if they keep the OS kernel up to date.

I believe that with these measures you begin to remove the problem and prevent future intrusions.

    
07.11.2016 / 19:20