Joomla with security problems in the GSC

Asked

Viewed 56 times

0

We have a site in Joomla, on Google it started to appear with insurance, we Google security problems with strange Urls.

We have seen that Google encounters problems with pages of this type: site.com.br/2122/whuk16867_/swphtxj/_36_vj.jp.shtml site.com.br/2885/whuk33625_/swphtxj/_36_vj.jp.shtml site.com.br/Dictionary/sekaidaihyakka/

Even though it really looks like an attack, we don’t know how Google falls on these pages, nor can we visualize.

In the Google Search Console guide for security issues we see that it considers it to be a "spam hack" and that the pages have "URL injection".

What we’ve already done:

  • We updated Joomla and modules
  • We searched these Urls or parts of them in the database and archives, but found nothing
  • we install plugins to customize the error pages, but when we try to get to these pages the error is "Not Found" instead of the custom pages

What do we think

  • That only the bot sees these links or the pages
  • That the URL lasts a short time
  • That this occurs at least once a day
  • Has no relation to the data in the database

What do you think?

1 answer

0

Miguel, if we have already checked all the files of the site, searching for malicious scripts, then we should look for other alternatives:

Indexing check

By a quick search here, according to the given url, I was able to verify that there are still indexed urls.

I believe some foreign page is linking your site. Use the Google Webmaster Tools to know what website this is and take appropriate measures.

Remove false pages from the index

Use Webmaster Tools to remove the mentioned pages, as well as the whole url add-on, from the index.: "/2885/whuk33625_/"*

Install WAF ( Web Firewall Application )

The most recommended is the RS FIREWALL.

In case you didn’t want to use it, in the Joomla Extensions there are alternatives to it.

It also allows you to scan the site for malicious scripts.

Block Ips from outside the country

Release only internal ips from Brazil to prevent scans and attacks from other countries. In RS Firewall you can also release/block ips by continent.

Make sure the host keeps updating services

See if the host has the latest stable versions of PHP, Apache/Nginx, Mysql/Mariadb, depending on the case. Also see if they keep the OS kernel up to date.

I believe that with these measures you begin to remove the problem and prevent future invasions.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.