Hacked wordpres site, due to nginx vulnerability?


#1

My site has an issue, if there is a ?PID= placed on an extension of a page it will show up as a new page. More importantly, it will be rel=canonical, meaning I have a lot of extraneous pages in googles index! Someone has found out about this and is exploiting it, by indexing lots and lots of these types of pages.

An example of my homepage: http://weedies.org
Now with extra stuff thrown in: http://weedies.org/?PID=anything-I-want-123.html

The problem I am having is that google is actually indexing these pages, since they have a rel=cononical attached somehow. Google now has my site indexed as some spammy site, with no relation to what it is originally about.

Is this a problem with ee and nginx? That’s what I used to install…
Any advice?


#2

Additionally, 404 pages are not showing up. It will just load the page, and have a ‘not found’ title.


#3

this was a private reply with post_id 56037


#4

Hi @dillon,

You can block this type of url from google crawler by define a rule in robot.txt

Because in WordPress any plugin can use any type of query string so we can’t restrict all query string by defining 404 rule in nginx conf.


#5

Thanks Faishal Saiyed

So there isn’t a way to have my 404 work properly?
Do you suppose that a plugin I am using is causing this 404 problem?

I’d like to be able to serve a catchall 404 page for all pages that don’t exist


#6

I checked on google, I found that other site are giving back link to your site.

ex: http://www.bravura.net/?pid=louboutin-sale-nyc-2013-7413.html

If you check that site, you will found your site link in content (Load page after disable javascript, because javascript is creating iFrame).

Better you define nginx rule for that type of urls and Fix your site link using webmaster tool


#7