An interesting situation occurred recently when trying to access our mobile website, WebGuardz.com, from an Android based mobile phone; I was continually redirected to a suspicious site, “http://mob-version.ru/other/”, and no changes or updates I tried with the phone or mobile browser settings fixed it.
Initially, I assumed it was a mobile phone / Android issue since I could access the site from any PC, laptop, tablet, and iPhone I tried. I continued to fiddle with the phone and browser settings, but unfortunately no luck. Then the situation suddenly worsened — I received the dreaded email indicating WebGuardz.com had been placed on Google’s naughty list. I quickly realized the issue was not with just my phone, but mobile (at least Android) in general. This was likely already impacting my traffic/revenue and business reputation….Yikes!
Email received from Google:
” Unfortunately, it appears that your site has been hacked.
Your site appears to behave differently when visited by certain users. For example, users visiting from search engines or on mobile browsers may be redirected to a spam site or exposed to spam content. As a result, Google has applied a manual spam action to webguardz.com. There may be other actions on your site or parts of your site. In addition, to protect visitors to your site from possible spam or malware, Google’s search results may label your site’s pages as hacked. “
I immediately reported the issue to my web host, but due to a large backlog of security related issues, they were slow to resolve the issue. In parallel to the web host notification, I decided to do some online investigation and came across an article that discussed a similar issue. Come to find out, it was malware that was likely installed through a WordPress Plugin vulnerability.
I was using security and malware plugins to supposedly prevent such an issue, however they missed this particular threat. In an attempt to resolve the issue ASAP, I researched other WordPress malware scanner /cleaner plugins. I ultimately selected Anti-Malware and Brute-Force Security by ELI (FREE download here: https://wordpress.org/plugins/gotmls/ — to learn more about Eli’s products and services, you can visit: http://gotmls.net/). It had great reviews, and had all the malware elements I was needing (and was big improvement over our current malware plugin).
I installed the plugin and conducted a full scan; several real and potential threats were identified and cleaned automatically. However there were a couple items that persisted and created Internal Server Errors (500). I immediately emailed the developer with the problem. They quickly reviewed the situation and thoroughly cleansed our server and website. Come to find out, it was a new threat that the developer was not aware of. Based on their new knowledge they updated the plugin to detect and resolve for future users who encounter the same issue..
In hindsight, I should have taken the unusual activity of the redirect much more serious from the start. The take away here is that if anything seems out of the ordinary when trying to access your website, blog, etc, (desktop and/or mobile) take note, and report it to your web host immediately. It’s also a good time to ensure your security and malware plugins are up to date. If you’re unable to eliminate the issue right away, you may want to consider trying a different plugin (or installing one if you don’t currently have one).
Unfortunately in the world we live, it’s quite likely your website will be hacked if it hasn’t already. Even the best security and malware plugins can’t keep up with the continuous barrage of hackers looking to exploit vulnerabilities. It’s imperative that you make every effort possible to prevent harm to your business and reputation.
Please be diligent, vigilant, and swift when it comes to your website security – both desktop and mobile versions (as they can be affected differently as I learned…the hard way).