Our site was compromised. We have taken every step to seal off the breech. But my question is... how is this possible?

My search results in google are showing completely different titles and text than what is in my database and what is on the landing page of my site. Could this have all been indexed by google while our site was compromised? Has this happened to anyone, how long will it take to go away! Is there anything I can do to make google see my REAL Pages?

We use vBseo, so you can see what the title of the pages should be in the url under the link. This is crazy, EVERY PAGE!!

https://www.google.com/search?q=site%3Awhats-your-deal.com&aq=f&oq=site%3Awhats-your-deal.com&aqs=chrome.0.57j58.5451&sourceid=chrome&ie=UTF-8#q=site:whats-your-deal.com&hl=en&safe=off&ei=huI3UeahH-q-0QHB7YC4AQ&start=130&sa=N&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.&bvm=bv.43287494,bs.1,d.dmQ&fp=cb8d1a9726c4b93c&biw=917&bih=787

Take a look at Google's cached version of the results:

http://webcache.googleusercontent.com/search?q=cache:h-i42NcnSZkJ:www.whats-your-deal.com/forums/2089578-berkshire-blanket-coupons-berkshireblanket-com-codes.html+&cd=131&hl=en&ct=clnk&gl=us

There's some sort of big overlay putting all of those tags in.

Here's the source of the page:

<title>Viagra cheap overnight shippimg >>>> United Pharmacy, No prescription required. THE BEST PRICE!</title>

<p align="center" style="font-size: 50px; color: gray;"><u>Please wait while loading the page.</u></p>
<p align="center" style="font-size: 50px; color: white;">THE BEST ONLINE PHARMACY</p>
<p align="center" style="font-size: 50px; color: white;">Bonus pills for every order.</p>
<p align="center" style="font-size: 50px; color: white;">Fast order delivery.</p>
<p align="center" style="font-size: 50px; color: white;">THE BEST PRICE!</p>



Etc...

If you got rid of it all, it'll probably just take Google a few days to update the cache. You could also submit a URL removal request

Someone got into your database/server and made changes to redirect google to other sites.

Chances are you were exploited though an addon (like vBSEO) or though another software on the server.

@FindingPeace... WOW! I should have thought to look at the cached version. I have been scouring through my data and could not find any of those words!! It was a nasty code that was on our site. Not sure how it got in there, but the actions we took to fix it were monumental. We started with a 100% fresh install, new ip, then moved only our database over. And the dang thing came back 5 hours after the move. I noticed some spammy usernames, so I deleted all the ones the visited in the last 24 hours. Deleted out the file we used to import the database and we have been clean for the longest stretch yet. So if anyone is getting craziness, start deleting users who look spammy!! I dont know how they are doing what they are doing, but they did it.

Oh jeeze, that sounds like such a mess! I'm so glad you found a solution, and it was very nice of you to share it here in case any of us run into the same attack.

Hey, you also might want to check out the vb4 Spam-O-Matic mod; definitely one of the best I've ever used for preventing spam registrations. A few still get through every now and then, so I'll have to go delete them to avoid becoming an e-Pharmacy :)

Here is an update on this particular attack. Access logs show that an attempt to call a non-existent page happens every minute from a different ip address. The page is something like FaqJEd.php (of course we have faq.php, but not this file) This file WAS on our server when it was compromised. We are weeks out from having that file removed and they are still attempting to hit it. Hopefully they will notice they are getting nowhere and cease.

I also noticed a second file AWal.php or Awor.php that did not belong, again this was present during the compromise.

We have ceased using any unnecessary hacks or add-ons because of the security issues.