3 people found this helpful
So this must be a problem with the security of the HTML files Muse is creating
Not at all. They are just files.
widgets on the page?
Could be, but this is questionable at best. Without knowing what widgets you used, nobody can tell you much, anyway.
The rest is between you and your provider, but to be blunt, I don't think that cheap & dirty hosting services like 123Reg, GoDaddy and a few others are particularly trustworthy. In any case, at least reset your virtual hosting space on the server configuration backend and re-initialize it completely from scratch with fresh passwords.
I too am having this EXACT problem and got the same BS answer from 123 Reg. How did you rectify the issue?
I sorted this issue at the beginning of this month by deleting ALL the files on the web server, and re-uploading the files created by Muse. This fixed the issue, but I just checked today and the same problem has appeared and 'YES' it's 123-Reg also.
If you use Google Webmaster Tools, you can actually see the problem, by performing the Fetch as Google function, the GoogleBot sees the suspicious site, before it sees the actual site.
EXACTLY the same problem presented in the same way too
I am consulting with a web security firm as to how to rectify this. The possibility of weak code from Muse has also been suggested by the consultants as a way they have gotten in. Hundreds of Euros to correct this problem and safeguard against it.
"100% malware code is injected to core file of your website, it filters traffic from google server and from visitors. For google traffic it shows different content (black SEO)... Weak code or bug, or maybe hacker has access to admin area or you host multi sites on the same hosting account and each website has full access to each other. Without analyze it's hard to say what is the reason."
I've had exactly the same problem. Using Muse and 123 Reg and after a few months each time finding my site hacked. It must have happened about six times. I tried changing passwords making them impossibly hard and cleaning out the files and uploading and notifying google console/fetch the site was clean again.
I am now certain the hack was going through the scrolling images widget on the front page of the site. It's my only widget on the site. I have taken the scrolling images widget out and now have a static image and I've not been hacked for six months now. It's probably that the widget originated from a very early version of Muse. I'm just relieved I don't find every few months my google rating go right down and my site with weird text selling Spanish sportswear, sunglasses and the like.
I have had to employ site security at 600 Euros a year to protect my five websites against this sort of intrusion now.
I also tried INSANE passcodes made of nothing but numbers, random letters and symbols and it still kept happening. I didn't even have scrolling image widget and still got it! Repeatedly cleared FTP , etc exactly as you described and was repeatedly attacked.
Mine were replica Rolexes. Fake NBA jerseys from China and all sorts of tat.
After employing the security team, all but one of my sites were clean. I was attacked once more, and pointed this out to them; which they promptly rectified and put a special watch on that particular site. It also happened to be the one that got the most traffic.
It's definitely a leak or weakness in a code / php SOMEWHERE from Muse that's letting them in; of that I am sure.
Oh well. I thought the removal of the scrolling image fixed the spamming as I was clear for six months but I just got spammed again on my Muse site on 123-Reg.
Back to the drawing board with a complete clear out of files on server, notify google console and change passwords. The next step will be to change web host provider.
1 person found this helpful
I had the same problem. The contact form widget is an easy in for bots to bypass and gain direct access to your ftp. Since I removed my contact forms and only use clickable email (mailto:) links, I've had no more hacks. I think contact forms generally are easy ins on most platforms.