#9053 – Website hacked and weird stuff done...

Hi

In my research now I found some testing?x-wblr-crawler-cdn-bust=17daa457-1e63-4bb1-b3dc-0cc31fa49d96  entries in the 404 records and stuff like forseo/v1/cron/image/2wuzzmxfap7gwf2xxccn58.svg  in the 404 records

These are legit, if not fine, they are the result of 4SEO crawling your pages. The "x-wblr-crawler-cdn-bust=" bit is a random number appended to each URL crawled to bypass any CDN caching, such as cloudflare.

You should not have "forseo/v1/cron/image/2wuzzmxfap7gwf2xxccn58.svg" as 404s, these URLs should work fine and not be 404 but that's something that can be looked at separately.

A Chinese gmail Adress registered my website as an owner in the search console and submitted a txt Sitemap with 1000 Domains.

Was your Search Console account hacked? or did they get access to your site and placed the sitemap file there?

I also found out that all 404 result in a 301. This seems to be a Joomla bug: https://github.com/joomla/joomla-cms/issues/38785

Github is not loading at the moment so I can't view the issue but yes, sometimes Joomla (3 at least) can render result for what should be 404. I don't recall 301 happening though, except in one case: for multilingual sites, where it will always try to redirect to the default (or detected) language, if it was configured to do so. The ML default settings are not good, there should not be a language code in the URL for the defautl language.

The problem is, when Google will follow the weird links the guy submitted it will all result in 301 but must be 404 to not cause any harm :-( too bad.

But you said they were for other domains?

maybe something is going on with these testing?x-wblr-crawler-cdn-bust=17daa457-1e63-4bb1-b3dc-0cc31fa49d96  and forseo/v1/cron/image/2wuzzmxfap7gwf2xxccn58.svg entries.

Nope, all this is fine. Thanks for reporting it though.

Best regards

Yannick Gaultier

weeblr.com / @weeblr