How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Khristopher N. Sines AACJ, BSHS/M, MS...

Khristopher N. Sines AACJ, BSHS/M, MS/P
Khristopher N. Sines AACJ, BSHS/M, MS/P, Consultant
Category: General
Satisfied Customers: 195
Experience:  Associates in Criminal Justice. Bachelors in Human Service Management. Masters in Psychology
72188469
Type Your Question Here...
Khristopher N. Sines AACJ, BSHS/M, MS/P is online now
A new question is answered every 9 seconds

Unauthorized Web Site Name And Description Switch On Search

Resolved Question:

Unauthorized Web Site Name And Description Switch On Search Pages Using Bing
Submitted: 12 months ago via HelpOwl.
Category: General
Expert:  Khristopher N. Sines AACJ, BSHS/M, MS/P replied 12 months ago.

Khristopher N. Sines AACJ :

Hi there,
Happy to assist you!
Can you please elaborate a little more regarding this question? Thanks!

Customer:

Hi and thanks.

Customer:

A couple of weeks ago the site name and description suddenly started appearing on Google Search differently from what was written in the actual site tags. I had some ongoing conversation with Google Admin and they said they couldn't fix the problem so I asked them to remove all links to my site which they did. A couple of days ago the same thing started happening on Yahoo and MSN Search so I contacted Yahoo Admin and asked for assistance as my site is hosted on the Yahoo Small Business server. They came back to me and suggested that I contact Bing and ask what is going on as Yahoo are using the Bing Web crawler. I have temporarily broXXXXX XXXXXnks to all pages on my Site but left a message on this to the hacker because I'm a bit pissed off about this.

Khristopher N. Sines AACJ :

So basically you are receiving a HTTP 401 error. Is this correct?

Customer:

You can still access my home page that has the message to the hacker on it but not the linked pages as they have been disconnected and now return a 401. I put the message on my home page because I have clients referring to my site and with the present site description and changed name they would think I'm a bit of and idiot if I just left it as it was. Basically the site description now makes vague reference to sex enhancing pills and penis enlargement instead of describing my business. I noticed at the time that a number of other sites on Google had been hacked the same way. I think they've all been removed by now. You can still see the corrupted site description on mine on search pages because the home page is still live.

Khristopher N. Sines AACJ :

Introduction



The Web server (running the Web site) thinks that the HTTP data stream sent by the client (e.g. your Web browser or our CheckUpDown robot) was correct, but access to the URL resource requires user authentication 1) which has not yet been provided or 2) which has been provided but failed authorization tests. This is commonly known as "HTTP Basic Authentication". The actual authentication request expected from the client is defined in the HTTP protocol as the WWW-Authenticate header field. (Last updated: March 2012).


Generally this error message means you need to log on (enter a valid user ID and password) somewhere first. If you have just entered these and then immediately see a 401 error, it means that one or both of your user ID and password XXXXX invalid for whatever reason (entered incorrectly, user ID suspended etc.).



401 errors in the HTTP cycle



Any client (e.g. your Web browser or our CheckUpDown robot) goes through the following cycle:



  • Obtain an IP address from the IP name of the site (the site URL without the leading 'http://'). This lookup (conversion of IP name to IP address) is provided by domain name servers (DNSs).

  • Open an IP socket connection to that IP address.

  • Write an HTTP data stream through that socket.

  • Receive an HTTP data stream back from the Web server in response. This data stream contains status codes whose values are determined by the HTTP protocol. Parse this data stream for status codes and other useful information.


This error occurs in the final step above when the client receives an HTTP status code it recognises as '401'.



Fixing 401 errors - general



Each Web Server manages user authentication in its own way. A security officer (e.g. a Web Master) at the site typically decides which users are allowed to access the URL. This person then uses Web server software to set up those users and their passwords. So if you need to access the URL (or you forgot your user ID or password), only the security officer at that site can help you. Refer any security issues direct to them.


If you think that the URL Web page *should* be accessible to all and sundry on the Internet, then a 401 message indicates a deeper problem. The first thing you can do is check your URL via a Web browser. This browser should be running on a computer to which you have never previously identified yourself in any way, and you should avoid authentication (passwords etc.) that you have used previously. Ideally all this should be done over a completely different Internet connection to any you have used before (e.g. a different ISP dial-up connection). In short, you are trying to get the same behaviour a total stranger would get if they surfed the Internet to the Web page.


If this type of browser check indicates no authority problems, then it is possible that the Web server (or surrounding systems) have been configured to disallow certain patterns of HTTP traffic. In other words, HTTP communication from a well-known Web browser is allowed, but automated communication from other systems is rejected with an 401 error code. This is unusual, but may indicate a very defensive security policy around the Web server.



Fixing 401 errors - CheckUpDown



When you set up your CheckUpDown account, you may optionally provide two items 2. Web Site User ID and 3. Web Site Password. You should provide these only if the site uses HTTP Basic Authentication. If you provide them, the CheckUpDown robot always uses them. This will result in a 401 error if in fact the site does not use this authentication. Conversely, if you do not provide them and the site does use this authentication, you also get a 401 error.


If however your URL is open to all comers, then an 401 message should not appear. Because it indicates a fundamental authority problem, we can only resolve this by negotiation with the personnel responsible for security on and around the Web site.


Customer:

Yes, I deliberately broke links to all other pages until I get the search page information switching problem sorted then I'll reconnect them. 401 is not the problem. Someone switching my site description and site name are what really concern me.

Khristopher N. Sines AACJ :

Do you believe that someone else may have admin access?

Customer:

It shouldn't be possible but Yahoo and the Police have suggested I copy access logs so that they can look into this. I looked through all the site files yesterday and rechecked all the tags and I can't see anything that has been changed or shouldn't be there. When this all started I did a quick search on the Web to see if there was any information on this sort of thing. Say where your site name and description can be changed by someone else, and I came across one reference that said it was relatively easy to substitute information like this but it didn't give any further information.

Khristopher N. Sines AACJ :

Perhaps malware may be the culprit!

Customer:

Yes, I am thinking that too but how and where? Yahoo Admin also suggested that I write a different description and site name. I said that I tried that and it worked briefly then switched back again. I'm using Norton Antivirus on a Mac but I'm not entirely confident to be honest.

Khristopher N. Sines AACJ :

Perhaps the best solution then is to copy the access logs for Yahoo and your local police as stated above!

Customer:

I really appreciate your time but you haven't got me any closer to solving this problem I'm afraid. Do you think a substitution of this information can be made at the web crawler stage or even in cached information or that the strongest possibility is malware. Then if malware, where to start looking and how to get rid of it?

Khristopher N. Sines AACJ :

A substitution may work! I would exercise all possible outcomes before thinking its malware. Especially with a Mac!

Customer:

For example... with a Mac. What are some of the possibilities?

Customer:

I thought Macs were supposed to be pretty safe, but you appear to be questioning that assumption.

Khristopher N. Sines AACJ :

I am under the same assumption! Mac's are fairly safe! This is why I only suggested the possibility of it being malware!

Customer:

Ho would you substitute... set up an identical site with false information that then links to my web page? Can this be done... easily?

Customer:

As I saw other sites on Google search that had been affected in the same way I assumed Google had been hacked.. and I told them. But now it appears to be more widespread and in talking with you am beginning to suspect malware. Just wondering how and where? How to locate it is probably the first priority now.

Khristopher N. Sines AACJ :

Perhaps running a different virus/malware/spyware scanner would diagnose the issue! I can direct you to a few very good free ones!

Customer:

Thanks but I would really like to get this thing sorted so would prefer that you suggest a couple of the best you know of so that I can read their specs and make a decision

Customer:

This may be related, not sure but it may help. I get loads of spam every day, 40 to 60. I traveled in Russia a couple of years ago and after I returned put some photo's of Russia on my site. A couple of weeks later I started receiving invitations from Russian girls. I didn't open any of these because I was suspicious. About sis months later the spam changed to sale of online meds, then more recently to other things. There is a connect between the online med spam and the switched site description. Similar text. Do you think this could be the indicate the existence of malware?

Customer:

Thanks, XXXXX XXXXX three which one would you go for?

Khristopher N. Sines AACJ :

Quite possibly! I personally like magican the best!

Customer:

Ok I think you've earned your fee and I'll certainly try magician. How do I confirm your payment? What's the procedure? You have my email address right? Can we leave it that if you run across this sort of thing or anything related in the near future that you send me an e. I would be be very grateful. Please let me know procedure now for completing our discussion. I'm happy to give you an excellent, you've been very patient.

Khristopher N. Sines AACJ :

Once you have rated my response the transaction will take place! Yes, I have access and a backlog to all the questions I respond too. If I find more information, I will certainly let you know asap!

Customer:

Thank you so much. Have a nice day and best regards, XXXXX XXXXX - Hong Kong

Khristopher N. Sines AACJ :

Have a wonderful evening!

Khristopher N. Sines AACJ, BSHS/M, MS/P, Consultant
Category: General
Satisfied Customers: 195
Experience: Associates in Criminal Justice. Bachelors in Human Service Management. Masters in Psychology
Khristopher N. Sines AACJ, BSHS/M, MS/P and 83 other General Specialists are ready to help you
Expert:  Khristopher N. Sines AACJ, BSHS/M, MS/P replied 11 months ago.
Thank you for allowing me to help you in your time of need. Please do not hesitate to contact me in the future for any information you may be needing. God bless!

JustAnswer in the News:

 
 
 
Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.
 
 
 

What Customers are Saying:

 
 
 
  • Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help. Mary C. Freshfield, Liverpool, UK
< Last | Next >
  • Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help. Mary C. Freshfield, Liverpool, UK
  • This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!! Alex Los Angeles, CA
  • Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult. GP Hesperia, CA
  • I couldn't be more satisfied! This is the site I will always come to when I need a second opinion. Justin Kernersville, NC
  • Just let me say that this encounter has been entirely professional and most helpful. I liked that I could ask additional questions and get answered in a very short turn around. Esther Woodstock, NY
  • Thank you so much for taking your time and knowledge to support my concerns. Not only did you answer my questions, you even took it a step further with replying with more pertinent information I needed to know. Robin Elkton, Maryland
  • He answered my question promptly and gave me accurate, detailed information. If all of your experts are half as good, you have a great thing going here. Diane Dallas, TX
 
 
 

Meet The Experts:

 
 
 
  • Ron

    ASE Certified Technician

    Satisfied Customers:

    21435
    23 years with Ford specializing in drivability and electrical and AC. Ford certs and ASE Certs
< Last | Next >
  • http://ww2.justanswer.com/uploads/FO/fordguy4u/2011-12-17_222940_HPIM1257.64x64.JPG Ron's Avatar

    Ron

    ASE Certified Technician

    Satisfied Customers:

    21435
    23 years with Ford specializing in drivability and electrical and AC. Ford certs and ASE Certs
  • http://ww2.justanswer.com/uploads/lyeung1/2010-07-25_032152_tn_IMG_0241.JPG Dr. Y.'s Avatar

    Dr. Y.

    Urologist

    Satisfied Customers:

    18506
    I am fellowship trained specializing in general urology and reconstructive urology.
  • http://ww2.justanswer.com/uploads/docjohn174/2008-12-13_170143_johnask.jpg John's Avatar

    John

    Home Appliance Technician

    Satisfied Customers:

    13453
    Appliance repair business owner for over 43 years.
  • http://ww2.justanswer.com/uploads/MU/multistatelaw/2011-11-27_173951_Tinaglamourshotworkglow102011.64x64.jpg Tina's Avatar

    Tina

    Lawyer

    Satisfied Customers:

    8570
    JD, BBA Over 25 years legal and business experience.
  • http://ww2.justanswer.com/uploads/dermdoc19/2010-09-30_160749_Photo_122807_015.JPG dermdoc19's Avatar

    dermdoc19

    Dermatologist

    Satisfied Customers:

    3883
    30 years practice in general and cosmetic dermatology
  • http://ww2.justanswer.com/uploads/BI/birddoctor/2012-6-22_173214_birddoctor.64x64.png Dr. Pat's Avatar

    Dr. Pat

    Bird Veterinarian

    Satisfied Customers:

    3424
    25+ years working primarily or exclusively with birds
  • http://ww2.justanswer.com/uploads/RY/rydergar/2012-6-6_192240_IMG0328.64x64.JPG Dr. Gary's Avatar

    Dr. Gary

    Cat Veterinarian

    Satisfied Customers:

    3345
    DVM, Emergency Veterinarian, BS (Physiology)