Hey Kevin, normally this means you've been hacked by a spammer. Often the spammers do sneaky things like return a spam page if you have a google.com referrer (e.g. if you click on search result on Google). Meanwhile, they might return a 404 if you enter the url directly in the address bar.

The first place I'd check is your .htaccess file--that's a common place where the hackers hide stuff. Also check for new/recently-added files in your directory. Some WordPress hackers will go so far as to inject malicious code straight into the WP database.

One tool you can use is a feature from google.com/webmasters called "Fetch as Googlebot." Once you prove that you own the site, you can tell Google to fetch your page and you'll see exactly what we see. This is a great way to tell if you've really cleaned out the hacks.

Another tool is our automatic url removal tool, also at google.com/webmasters . You can block a url in robots.txt and then use that tool to remove that page from Google's index.

If you've gotten everything, then the pages should start to leave Google's index after a few days. The hackers can be quite smart though, and if they compromise your webhost then it's even more painful to scrape them off your site because the hacked pages can return even if your site is well-patched.

Matt, If it's a WordPress Hack which I'm sure it is. Here's the solution: http://www.pearsonified.com/2010/04/wordpress-pharma-hack.ph...

Can we not ask them to remove their site from Google that seems like drastic errancy as it takes months and sometimes longer for reinclusion requests to go through.

Seems like a hasty and unneccesary methodology to the problem.

Hacked sites can serve up malware, viruses, trojan horses, etc. so we really do need to remove hacked sites from our index until we're confident that the site is clean.

I have the same problem. I looked in the.htaccess file an this is what I found. Is this the redirect they are using? RewriteEngine on RewriteBase / RewriteCond %{HTTP_HOST} (^|www.)example.com RewriteCond %{REQUEST_FILENAME} (\?|$) RewriteCond %{REMOTE_ADDR} ^66\.249\.[6-9][0-9]\.[0-9]+$ [OR] RewriteCond %{REMOTE_ADDR} ^74\.125\.[0-9]+\.[0-9]+$ [OR] RewriteCond %{REMOTE_ADDR} ^64\.233\.1[6-9][0-9]\.[0-9]+$ [OR] RewriteCond %{REMOTE_ADDR} ^65\.5[2-5]\.[0-9]+\.[0-9]+$ [OR] RewriteCond %{HTTP_USER_AGENT} (google|msnbot) RewriteRule ^(.*)$ Images/Images/amex2.class.php [L] Options +FollowSymLinks

This looks quite suspicious, yes. :)

The Pharma hack Krug describes: doesn't it show up a weakness in Google's ability to detect spam, if hacked sites show up in search results at all? They exhibit classic cloaking techniques, feeding search engines certain content which it hides from human visitors.

Surely you'd expect sites like that to get penalized pronto? Isn't Google able to detect this algorithmically?

The hacked sites go to considerable lengths to evade detection. That said, we made recent changes in April/May reduced the level of hacked sites bearing malware in our index by 90%.

This happened to me a while back, I had to change the password to the server as every domain on it was vulnerable. How do you smoke adderall anyway?

I am with krug sounds like an injection into the wordpress theme - I have had a few of thesae.

check you footer and header espesialy

Thanks everyone but it's not wordpress, it's magento. Otherwise I will follow your advice, thanks.