Suspicious Search console reports

I’ve got an old site 8.5 site that recently went live and Google Search Console keeps reporting about 42k unindexed pages (redirects and canonicals) that shouldn’t be there e.g.

• wptouch_switch=desktop&redirect=//www.2408.top/kiogmvrab.htm
• wptouch_switch=desktop&redirect=//salesculture.ru/862/6951/978fe22/

My host swears it isn’t them and Google suggests this is a problem with a well known WordPress addon but this is a fresh host package with a fresh Concrete install that has never used WP so I’m very confused.

Any ideas?
Cheers
Dave

Environment info

# concrete5 Version
Core Version - 8.5.6
Version Installed - 8.5.6
Database Version - 20210622145600

# Database Information
Version: 10.6.19-MariaDB-log
SQL Mode: NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

# concrete5 Packages
Simple Gallery (1.0.9)

# concrete5 Overrides
blocks/page_list/templates/news_footer.php,
blocks/page_list/templates/news.php,
blocks/page_list/templates/news-home.php,
blocks/page_list/templates,
blocks/page_list,
blocks/image/templates/activity.php,
blocks/image/templates/pb_gallery_overview.php,
blocks/image/templates,
blocks/image,
blocks/content/templates/testimonial.php,
blocks/content/templates,
blocks/content/view.php,
blocks/content,
blocks/simple_gallery/templates/redacted .php,
blocks/simple_gallery/templates/redacted -slider.php,
blocks/simple_gallery/templates,
blocks/simple_gallery,
blocks/autonav/templates/sidebar-nav.php,
blocks/autonav/templates/footer-nav.php,
blocks/autonav/templates/main-nav.php,
blocks/autonav/templates/breadcrumb.php,
blocks/autonav/templates,
blocks/autonav,
blocks/image_slider/templates/testimonials.php,
blocks/image_slider/templates,
blocks/image_slider,
themes/redacted /lib/slick/slick.min.js,
themes/redacted /lib/slick/slick-theme.css,
themes/redacted /lib/slick/slick.css,
themes/redacted /lib/slick/fonts/slick.woff,
themes/redacted /lib/slick/fonts/slick.ttf,
themes/redacted /lib/slick/fonts/slick.svg,
themes/redacted /lib/slick/fonts/slick.eot,
themes/redacted /lib/slick/fonts,
themes/redacted /lib/slick/ajax-loader.gif,
themes/redacted /lib/slick,
themes/redacted /lib,
themes/redacted /activities.php,
themes/redacted /elements/footer.php,
themes/redacted /elements/header.php,
themes/redacted /elements/header_top.php,
themes/redacted /elements/footer_bottom.php,
themes/redacted /elements,
themes/redacted /default.php,
themes/redacted /home.php,
themes/redacted /noLimits.php,
themes/redacted /prepros-6.config,
themes/redacted /thumbnail.png,
themes/redacted /fonts/line-awesome.eot,
themes/redacted /fonts/linea-basic-10.woff,
themes/redacted /fonts/line-awesome.woff2,
themes/redacted /fonts/glyphicons-halflings-regular.ttf,
themes/redacted /fonts/line-awesome.ttf,
themes/redacted /fonts/linea-basic-10.svg,
themes/redacted /fonts/line-awesome.woff,
themes/redacted /fonts/linea-arrows-10.woff,
themes/redacted /fonts/linea-arrows-10.eot,
themes/redacted /fonts/linea-basic-10.eot,
themes/redacted /fonts/line-awesome.svg,
themes/redacted /fonts/glyphicons-halflings-regular.woff2,
themes/redacted /fonts/linea-arrows-10.svg,
themes/redacted /fonts/glyphicons-halflings-regular.eot,
themes/redacted /fonts/glyphicons-halflings-regular.woff,
themes/redacted /fonts/linea-arrows-10.ttf,
themes/redacted /fonts/linea-basic-10.ttf,
themes/redacted /fonts/glyphicons-halflings-regular.svg,
themes/redacted /fonts,
themes/redacted /css/line-awesome.min.css,
themes/redacted /css/custom.less,
themes/redacted /css/helpers/typography.less,
themes/redacted /css/helpers/shame.less,
themes/redacted /css/helpers,
themes/redacted /css/bootstrap.min.css,
themes/redacted /css/line-awesome-font-awesome.min.css,
themes/redacted /css/line-awesome.css,
themes/redacted /css/line-awesome-font-awesome.css,
themes/redacted /css/main.css,
themes/redacted /css/animate.css,
themes/redacted /css/partials/header.less,
themes/redacted /css/partials/content.less,
themes/redacted /css/partials/footer.less,
themes/redacted /css/partials,
themes/redacted /css/universal.less,
themes/redacted /css/main.less,
themes/redacted /css/owl.carousel.css,
themes/redacted /css/blocks/content.less,
themes/redacted /css/blocks/auto-nav.less,
themes/redacted /css/blocks/form.less,
themes/redacted /css/blocks/image-slider.less,
themes/redacted /css/blocks/page-list.less,
themes/redacted /css/blocks,
themes/redacted /css/template.less,
themes/redacted /css,
themes/redacted /training.php,
themes/redacted /page_theme.php,
themes/redacted /full.php,
themes/redacted /view.php,
themes/redacted /location.php,
themes/redacted /images/transparent.jpg,
themes/redacted /images/bg-vector2.png,
themes/redacted /images/logo-footer.png,
themes/redacted /images/search-icon.png,
themes/redacted /images/quote-left.png,
themes/redacted /images/bg-contact.jpg,
themes/redacted /images/icon1.png,
themes/redacted /images/logo_nolim.png,
themes/redacted /images/sbg1.png,
themes/redacted /images/bg-vector.png,
themes/redacted /images/logo-new.png,
themes/redacted /images/news-image.jpg,
themes/redacted /images/border-footer.png,
themes/redacted /images/30year.png,
themes/redacted /images/bg5.png,
themes/redacted /images/news-default.jpg,
themes/redacted /images/logo_train.png,
themes/redacted /images/sbg3.png,
themes/redacted /images/sbg4.png,
themes/redacted /images/arrows.png,
themes/redacted /images/logo2.png,
themes/redacted /images/price-bg.png,
themes/redacted /images/logo3.png,
themes/redacted /images/ico3.png,
themes/redacted /images/bg10.jpg,
themes/redacted /images/bg-vector-small.png,
themes/redacted /images/favicon.png,
themes/redacted /images/bg-vector-lg.png,
themes/redacted /images/ico1.png,
themes/redacted /images/icon2.png,
themes/redacted /images/bg6.jpg,
themes/redacted /images/bg1.png,
themes/redacted /images/transport.png,
themes/redacted /images/ico2.png,
themes/redacted /images/quote-right.png,
themes/redacted /images/test-bg.jpg,
themes/redacted /images/funded/eu.jpg,
themes/redacted /images/funded/scot-hydro.gif,
themes/redacted /images/funded/leaders.jpg,
themes/redacted /images/funded/Charitable-Trust.jpg,
themes/redacted /images/funded/scotgov.jpg,
themes/redacted /images/funded,
themes/redacted /images/transparent.png,
themes/redacted /images/logo.png,
themes/redacted /images/stamp.png,
themes/redacted /images/sbg2.png,
themes/redacted /images/vc-img.png,
themes/redacted /images,
themes/redacted /description.txt,
themes/redacted /js/wow.js,
themes/redacted /js/jquery-2.2.4.min.js,
themes/redacted /js/isotope.js,
themes/redacted /js/README_JS.txt,
themes/redacted /js/bootstrap.min.js,
themes/redacted /js/jquery-2.2.4.js,
themes/redacted /js/html5lightbox.js,
themes/redacted /js/skins/default/html5boxplayer_volume.png,
themes/redacted /js/skins/default/lightbox-navcontrol.png,
themes/redacted /js/skins/default/lightbox-loading.gif,
themes/redacted /js/skins/default/html5boxplayer_fullscreen.png,
themes/redacted /js/skins/default/lightbox-close-fullscreen.png,
themes/redacted /js/skins/default/nav-arrows-prev.png,
themes/redacted /js/skins/default/html5boxplayer_caption.png,
themes/redacted /js/skins/default/lightbox-next.png,
themes/redacted /js/skins/default/lightbox-navprev.png,
themes/redacted /js/skins/default/nav-arrows-next.png,
themes/redacted /js/skins/default/lightbox-pause.png,
themes/redacted /js/skins/default/lightbox-fullscreen-close.png,
themes/redacted /js/skins/default/lightbox-prev-2.png,
themes/redacted /js/skins/default/lightbox-prev.png,
themes/redacted /js/skins/default/lightbox-play.png,
themes/redacted /js/skins/default/lightbox-navnext.png,
themes/redacted /js/skins/default/lightbox-close.png,
themes/redacted /js/skins/default/html5boxplayer_hd.png,
themes/redacted /js/skins/default/lightbox-playvideo.png,
themes/redacted /js/skins/default/html5boxplayer_playpause.png,
themes/redacted /js/skins/default/lightbox-prev-fullscreen.png,
themes/redacted /js/skins/default/lightbox-pause-2.png,
themes/redacted /js/skins/default/html5boxplayer_playvideo.png,
themes/redacted /js/skins/default/lightbox-next-fullscreen.png,
themes/redacted /js/skins/default/lightbox-next-2.png,
themes/redacted /js/skins/default/lightbox-play-2.png,
themes/redacted /js/skins/default,
themes/redacted /js/skins,
themes/redacted /js/main.js,
themes/redacted /js/script.js,
themes/redacted /js,
themes/redacted /blog-post.php,
themes/redacted 

# concrete5 Cache Settings
Block Cache - On
Overrides Cache - On
Full Page Caching - On - If blocks on the particular page allow it.
Full Page Cache Lifetime - Every 6 hours (default setting).

# Server Software
Apache

# Server API
fpm-fcgi

# PHP Version
7.0.33

# PHP Extensions
bcmath, bz2, calendar, cgi-fcgi, Core, ctype, curl, date, dba, dom, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, imagick, imap, interbase, intl, ionCube Loader, json, ldap, libxml, mbstring, mcrypt, mysqli, mysqlnd, OAuth, odbc, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, PDO_ODBC, pdo_pgsql, pdo_sqlite, pdo_sqlsrv, pgsql, Phar, posix, pspell, readline, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, SourceGuardian, SPL, sqlite3, sqlsrv, standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib

# PHP Settings
max_execution_time - 300
log_errors_max_len - 1024
max_file_uploads - 16
max_input_nesting_level - 64
max_input_time - 60
max_input_vars - 2500
memory_limit - 256M
post_max_size - 128M
sql.safe_mode - Off
upload_max_filesize - 128M
ibase.max_links - Unlimited
ibase.max_persistent - Unlimited
ic24.api.max_timeout - 7
ldap.max_links - Unlimited
mysqli.max_links - Unlimited
mysqli.max_persistent - Unlimited
odbc.max_links - Unlimited
odbc.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
pdo_sqlsrv.client_buffer_max_kb_size - 10240
pgsql.max_links - Unlimited
pgsql.max_persistent - Unlimited
session.cache_limiter - <i>no value</i>
session.gc_maxlifetime - 7200
soap.wsdl_cache_limit - 5
opcache.max_accelerated_files - 32531
opcache.max_file_size - 0
opcache.max_wasted_percentage - 5

It does suggest that Google thinks there is a hacked wordpress plugin, or a mess that’s left by a hole in the plugin that allows file uploads.

Perhaps Google’s index is a result of a 301 redirect from another site that it had indexed and was hacked, to your domain?

You should be able to remove URLS in the google search console, and you can do wild cards so anything starting wp_touch etc can be got rid of fairly quickly.

Agree with @jero about the possibility of someone creating links to your site that Google is following. How does your site handle those requests? Does it respond with a 404 or something else?

Also, your PHP version is pretty low and has been EOL for years. Consider getting up the the latest supported version (7.4.x) which is also EOL, but at least not as old.

Thanks so much for your input lads, really appreciate it

Quick update - This is still happening even though I’ve double checked there is no leftover code from old installs etc. so best guess is this is proxy abuse as Jero suggested.

To answer Myq, the site was redirecting the dodgy URL’s back to my homepage however I’ve now added .htaccess code to 403 any URL’s with a wptouch_switch query string.

I also wanted to use the search console URL removal tool as Jero suggested but got a worrying message: ’ The entire site, and all www/non-www/http/https versions, will be blocked from Google Search for about six months. You can undo this at any time.’

And it only lasts for 6 months so figured it was safer to try stopping the redirects before they happen.

Will try to remember and update again once changes have had time to impact (and not just because future me will have forgotten all this), thanks for reading!

returning the right status code should help. Also, generating a sitemap.xml if you don’t already have one might help as well. If you have one, there is (or used to be) a button to have Google read the sitemap and try indexing the site based on that document.