JoshuaMackens
Member
- Joined
- Sep 12, 2012
- Messages
- 1,975
- Reaction score
- 592
So, normally I might write a blog post about this but I don't have the time. However, this does need to be cataloged so that if someone runs into this same issue, you have some documentation on what to do.
If this had already been out there when I had this problem, it would have been fixed a month and a half ago.
A client of mine was hacked about a month and a half ago. Their website was infiltrated, about 1,250+ pages about viagra, cialis, and levitra (sp?) were uploaded, and then I found over 5,000+ backlinks from 700+ websites through webmaster tools.
I don't know why we were targeted. It may have been a negative SEO attack (most likely) or I guess, it could have been done to use our website to manipulate someone else's ranking. However, I found no evidence of hyperlinks on the manufactured pages on our website linking out to anyone else. So, if anyone else knows a reason for this, I'm all ears.
Anyways, if this happens to you, it sounds worse than it really is. The clean up is actually quite simple, even if it is somewhat time consuming.
The first thing you need to do is clean up your website.
1) Get rid of the offending pages. Luckily for me, they uploaded them all to the subdirectory domain.com/wpsite/. I was able to go in, delete just the directory, no problem.
2) Once cleaned up, update WordPress, update all plugins (if on WordPress), change admin password (consider even creating a fresh new admin account), etc. You may even want to consider changing ftp/cpanel password as well. You just want to try to close any major loopholes you can that might allow the offenders back in.
If someone else wants to chime in on any other possible loopholes, please feel free.
3) After you've done this, it's time to blast the backlinks.
If you caught it soon enough, webmaster tools should have a report on all of the backlinks. Go to webmaster tools and download the latest sample of backlinks. Put it in an excel file and do some sorting.
The sorting method I went through took me about 30 minutes to sort through 5,000'ish backlinks. I used excel and I was very happy (accuracy-wise) with the results. Again, I don't have a lot of time today to explain it but if this does happen to someone and you're interested in the method, just reply to this thread and I will post how I went about it. It's not a secret and it's certainly not complicated, I'm just crunched for time. No sense in doing it now if no one ends up needing it
Once you have an exhaustive list of the offending backlinks (IMPORTANT: don't catch good backlinks in the process!), go ahead and disavow them.
When it comes to disavow, I disavow entire domains. Doing just backlinks is time consuming and disavowing domains would cover any future attacks from that domain as well. 2 birds, 1 stone.
4) Finally, once you do that, you need to get Google to take the pages out of their index. What would be really nice is if you noticed the attack before Google did.
Do a site:domain.com in Google and if you don't have any of the pages in the search results, congrats! You're pretty much done. You can check "content keywords" in GWT just to make sure nothing is wrong but you should be good (if viagra, cialis, levitra, etc. is in your content keywords, Google picked them up and you will need this next step).
However, if you were like me and Google did pick up the offending pages, we have to get Google to deindex them.
There is a tool in Google Webmaster Tools called "Remove URL's" under "Google Index". This tool allows you to request a page on your site be removed from the index. It has to be approved but in my case, the requests were approved within 24 hours.
If you have 1,000+ pages, you're in for a long manual process. I would suggest hiring someone on Odesk to manually do that for you. However, if you're "lucky" and all the pages are in a subfolder, you can actually request Google remove the entire subdirectory itself by using the same tool and just typing in the subdirectory. CAUTION: make sure not to remove good pages!
That's it!
As for my story, I did everything above within 2 weeks of the hack except for the index removal. I expected Google to see the 404's and drop them from the index immediately. Even after a month, they had not.
So, yesterday, I requested the subdirectory be removed from the index and voila! Today I check with a site:domain.com and all of the pages are gone!
Even better, I checked our ranking today and we went up about 10 spots across the board for our main keywords.
Talk about results.
Happy hacker busting!
If this had already been out there when I had this problem, it would have been fixed a month and a half ago.
A client of mine was hacked about a month and a half ago. Their website was infiltrated, about 1,250+ pages about viagra, cialis, and levitra (sp?) were uploaded, and then I found over 5,000+ backlinks from 700+ websites through webmaster tools.
I don't know why we were targeted. It may have been a negative SEO attack (most likely) or I guess, it could have been done to use our website to manipulate someone else's ranking. However, I found no evidence of hyperlinks on the manufactured pages on our website linking out to anyone else. So, if anyone else knows a reason for this, I'm all ears.
Anyways, if this happens to you, it sounds worse than it really is. The clean up is actually quite simple, even if it is somewhat time consuming.
The first thing you need to do is clean up your website.
1) Get rid of the offending pages. Luckily for me, they uploaded them all to the subdirectory domain.com/wpsite/. I was able to go in, delete just the directory, no problem.
2) Once cleaned up, update WordPress, update all plugins (if on WordPress), change admin password (consider even creating a fresh new admin account), etc. You may even want to consider changing ftp/cpanel password as well. You just want to try to close any major loopholes you can that might allow the offenders back in.
If someone else wants to chime in on any other possible loopholes, please feel free.
3) After you've done this, it's time to blast the backlinks.
If you caught it soon enough, webmaster tools should have a report on all of the backlinks. Go to webmaster tools and download the latest sample of backlinks. Put it in an excel file and do some sorting.
The sorting method I went through took me about 30 minutes to sort through 5,000'ish backlinks. I used excel and I was very happy (accuracy-wise) with the results. Again, I don't have a lot of time today to explain it but if this does happen to someone and you're interested in the method, just reply to this thread and I will post how I went about it. It's not a secret and it's certainly not complicated, I'm just crunched for time. No sense in doing it now if no one ends up needing it
Once you have an exhaustive list of the offending backlinks (IMPORTANT: don't catch good backlinks in the process!), go ahead and disavow them.
When it comes to disavow, I disavow entire domains. Doing just backlinks is time consuming and disavowing domains would cover any future attacks from that domain as well. 2 birds, 1 stone.
4) Finally, once you do that, you need to get Google to take the pages out of their index. What would be really nice is if you noticed the attack before Google did.
Do a site:domain.com in Google and if you don't have any of the pages in the search results, congrats! You're pretty much done. You can check "content keywords" in GWT just to make sure nothing is wrong but you should be good (if viagra, cialis, levitra, etc. is in your content keywords, Google picked them up and you will need this next step).
However, if you were like me and Google did pick up the offending pages, we have to get Google to deindex them.
There is a tool in Google Webmaster Tools called "Remove URL's" under "Google Index". This tool allows you to request a page on your site be removed from the index. It has to be approved but in my case, the requests were approved within 24 hours.
If you have 1,000+ pages, you're in for a long manual process. I would suggest hiring someone on Odesk to manually do that for you. However, if you're "lucky" and all the pages are in a subfolder, you can actually request Google remove the entire subdirectory itself by using the same tool and just typing in the subdirectory. CAUTION: make sure not to remove good pages!
That's it!
As for my story, I did everything above within 2 weeks of the hack except for the index removal. I expected Google to see the 404's and drop them from the index immediately. Even after a month, they had not.
So, yesterday, I requested the subdirectory be removed from the index and voila! Today I check with a site:domain.com and all of the pages are gone!
Even better, I checked our ranking today and we went up about 10 spots across the board for our main keywords.
Talk about results.
Happy hacker busting!
