Rich Owings

Local Search Expert
LocalU Member
Joined
Apr 21, 2014
Messages
716
Reaction score
508
Okay, this has happened to me twice in two days, so I want to see if anyone has any insights to share.

I go into Google Search Console and see a bunch of obviously hacked URLs (pharma related) showing up as 404s. But there is no malware warning and a Sucuri scan shows no issues.

I asked the first client yesterday who told me that yes, the site had been hacked, but it was cleaned up, and they had even moved to a new host. But Google is still coming across these URLs in recent crawls, even though they 404 and have been removed from the site.

Any idea why? And should I be concerned?
 

katandmouse

Member
Joined
Aug 23, 2012
Messages
123
Reaction score
20
I'm dealing with that now. Google should eventually remove those out of its index. You definitely don't want to 301 redirect them, so let them be.

But do check the "sites linking to you" report because there you may find a bunch of spam sites with backlinks to yours. Submit a disavow for those.
 
Joined
Mar 27, 2015
Messages
35
Reaction score
15
I had the same issue a with a WordPress website. What I did was cleaned up all files that had malware code injections (I reviewed each file and changed file permissions (644). I also saw some files that were called emad.html that was added to some of the folders as well. Once I removed all the malware, I added a security software to scan the site daily for any issues moving forward. Once I did that it fixed the issues and did not see any more spam 404 URL's in webmaster tools. I did not disavow the URLS I saw in webmaster. I would curious to see what would happen if you decide to do that
 

Rich Owings

Local Search Expert
LocalU Member
Joined
Apr 21, 2014
Messages
716
Reaction score
508
Thanks for taking the time to share your thoughts. I looked through GSC and didn't find any links from spam sites. I'm waiting to hear back from the webmaster to see if they can uncover anything and will update here if I learn more.
 

JoshuaMackens

Local Search Expert
Joined
Sep 12, 2012
Messages
1,949
Reaction score
579
We had an issue with that.

I would just mark them as fixed. It takes time but they will be removed eventually.
 

Art Unlimited

Member
Joined
Aug 18, 2014
Messages
2
Reaction score
0
We are dealing with this issue right now too on a few websites - no malware warning, Sucuri shows no issues, our programmers cannot find anything. One website we have been battling this issue for well over a year - marking them in GSC as fixed and they just come back. We do disavow all spammy links to the site.

Although Google states that 404 errors do not affect ranking, we have seen on at least 3 websites that once the issues start their organic search traffic plummets. Over time it bounces back, but the GSC 404 errors don't go away. Even after marking them as fixed and resubmitting sitemaps into Google, etc.

Any further insight into this issue? My team has done a lot of research without any clear solution.
 

Tim Colling

Moderator
Local Search Expert
LocalU Member
Joined
Sep 3, 2014
Messages
1,280
Reaction score
703
We have that issue with one client in particular. They came to us with over 6,000 nott-found problems in GSC, almost all 404, and a lot of them were for non-existent URLs on the client's site with pretty awful porn terms. Makes me think that they were hacked at some time long ago, but we're not certain about that. Anyway, that sort of thing accounts for more than 90% of the problems.

In a couple of other forums, we received advice to create 410 redirects for the porn term 404s. I created a few regex-based redirects to do this and then marked the 6000 or so as "fixed" in GSC. Now, months later, we're back up to 3600 or so not-founds in GSC again, with some 404s and some of the 410s.

Did we do the best thing, following that advice?

I would just disavow the URLs that are sending us those porn-term-links, but it's not possible to manually go through the process of extracting that many of them, for often each not-found item is linked to from more than one linking URL.

Does anyone know of a tool that will automate the extraction of those linking URLs so that we build a disavow list from them?

Thanks!
 

CodyBaird

Member
Joined
Jan 4, 2013
Messages
341
Reaction score
126
Hey Rich,

The proper way to deal with pages that no longer exist, or pages you don't want in the index any longer is to use the 410 response. Not a 301 or 302.

I recommend the wordpress plugin called 410 for wordpress to do this simply.

Doing so will remove those pages from the index in days instead of waiting for Google to figure it out.

I had 2 new clients in the past 90 days that were hacked and had between 1500 to 3500 hacked pages created.

We deleted pages. Added 410 to all pages. Updated GSC as fixed. Waited a couple days to be removed from index and a couple weeks for the manual penalty for hack to be removed.

I usually get a message in GSC from Google notifying me that manual actions for the hack have been removed with 14 days after using 410's and adding Wordfence for security.

Sent from my SM-G900V using Tapatalk
 

katandmouse

Member
Joined
Aug 23, 2012
Messages
123
Reaction score
20
Great stuff.

I'll report back now and what we have going on with our own problem. And please tell me what you think of my solution.

This client had a Joomla site using the K2 extension through which hackers got in and placed pages with backlinks to their money pages. They hacked thousands of sites like this, maybe tens of thousands. They then created a link wheel. Site B is pointing to our site which then points to their money site, etc., to put it simply.

The result is my client has over 13,000 BAD backlinks pointing at her.

Her hacked pages are now long gone, but the links still remain in other hacked sites and in robot generated blog and forum comments.

Now to make it worse, most of those bad backlinks are pointing to dynamic variations of her home page url with a userid that keeps changing in the url string. That means there are new urls generated each time. They don't just point to the same one over and over. And the creation of these backlinks is on autopilot. Hundreds of new backlinks are auto-generating every month. The way it looks I may have to disavow forever.

Digest that a moment and you'll get a big YUCCH.

K2 no longer exists on this new Wordpress site, so all those links were either bouncing or redirecting "traffic" to the home page which, of course, was not generating 404s, and so the home page shows over 13000 backlinks pointing at it even though the urls all look different (userid=1, userid=2, etc.) And each time they create new links, they create new userids! So it is a never ending story.

I have a redirect now that is taking all the variations of that url and pointing to a 404 like this:

RewriteCond %{QUERY_STRING} ^option=(.*)$
RewriteRule ^(.*)$ /404? [R=301,L]

And I purposely made that 404 page non-existent so it generates a server 404 to tell Google all those urls, and those to come, don't exist.

My hope is that google would discount the backlinks because they are 404s AND that the 404's would bounce back a message to the hackers to REMOVE her from their wheel of death, assuming they are paying attention with some alert script.

Currently there is only ONE 404 in WT - my 404 page.

I'd love to get other expert opinions if you have them.

Rich if you don't have spammy backlinks, thank your lucky stars!
 

katandmouse

Member
Joined
Aug 23, 2012
Messages
123
Reaction score
20
I should add that when I started, there were about 400 pages in the index. There are now 199, but there should only be about 25. The rest are the non-existent hacked pages.
 

CodyBaird

Member
Joined
Jan 4, 2013
Messages
341
Reaction score
126
Kathy

I haven't developed or re optimized a Joomla site in years. But I would recommend the same advice about using 410 response for all the pages created by the hack.

Hopefully you have a csv or excel sheet with those bad urls still. They will be gone from GSC if you marked them as fixed.

I'm sure that there is a plugin for 410's.

Same goes for security plugins. I have used Securri and Wordfence. I like that Wordfence doesn't send upsell emails and it is my prefernce. I'm sure that Joomla must have an acceptable alternative.

It may go unsaid but site:example.com works well to see which pages Google still has in the index.

Regarding Backlinks & Disavow Tool

I highly recommend following Marie Haynes advice moz.com/blog/guide-to-googles-disavow-tool

Sent from my SM-G900V using Tapatalk
 

katandmouse

Member
Joined
Aug 23, 2012
Messages
123
Reaction score
20
Thanks Cody. I don't think the plugin will help me because of the fact that there is a never-ending stream of new home page url variations, with 13,000 to start with. I don't want to enter all those by hand.

Also I can't even 301 them because of that. Otherwise, I'd have a list of 301's a mile long and building maybe for eternity.

As for the disavow recommendation, same thing applies. I will be disavowing for eternity or as long as the hackers keep autogenerating these unique urls. That is not a good solution, but I am doing it. I just want it to end, and I'm hoping my strategy will do it.

But perhaps I need to 410 instead of 301 in my redirect script. But how? Here's what's there now:

RewriteCond %{QUERY_STRING} ^option=(.*)$
RewriteRule ^(.*)$ /404? [R=301,L]

I don't think I can say make all those 410s because they all land on the home page. Wouldn't that make the home page 410? Or is the server and Google smarter than that?

Or should I redirect them first so they don't point to the home page, and then 410 them? If so, what code should I use for that?

Do you see my logic? I'm attempting to redirect them all to one page, in this case the /404 page. I can make that anything. it can be /badpage. Then if I 410 that page, doesn't that de-index all that were redirecting to it?


Thanks again.
 

CodyBaird

Member
Joined
Jan 4, 2013
Messages
341
Reaction score
126
Direct message me Kathy and I'll give my number if you'd like to discuss in further detail.

Sent from my SM-G900V using Tapatalk
 

Art Unlimited

Member
Joined
Aug 18, 2014
Messages
2
Reaction score
0
I'd prefer to get to the bottom of the issue, so if the client is okay with it, I'd sign them up with Sucuri and let those guys figure it out.

We have worked with Sucuri on multiple sites with this issue and Sitelock on one -- neither company could find anything wrong in the websites. However, the 404s in GSC are still rising. Its crazy.
 

katandmouse

Member
Joined
Aug 23, 2012
Messages
123
Reaction score
20
Sucuri wouldn't find anything wrong. You've already cleaned it up! What you are left with is the same thing we were - automated backlink generation to pages that don't exist. If you can, do what we did. We had thousands of 404s. Now there is only one.

You can see what I did above. Cody recommends using a 410, but I just left it the way I had it because it seems to be accomplishing what I want just fine.


In addition the number of bad backlinks pointing to her site has dropped 2.7K, and I hope that will continue to go down as their machine figures out those links just bounce.

She also is on page 1 in SERPS for 50 important keywords where she was nowhere to be found before.
 
Similar threads
Thread starter Title Forum Replies Date
Linda Buquet Beware Nasty URL Hack on Verified Local Pages Google My Business & Google Maps 7
Linda Buquet Google Reviews: Hacks for Creating Review URL Strings with the New Google+ Local Reviews 33
Amber Robinson New Google Maps URL Structure - Local Penalty Hack? Google My Business & Google Maps 1
Andrew Scherer Hacking QDF with WordPress Plugins Local Content 2
G Reviews Markup showing in Serps for Every landing and store page for eccomerce site - Is this is a hack ? Local Reviews 0
Dana Franks Cleaning Up Hack - Any Way to Clear GSC Cache in Bulk Websites, Software, and Security 2
M SERP showing "this site may be hacked"? Local Search 2
S Does Google penalize you for using the Event post hack to get your post to last more than 7 days? Google My Business & Google Maps 6
CraigJMount Google Maps Photo Hack Google Local 101 13
JoyHawkins Do You File a Disavow for a Hacked Site? Organic SEO 5
D Mike Blumenthal on Dental Hacks - MASSIVE CONFUSION Local Search 5
B Hacked & Lost Rankings Local Search 7
B Hacked website for a long time . Difficult Case Local Search 9
Dana Franks Recovering A Severely Hacked Site Local Search 5
Garrett Sussman 9 Customer Service Hacks to Win Rave Reviews Local Reviews 4
Linda Buquet Simple Hack to Find Backlinks from your Local Competitors Organic SEO 11
HurricaneK8 FACEBOOK Ads Hack Warning: Check your ads accounts! Marketing 5
Linda Buquet 9 Tools & Hacks to Emulate Google Search Location - Since that Setting is Gone Google My Business & Google Maps 23
Dustybones Google Hacked Spam Algorithmic Changes Rolling Out Organic SEO 6
JoyHawkins 15 Local SEO Experts Share Their Hacks Local Search 9
Linda Buquet New Local 3 Pack Advanced Hack PLUS Speculation: New Style Local Page Coming? Google My Business & Google Maps 39
Dustybones Google Hangout: Prevention and Recovery of a Hacked Site Google My Business & Google Maps 4
H Facebook site hacked Marketing 5
Linda Buquet R.I.P. Google Classic Maps - But Here's a Hack that Still Works! Google My Business & Google Maps 13
JoshuaMackens Getting Hacked - Pharmaceutical Hack - Steps For Removal Local Search 8
Linda Buquet Local Citation Cleanup Hack Using the BBB - V8 Moment! Citations 2
G Gmail hacked-cant retrieve pin-my gmail page is in arabic, can't do anythign. Recycle Bin 0
Broland Hack to Check for Google Local Penalties Google My Business & Google Maps 39
djbaxter Google provides videos and articles for hacked site recovery Organic SEO 1
Linda Buquet GoDaddy Hacked by Anonymous - Lots of SMB Sites Down Websites, Software, and Security 3
D Shortcut URL to "Ask a Question" Button Google My Business & Google Maps 6
Toby 39 Celsius Video Schema Ques: Embed URL vs Content URL Local Search 0
pbarnhart Google Search Console Merging UTM'd URLs into Canonical URLs - Suggestions? Local SEO Tools & Software 5
J Unable to change the custom URL link on YouTube for a rebranded business Local Content 2
U Alternative to Search Console URL Inspection Fetch Organic SEO 5
H Updating website and urls are no longer .aspx Organic SEO 2
NickB-Tampa URL is updated in Google My Business but doesn't show up correctly in maps or on Bright Local Local Search 2
Igor GMB Virtual care link auto updates to wrong URL Google My Business & Google Maps 5
F Changes To URL = Suspended Recycle Bin 0
J Using gmb categories in URLs Google My Business & Google Maps 2
I How does URL Shortening sites like Umuly work? Websites, Software, and Security 0
hajnasiewicz Featured Snippet URL (#:~:text=) Local Content 1
djbaxter Bing URL Submissions Plugin For WordPress Websites, Software, and Security 2
vivekrpatel Failed: Crawl anomaly - URL is not available to Google Organic SEO 2
fpaschoal GMB containing Social Media like (Facebook, Instagram, Twitter...) on Website URL Field Google My Business & Google Maps 2
georgebizpro GMB keeps changing business website URL Google My Business & Google Maps 4
M GMB Virtual Care Link - Does the URL have to be on the website? Google My Business & Google Maps 1
C Disgruntled Employee - Redirecting Backlink to a Different URL On My Page Organic SEO 3
K Anybody Ever Seen Inventory Search URL? Google My Business & Google Maps 0
C Website URLs for Multiple locations in Google My Business & Local Citations Google My Business & Google Maps 2

Similar threads

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

Most UpVoted Answers

Trending: Most Viewed

LocalU Podcasts

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Google Product Exert


Top Bottom