|Google penalty for domain theft? - parasite subdomain on my site!|
| 9:11 pm on Mar 16, 2007 (gmt 0)|
My site, like a lot of others, up until March 2 had good rankings for most of my keywords in Google. Then all the sudden, I am listing #250 for some things, listed only in supplemental results for a whole section of my products, and remaining the same for other keywords, no evil eye. I have lost 50% of my traffic due to this, and my sales are half what they could be expected to be at this time of year. My site is a shop that has been online for six years with good rankings in Google and Yahoo for the past two years. It's not very sophisticated, nor am I when it comes to SEO. After this, I went about adding content to pages and so forth, and I also came over here and read about Google and found the thread about the 950 penalty.
One of the remarks was that people should check their www vs. non-www presence in Google. I had never compared them, and I find 470 www.example.com pages listed, as usual, but 50,000 non-www. Good grief. And I find that the huge majority of that 50,000 is a subdomain, pill.example.com, and they are selling bogus prescriptions for pills or the pills themselves, I couldn't tell. The site redirects to a scraper site about these types of sites. I look and see that the cache was done for these pages in early March. Hmmm.
I was very upset and contacted my tech support at my webhost, because my understanding was that pill.example.com would be a subdomain of example.com, and I had not created any subdomains, given my password to anyone, and don't have any employees who might have done this. So how was it possible? I was not able to check the ownership of the subdomain in whois, because it just gave an error when I tried.
My tech support people got back to me this morning, and it turns out that another customer of theirs figured out some hole in the netadmin interface that allowed them to create subdomains on other people's domains and spawn these pages. They terminated the account and patched the hole(s).
I asked them if they thought perhaps my massive loss of ranking in Google might be the result of this exploit. They were not sure, said I'd have to ask Google.:) Since apparently I can't do that and expect any response, I have come to ask you all.
The only reason I could think of for my massive loss in Google was because I had not updated the site much in the past month. I was busy moving. Now I am wondering, though, if this exploit contributed to my loss or even constituted the entire reason for it. Anyone?
[edited by: tedster at 2:24 am (utc) on Mar. 17, 2007]
[edit reason] use example.com - it will never be owned [/edit]
| 1:30 am on Mar 17, 2007 (gmt 0)|
Ouch! That certainly had to hurt you with Google.
I would open up a Webmaster Tools account (if you don't already have one) and send a note explaining the situation through the "reinclusion request" fuction there. o, you may not get a personal reply, but still, many people find this helps speed their recovery.
Dastardly type of parasite hosting there!
| 1:48 am on Mar 17, 2007 (gmt 0)|
Could you share some more information on the patch? Was it an apache server? Etc....
| 1:58 am on Mar 17, 2007 (gmt 0)|
I've seen a similar thing (end effect) with DNS poisoning
| 2:19 am on Mar 17, 2007 (gmt 0)|
That DNS cache poisoning is also insidious, especially when they only siphon off 10% of the traffic. Both these techniques are the darkest of black hat - because they don't just break Google's guidelines, they are out-and-out theft.
|Could you share some more information on the patch? |
If you got the time and information, please do. I've never run into a parasite subdomain before, but I'll bet there's more of them around, and you could help a lot of people. Was the thief sharing an IP address with you?
There's already one big take-away here: use the site: operator without the "www" from time to time, if you don't already do that.
| 6:31 am on Mar 17, 2007 (gmt 0)|
The shame of this is there is no prosecution of the act. As Tedster said..this is out and out THEFT! These people should be prosecuted and jailed! Of course, that is not going to happen...but it is nearly as bad as home invasion. It is burglary..out and out!
The real shame is that the server was not protected and was obviously cross patched thru a cpanel. This is an obvious problem. Correct me if I am wrong but I bet you were on virtual hosting with a cpanel access.
| 4:08 pm on Mar 17, 2007 (gmt 0)|
My (former) web host did this to one of my sites. They said they turned off canoncial something or other, which corrected the problem. My point being the web host might have done this to you but is not fessing up to it and, instead, indicating that it was another client. The site that was piggybacking on my domain was a PHPBB forum. Another site of mine had the same problem because I put my son's add on domain under it and he added a PHPBB forum.
It took 3 days for Google to delete the other sites once I sent the removal request. It's only been a day since the removal. So far that only brought one more page (for each site) into the main index. The forums' home page was the only non-supplemental of the forums' pages.
| 5:19 pm on Mar 17, 2007 (gmt 0)|
I don't understand the rationale for saying my webhost did this to me. They are a huge business with over a million sites hosted; I don't think they need to screw around with creating bogus prescription drug sites.
It is an Apache server, and it is virtual hosting. I don't think I know enough about webhosting to be needing dedicated hosting. I can't even get an htaccess file to work.
I don't know what kind of patch they used. They didn't say. There is a place on the netamin panel where you can go and add a vanity domain (a subdomain). According to them, the person doing this had to go through a number of steps past that to do this and had to know that my domain was hosted on the same webhost. This makes me wonder if I actually know this person.
I did register for Google webtools but feel wary of asking for a reinclusion. Would this not mean they would remove me entirely and then put me back? I remember reading on here somewhere a while back about someone who asked to be removed and put back and didn't get put back for six months. My business could not survive six months of no Google at all. Even now it is taking a beating. However, Googlebot has been crawling more pages every day, and I am coming back on a couple of keywords.
The one thing good about this is that it has made me finally start working on things to get some independence from Google Search--and other search engines, for that matter. I have been advertising in print media for a while, but now I will redo my catalog and even sell some stuff on ebay as well as work harder on my book. However, I hate to say it but I also am spending more on AdWords just to get noticed for items where I was previously in the top five and then Google stuck me in supplemental on page 10. But they are very focused ads and costing less than a dollar a day.
Has anyone else done the reinclusion thing? How long did it take to get reincluded?
| 5:58 pm on Mar 17, 2007 (gmt 0)|
It sounds like our situations are different. My web host was a small company. Also the site attached to mine was about an innocent subject (ie not about purchasing pharmaceuticals online). It was also on an Apache server using virtual hosting.
On Google's "removing my content from the google index" page, there is an option after all the other options that says "automatic url removal system". This is where you can submit just the bad URL(s). It doesn't take your whole site out of the index, just the pages you submit.
| 12:48 am on Mar 20, 2007 (gmt 0)|
Tedster, I took your advice after mulling it over and did a reinclusion request to Google this weekend, explaining what had happened. Haven't heard back. So far, the bot has been crawling a few more pages each night, now covering about half, up from 2% two weeks ago.
I also found that the bogus subdomain pages were redirecting to a scraper site. I wrote to the scraper's webhost last night, and today he is toast. I am savoring this greatly.
Because of this issue, I discovered I ranked #1, no evil eye, for some phrases I had no idea about. That was nice to find out, and it made me see a direction in which my business can grow.
| 7:42 am on Mar 20, 2007 (gmt 0)|
HRoth. Sorry to hear about this.
The Google request should help. There is usually low risk in asking them to help via webmaster tools if you have explained the situation well enough. I'm sure they have heard of this type of theft this more than once!
Make sure all bad subdomain pages show return a '404 not found', using a page header checker.
Be vigilant in terms of using site: and chasing down scrapers for your content, search Google using unique text phrases from your pages in quotes.
Wishing you luck.
| 6:28 pm on Mar 20, 2007 (gmt 0)|
A site got penalised because of spammy subdomains?
Watch out, blogspot. You're an inch away from being deindexed! ;-)
| 8:09 pm on Mar 20, 2007 (gmt 0)|
Ouch, hopefully the issue will be resolved soon.
| 1:01 pm on Mar 28, 2007 (gmt 0)|
Just wanted to let folks know, in case anyone ends up in this situation in the future, that apparently the reinclusion request worked. All of the 7000+ bogus subdomain listings have been removed from Google, and most of my keywords are back, no evil eye. Yesterday I had 50% more traffic than any other day in March, and it was in keeping with what my traffic is usually like during this time of year, which is my busiest. So thanks, Tedster, for recommending the reinclusion request.
| 1:20 pm on Mar 28, 2007 (gmt 0)|
I would think you could seek damages from your web host for allowing this to happen. But for your web hosts negligence you would not have lost 50% of your customers. I'm not saying you should sue the, but you have obviously been hurt financially and its their fault for not having their software up to date and admined correctly.
I know if this happened to my store and my sales dropped by 50% I would be pissed. Especially if its your livelihood. Only thing is that it might be hard to prove the link between the parasitic domain and your loss of Google traffic.