| 12:21 am on Mar 27, 2009 (gmt 0)|
|I also performed a site:example.com search to see indexed pages and found over 1,870 pages |
I'd start right there. Your server must be performing the redirect, so your server has been hacked. Find and fix that problem.
| 12:23 am on Mar 27, 2009 (gmt 0)|
This site is hosted by a reputable hosting company...Do I contact them? How do I go about addressing and fixing this?
| 12:25 am on Mar 27, 2009 (gmt 0)|
Also, the example.com/redirect-pages.phtml do not appear on the server when I login to the FTP site...
Thanks for the help.
| 12:39 am on Mar 27, 2009 (gmt 0)|
If those urls get redirected when a browser requests them, they are redirected by your server. Check for a hacked .htaccess file, perhaps?
Yes, your hosting company may need to get involved, because you not only want to revert to the un-hacked version of your files, but you want to fix the security hole that allowed the hack to happen in the first place. If it's as simple as someone got your password, then changing your password is the fix. In my experience many hosting companies would like to tell you that and then have the whole thing to go away.
But there's a good chance that something about your hosting platform is out of date and recent patches are not yet installed. If you cannot update your server software yourself, then your hosting company will need to do it.
| 12:47 am on Mar 27, 2009 (gmt 0)|
And from what I've described above does that seem like the culprit? For my own research purposes, what would this type of attack be called? Is there a general way to protect against this?
If this is resolved, would it be something that we can recover from? Would a reinclusion request be necessary?
Also, as I stated, Yahoo and MSN rankings seem unaffected.
| 12:55 am on Mar 27, 2009 (gmt 0)|
OK, just found some files in a folder on the site that were not put there by me. I tried to delete them and they stated:
550 Could not delete package.php: No such file or directory
| 12:58 am on Mar 27, 2009 (gmt 0)|
Before you can name the hack you've got to find it - then you can describe what happened. Yes, you may need to do a reconsideration request. It can't hurt and it could accelerate your recovery in the rankings.
See this discussion for lots more: How Hacked Servers Can Hurt Your Traffic [webmasterworld.com]. It can always be referenced in the Hot Topics area [webmasterworld.com], which is always pinned to the top of this forum's index page.
| 1:09 am on Mar 27, 2009 (gmt 0)|
What now is that you go to your host. How did these files get there? How can we prevent this from happening again?
You've obviously been hacked. More likely your server's been hacked and you just happened to be in the wrong place at the wrong time.
Make them fix it or find better hosting.
| 1:11 am on Mar 27, 2009 (gmt 0)|
In fact I'd go ahead and lose that host anyway...
| 1:30 am on Mar 27, 2009 (gmt 0)|
Try changing the name of the folder so the path is broken
| 1:44 am on Mar 27, 2009 (gmt 0)|
Calling them now! Thanks...
Can someone tell me what causes Google rankings to drop if my landing pages that have ranked so well for ages are still "relevant" to the search query? Is it a penalty of some kind for linking to spammer sites?
| 2:06 am on Mar 27, 2009 (gmt 0)|
That's a good assumption.
| 3:29 pm on Mar 31, 2009 (gmt 0)|
update: a script was installed somehow in a folder on our site that caused Google to see us with spammy redirects. We cleaned them up, tightened the chmod settings and I submitted a removal request to remove this folder from index (it's only a form, not a landing page).
Now our rankings are toggling between the positions we had and #9 or further. How long should I expect this alternating, almost daily fluctuations? Should a reinclusion request be submitted, or is that overkill at this point?
| 3:36 pm on Mar 31, 2009 (gmt 0)|
If you found and cleaned up a server hack - and took steps to prevent future hacks - I would definitely submist a reconsideration request and include those details. It can't hurt, and it may speed your site's recovery.
| 5:20 pm on Apr 1, 2009 (gmt 0)|
Done, will keep you posted of the time frame for recovery.