I run a medium size commercial website on Joomla, a couple of months ago the site was hacked we think by sql injection. We deleted files restored backups, updated all extensions and changed passwords. Now we have a couple of thousand random pages about viagra in google, the page returns a 404 code, but I need to know if the 404 is correct? Will google and other S/E just drop spidering or do the pages need to return a 410 code?
Hi ecochild, first of all Welcome to WebmasterWorld!
Yes, returning a 404 is OK, Google and other search engines should interpret that correctly. If there are no links to those pages it may take a while before the search engines have found all those return codes, because spidering frequency is often a function of the popularity of a page. To speed things up in Google, you can go to Webmaster Tools and mark those specific URLs for deletion from the index.
Prevention is better than cure. So preventing your website is an smart option. Prevention tips include keeping your site updated with the latest software and patches, creating an account with Google Webmaster Tools to see what's being indexed, keeping tabs on your log files to make sure nothing fishy's going on, etc.