Welcome to WebmasterWorld Guest from 54.158.80.117

Forum Moderators: Robert Charlton & andy langton & goodroi

Message Too Old, No Replies

Dealing with Malicious Inbound Links

     
10:52 am on Jul 10, 2009 (gmt 0)

New User

10+ Year Member

joined:Nov 18, 2005
posts:40
votes: 0


Webmaster Tools is showing almost 40 000 inbound links to my site, from web sites that have been hacked/compromised. These hackers used anchor text for various pharma products and added on a query string to a dynamic page on my site.

I need google (and other search engines) to remove their recognition of these Inbounds.

My site is hosted on a MS Server platform. An example of one of these inbound links from a hacked site looks like this:

<a href="http://www.example.com/vacationDetails.asp?vacationid=983134885&#38;atTop=1">valium online</a>

< example.com is my site >

I am reluctant to disallow these URL's in the robots.txt file, as this would be tantamount to admitting that they even existed. I don't want to create a 301.

Any advice on how to deal with this type of malicious external link would be greatly valued.

[edited by: Robert_Charlton at 5:40 pm (utc) on July 10, 2009]
[edit reason] changed to example.com - it can never be owned [/edit]

7:17 pm on July 10, 2009 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:11764
votes: 270


Optimus - Take a look at this discussion for some background on your question....

Can Others Hurt Your Rankings - Part zillion...
[webmasterworld.com...]

If you have WMT, it might be prudent to file a reconsideration request to advise Google that you have nothing to do with these links.

7:33 pm on July 10, 2009 (gmt 0)

Full Member

10+ Year Member

joined:Oct 26, 2004
posts: 319
votes: 0


How about using .htaccess or the targetted script itself to return a 410 or 404 error for any such requests?

That way, the the SE's see that the links are dud and penalise the linking sites, instead of yours.

7:53 pm on July 10, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


In fact, best practice indicates that your script should already return a 301 or 404 for any query that does not correspond exactly to a valid entry in your database. If you fail to do this, then anybody can point any bogus link at your site for any reason (as these leeches have done here).

It's not clear from your post, though, whether there is anything actually wrong with that requested URL. If not, then all you can do is deny access by referrer and make sure that your site doesn't contain any instance of any of their targeted keywords.

Jim

11:47 am on July 11, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 27, 2003
posts: 1648
votes: 2


... and - are you 100% sure you haven't been hacked and Google is actually getting content on these pages? The types of content you don't want anywhere near your site. Don't forget to look for cloaking! Google's cache is the simplest place to check.
8:15 am on July 13, 2009 (gmt 0)

New User

10+ Year Member

joined:Nov 18, 2005
posts:40
votes: 0


Thanks for replies, Robert and others. Our site was actually hacked in March. After weeks of failed intrusion attempts, hackers eventually found a vulnerability in one area of our database and posted hidden pharma links. Since we were already aware that intruders were mounting an onslaught on the site, we were able to quickly remove their cr*p and secure the database vulnerability they had exploited (within 8 hours).

When I noticed this multitude of inbound links from hacked sites in WMT five days ago, I immediately filed a reconsideration request, explaining that I had nothing to do with this. No reponse as yet and the links are still logged in my WMT.

Although the query strings the hackers used was returning a message that the requested URL was invalid, I have since altered this to return a proper 404, so there can be no ambiguity to confuse googlebot.

Thanks again for the advise...