A)

Clean up, lock down then a).

as per conor

Clean up, lock down then a).

Hmm ok so everyone is one A. I want to do this to but:

My only question on that is why would google want to read a recon request for a site that does not even have a penalty yet? And what can they do about a site that just thinks its going to get a penlaty for this? There is nothing to lift?

maximus12 send nothing to Google until you see a filter. You will most likely not be under a penlaty but a filter and there is a big difference. Doesn't make sense to ask for a review when your in the index. Like crying wolf when there isn't a wolf.

Wait till you see something before sending in the request.

My only question on that is why would google want to read a recon request for a site that does not even have a penalty yet?

They did report that you had 75,000 links, and it's probable they'd noticed the 80 doorway pages.

Let them know that you saw the report in WMT, that you realized you were hacked, cleaned things up, and that you hope that there's no problem because of this. Thanks Google for alerting us to the links.

bwnbwn,

Thanks for that comment? This is what I was initially thinking, but everyone here recommends that I go ahead and do option a). The hacks and doorway pages have been removed but they were live for about 4 days so they are already cached in Google and the backlinsk in my WMT show over 73,000. I thought that warning Google (by doing a recon) that this happened might prevent them from giving me a penalty?

Let them know that you saw the report in WMT, that you realized you were hacked, cleaned things up, and that you hope that there's no problem because of this. Thanks Google for alerting us to the links.

Wow I am really confused now. This was my intention, to tell google. Everything is clean now and I want to tell google what happened by doing a recon but as bwnbwn said, "Like crying wolf when there isn't a wolf"

they are already cached in Google and the backlinsk in my WMT show over 73,000

That sounds like a wolf to me ;)

I'd go with A - it cannot hurt you, unless you don't want a manual inspection of your site.

There are many sites who get hacked every day and get abused.

1. Clean up (immediately)
   
2. make sure the hackers can't get back in the same way (immediately)
   
3. harden all of your server and scripts (soon, and continue doing this "forever" staying one step ahead of the hackers)

Google is used to seeing sites getting hacked, they also know what a fast cleanup is and will appreciate it. Don't get hacked too often or they'll feel not so confident sending their users to you.

I'm not sure either way about contacting them. I'm very sure about hardening your stuff.

swa66

Thanks for the tips. In your honest opinion, would you do option a or b

I read one guide to hack recovery and I was surprised at just how many steps the author had to take, not even counting changing hosts. So my advice would be don't file that request before you're on top of all of the more urgent security tasks.

[edited by: tedster at 10:42 pm (utc) on Nov. 3, 2009]
[edit reason] remove specifics [/edit]

The main reason I would suggest filing the Reconsideration Request is all those spammy backlinks that were auto-generated overnight. I would get the message over to the 'plex that you want no part of them.

I assume, however, that those links all point to the pages that you nuked, so that should also help avoid troubles. But I'd still get it "on record" and into the very l-o-o-o-ong memory that Google is known for. You may well not see a penalty or filter at this time, since you cleaned it all up - and then this incident begins to fade from your mind. Off in the future, some little data bug at Google could kick in and have you scratching your head about why your rankings suddenly disappeared.

Again, I can see no downside to filing the request.

If you have a suspect, I'd at least return the favor by 301-ing their 'links' to them.

hi maximus12,
Is your site ranking in google SERPs is showing "This site is harmful to your compuer"?

I have been through this situation few times when this type of attacks were not very common few years ago.(Atleast we did not knew about it at that time).
Now a days i can see it happening very often.

Few of the sites of our clients were hacked and it showed in google SERPs as "This site may be harmful to your computer".
We removed all the suspicious material and restored the pages. We had to try 3-4 times before we could fully protect the site from recurring attacks. (Site was really big with lots of coding over the years).

Every time we cleared the bad contents from the site we used to send Reconsideration request through WMT.

We have never faced any bad effect for this.

So I will recommend if it is showing in WMT as site is having harmful contents or something like that. Then you clear the site and put a recon request through WMT.
In my experience there is no adverse effect.

Also if you put the request through WMT the action is taken very fast (normally within 24 hours as per my experience) and even SERPs are cleared of "Site is harmful" tag from your site's ranking.

Thanks
Rajiv

Rajiv , No we did not get this error "This site is harmful to your compuer". This situation is different as it evolves a hacker creating doorway pages on our site and spamming our links out to other sites...

BTW everyone, we know jumped from 75,000 back links to 212,000

This is sometimes called "parasite hosting" and it is a very destructive spammer tactic. It works for them for a short time - that's all they want or expect - and it can leave the website itself with a penalty for hosting those spammy pages.

Mamximum, ok sorry i did not understand the issue fully and correctly. Let us know what solution you come out with.

Thanks
Rajiv

a) Go ahead and send in a recon request now and explain to google what happened?

A, with a twist... I'd ask a question or two even knowing I'm probably not going to get a reply.

This is what happened... blah...
This is what I've done to fix it... blah...

If you want or need to have a look at my site, go ahead, it's:
www.example.com

Is this something I need to worry about since I've reversed the situation and do not see a penalty / filter yet, or is the fact I've fixed the issue enough?

What's the best way to handle this? 404 the pages? 410 the pages? What if they go to live pages on my website, so I cannot do either, is there some way I can notify you our site did not ask for or endorse certain inbound links in GWT without completing a re-inclusion request, like a 'remote nofollow' tag, so I can easily tell you to just discount them while I work on getting them removed?

(Then I'd redirect all the inbound links to Google and see if they slap themselves with a penalty. LOL :)

This is what happened... blah...
This is what I've done to fix it... blah...

This is exactly what I am doing an preparing. Planning on sending the recon request out today. But stragnely enough after 7 days of this happening my rankings are still where they were before this happened..

< moved from another location >

Last month someone built about 5000 spam links to one of my sites, which is more than the site had altogether before that. The links are surrounded with other links to pharma and other nasty sites and sometimes contain keywords that I could be targetting, but had not been.

The site has not been penalized yet; in fact, I have seen a nice increase in traffic.

I understand that I can file a reinclusion request if I get penalized, but my question is, what can I/should I do before that happens?

[edited by: tedster at 5:46 am (utc) on Nov. 15, 2009]

As you can see earlier in this thread, there are differing opinions. My own view is to file right away and get it on record with Google. Part of my reasoning is that trust calculations seem to run a lot less frequently than ranking changes. If you wait until whatever week a penalty kicks in, you don't look nearly as "clean" to a human reviewer.

Thanks for the reply (and sorry for not finding this thread in the first place).

I think I'll go ahead and file, and take my chances with a human review. My backlink profile wasn't squeaky clean before this though, but I don't think it is too bad.

The other question is would there be any point in trying to find who did this? It must be someone in the same niche as me, so I guess I should see who would benefit by this.

Matt Cutts has now given his video response to this question - see this video [youtube.com].

As a quick summary, Matt says that if you catch and fix the hack pretty quickly, and if your rankings are still fine, then you "might" not need to submit a reconsideration request.

I recently had to to this myself.
We moved our servers and I accidentally blocked some of googlebot (the ones that run stealth got a 403). I hadnt seen a penalty yet because of it. I went ahead and put in a reconsideration request and told them what had happened. The day after putting in the request I saw that WMT was showing some of the 403 errors in their crawl stats.

Not sure if I averted a penalty, fearing that they might think we were cloaking, but we havent missed a beat in the rankings.