Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

Site dropped from Google index - due to XSS code?

         

SilverLining

4:03 am on Sep 16, 2010 (gmt 0)

10+ Year Member



In August we discovered malicious code on our site (still have no idea how it got there). I researched the XSS and found at the time that GoDaddy sites were hacked with the same code, but I was not 100% whether our site was on GoDaddy.

Our service provider did not accept any responsibility and only suggested that we move the site to another server. In the end I found out that the site was not hosted on GoDaddy.

I cleaned up the code and then moved our site to a friend's server. Since then my friend has moved the site two or three times to test which server serves the site at the best speed.

Last night I had a meeting with our SEO company (yes, I pay for the service) and the guy said that our site has fallen off Google SERPS. The last time our site displayed in Google was July. Google is still crawling our website, but a search for site: sitename, returns no results. I was told that Google has given no reason why the site is not indexed. Webmaster tools does not show any errors.

My first question is whether Google will de-index a site due to XSS? This is the assumption, but then I would expect the site to be re-indexed once the malicious code has been removed. How long will the re-indexing take?

Would moving a site around 3 or 4 times possibly have the de-indexing affect? How can I check whether the current server where it is hosted is possibly black-listed? Lastly is there a way to see if someone purposefully deleted our results from Google - is this kind of attack possible?

Our website still appears in Bing and Yahoo results.

I would appreciate any advice regarding this matter. Thanks.

SilverLining

12:37 pm on Sep 16, 2010 (gmt 0)

10+ Year Member



One more thing.. It was suggested to me to register a new domain, develop a new site and see how things go. Then get rid of the old site once the new domain starts doing well.

tristanperry

1:36 pm on Sep 16, 2010 (gmt 0)

10+ Year Member



Test your site here:

[google.com...]

Just append your site/its domain to the end.

Answering your questions one by one (I'm not an expert at these sorts of things, but I'll try to help):

>> My first question is whether Google will de-index a site due to XSS?

Yep, I think they would. I'd imagine that Google would pick-up on this.

>> How long will the re-indexing take?

Once you are 100% sure that all the malicious code is removed, fill in a Google reconsideration request:

[google.com...]

>> Would moving a site around 3 or 4 times possibly have the de-indexing affect?

I doubt it; people (especially those on shared hosts) can sometimes move hosts fairly frequently. Still, I'd try not to move anymore since (to partially answer your next question), I doubt that Google would blacklist an entire server.

>> How can I check whether the current server where it is hosted is possibly black-listed?

There's no easy way as far as I know. One thing you could try is to find your website's/server's IP address (ask your host if in doubt), then search Bing for:

ip:[server IP here]

And this will give you the sites hosted on your server too. If they are all really spammy and blacklisted, this might be a reason. Although to be honest I doubt it, since Google would (I imagine) know that good sites might move to a new host which might have some bad websites, etc.

>> Lastly is there a way to see if someone purposefully deleted our results from Google - is this kind of attack possible?

Nope, I wouldn't imagine it's possible. Assuming your robots.txt and all doesn't block the search engines, I'd imagine that it's the XSS code that is the cause here.

>> Register a new domain

I'd personally try the above first and foremost. I.e., ensure there's no XSS, check via the Google safe browsing tool, then submit a reconsideration request.

Starting again would take months (to start building SERP strength again) and it's hopefully not necessary. Do this as a last resort :)

SilverLining

3:54 pm on Sep 16, 2010 (gmt 0)

10+ Year Member



Thanks for all your answers, tristanperry.

Here are the results from the link you provided:

What is the current listing status: This site is not currently listed as suspicious.

What happened when Google visited this site: Google has not visited this site within the past 90 days.

Has this site acted as an intermediary resulting in further distribution of malware: Over the past 90 days, ... did not appear to function as an intermediary for the infection of any sites

Has this site hosted malware: No, this site has not hosted malicious software over the past 90 days.

The SEO guy told me that they already submitted our site for reconsideration, but they only noticed that Google had not indexed the site about at week ago..

With regard to your comment
I'd personally try the above first and foremost

I found that a bit ambiguous - thought you were suggesting that I "Register a new domain" first, but I see you mean otherwise :)

Thanks for taking the time to comment.

tristanperry

4:30 pm on Sep 16, 2010 (gmt 0)

10+ Year Member



Good to see Google haven't picked up on any malware. It is odd then, although it probably still is due to the XSS attack (thinking about it now, XSS and malware are technically different, so maybe Google picked up the XSS but simply don't report it via the malware checker or Webmaster Tools)

I've read that reconsideration requests can take several weeks (if you Google "How long do reconsideration requests take?", you'll see some links which Google employees have answered this question), so for now I'd probably just wait a bit. Try adding some fresh content and getting some new backlinks, but don't worry too much yet.

If in 5-6 week's time your site still isn't back, then consider registering a new domain and moving things over.

Best of luck :)

bwnbwn

6:27 pm on Sep 16, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Would moving a site around 3 or 4 times possibly have the de-indexing affect?
Well actually yes it would. Why? If not done correctly how does Google know were the site is. What I mean is lets say your site is on IP 67.55.55.55 and your move it from that ip to the next ip. If you didn't leave the site up on the last ip until the DNS had completed the net, but just moved the site to 124.33.333.33 Google would hit 67.55.55.55 and get nothing. Now Google bot picked up 124.33.333.33 ip address and again the site is moved yet to another ip so you see the picture.

Now if you retained the same IP then that is different, but from the read this is not said.
I would go back and see what was done from the first move to the last and how it was done. Was the site left up on the old server to make sure the Google Bot had picked up the change in each move if the ip's changed. If the ip never changed then this isn't an issue if they did then it could be if the steps to move a site are not followed correctly.
[mattcutts.com...]

jimbeetle

6:46 pm on Sep 16, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Agree with bwnbwn if the IP changed. I've seen situations where it might take Google a few days to a week to sort out new sites or moved sites. It doesn't happen that often, just often enough if you're looking for it.

I've seen it most often on shared IPs where G might serve results for one domain from a different domain. Less often I've seen it get confused when a new site is assigned a recently used static IP.

SilverLining

9:24 am on Sep 17, 2010 (gmt 0)

10+ Year Member



Ok that makes sense, thanks. So, once the site is reconsidered, will our old rankings kick-in or must we start from scratch?

Is there any way I can get confirmation from Google that this is the reason why the site is missing from their index?

tedster

8:19 pm on Sep 17, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



So, once the site is reconsidered, will our old rankings kick-in or must we start from scratch?

Not usually in this kind of situation.

Is there any way I can get confirmation from Google that this is the reason why the site is missing from their index?

No way to make it happen that i know of. It has happened in a few cases, but they're rare.

SilverLining

3:32 pm on Sep 20, 2010 (gmt 0)

10+ Year Member



bwnbwn, I see your point. So if sites are indexed by IP, what about virtual hosting ?