My site was hacked by blackhatters - Webmaster General forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

My site was hacked by blackhatters

reaxion

4:31 pm on Apr 1, 2008 (gmt 0)

10+ Year Member

I just found that one of my sites that ranked well in google for top keywords in my industry was hacked. Several 1000's of pages of content were published to a directory "/_backup". The site is hosted in a shared server environment with a well known hosting company. In addition to this a div tag using javascript was also injected on each and every one of the pages throughout my site with several hundred links pointing to various sites that appear to have been hacked as well.

This really is a new trend I believe that will emerge in the next few years as blackhatters and SEO's become one and the same (as if they already weren't) and hack sites for the purpose of generating backlinks to their own sites.

Unfortunately I don't believe I caught this in time as the site in question was removed from google's index for the terms it was ranking for.

Since I've switched hosting companies just for a bit of reassurance applied a strong password. I've also taken down any remnants of the "_backup" directory they created and additionally removed the block of code they injected on each of my pages. Lastly I also applied a line to my robots.txt file to prevent all spidering of the directory "_backup".

There are several hundred pages that were picked up by google and indexed as internal pages on my site that show up when I do site:www.mydomain.com

Do you think it is sufficient that I removed the directory and also prevent spidering of the "_backup" directory or should I use google's webmaster tool to start removing each of the pages that shouldn't be there one by one from the index?

Best regards,
Reaxion

physics

6:34 pm on Apr 1, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

If I were you I would also contact the search engines and let them know what happened, it can't hurt at this point.

Another point might be to find out how you were hacked... if it was through your CMS then moving to a different host might not help. If you're using any sort of CMS or blog software search for "locking down (your cms)" and "securing (your cms)", you may find some good tips to increase security by doing this.

lammert

11:02 pm on Apr 1, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

or should I use google's webmaster tool to start removing each of the pages that shouldn't be there one by one from the index?

Not a bad idea and it certainly wouldn't hurt. You have the option in webmaster tools to remove the content of a complete sub directory from the index so it shouldn't be too much work.

jimbeetle

12:50 am on Apr 2, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Quite a bit of Google's webmaster chat this past Friday was given over to a site that had been hacked. Turned out that Google new about it before the webmaster; G tried to contact through webmaster tools but the warning was missed.

Basic advice was to be sure that everything was cleaned up and submit a reinclusion request through webmaster tools.

FourDegreez

1:33 am on Apr 3, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

This really could be a trend. Same thing happened to me. Someone uploaded a few hundred adult-content files to a sub-directory on March 14. Two days later, this person uploaded hundreds more to a number of other sub-dirs. I noticed the problem a few days after that and removed everything. Google had already spidered the March 14 content, but not the rest. All those URLs return 404 now and I'm just waiting for them to drop out of G automatically. I think the hacker gained access to my FTP login somehow. This site is on a dedicated box.

JS_Harris

6:55 pm on Apr 4, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Step #1 - take the site offline before more pages get dropped from the serps.

Step #2 - locate and plug the vulnerability.

Step #3 - clean up the pages and bring the site back online. Wait a couple of weeks to see if the rankings return to normal.

Step #4 - if the rankings don't return after a few weeks, contact the search company and explain in detail, in writing, and dont harrass them any further.

You aren't owed a position in the rankings and your site is apparently risky to rank well from the search engines point of view. Though it does suck, you need to clean up the mess and move on. I'd suggest going after the individuals but how many hackers do you see getting prosecuted these days anyway?

physics

5:12 am on Apr 5, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

but how many hackers do you see getting prosecuted these days anyway?

It's still illegal though and SHOULD be prosecuted more. If no one reports it to the police they'll never get the funding for the increased resources.