Site Blacklisted
-
Good morning.
Just done my WMT ritual morning check and one of my sites has been blacklisted for malware.
It's a wordpress site - I've run various scans, e.g. http://sitecheck.sucuri.net/scanner/ and also installed wordfence and scanned with that and wordfence produced some offending files which I have now deleted.
I've also installed website defender in the hope that it wont happen again. I'm pretty good with staying on top of updates and rarely let a few days pass without upgrading new version of wordpress or plugins etc. I've also checked my users to make sure no new admins or anything and also changes passwords.
I've asked for a review from Google and just wondered how long these reviews take?
Also, has anybody got any advice, is there anything else I should be doing?
Thanks
-
That is good to hear, Jo.
Thanks for letting us know. feedback is good.
Be vigilant, because the hackers never stop.
My dedicated server constantly has hackers trying to break in, mostly chinese and russians. Complex passwords and countermeasures keep us safe, but it only takes one weak link somewhere to break it all down.
-
Thanks all for your help, I was de-blacklisted this afternoon - phew.
-
The webserver log is what you need.
You may be able to see that in Cpanel, depending on how it is configured.
The log may also be in the document root, updated daily and compressed.
If you haven't looked at logs before, it can be difficult to determine what is really going on in there.
-
I didn't check the dates The site is less than a month old though.
When you say logs, I'm not entirely sure what I'm looking for. I use cpanel so have access to various logs, but I have to admit, I haven't spent any time in there and now I'm conscious that this is something I need to educate myself on quick.
Any suggested resources for which logs to use for what?
-
Jo,
before you removed the bad files, did you check the dates?
If you have logs, you could go back to see when those files were first accessed.
Then go backwards looking for activity that doesn't look normal.
That could tell you where the problem is.
-
Thanks, I'm not so sure! I'm a freelancer and I wok on my own so I have nobody to really bounce ideas off, so this community is great for that. Glad to know I'm doing it right
I'm not a bit lover of plugins and I try to keep to a minimum, but I've removed anything unessential - even my beloved Flare sharing buttons, for now anyway.
I'll let you know when Google come back to me
-
I just want to reiterate what Andy said about sitespeed as well, try to have as little plugins as possible.
When you visit a WP site and its super slow, its usually because they have gallery plugins and all sorts running which sucks the life out of the sitespeed.
Anyway, good luck seems as though you know what your doing anyway.
-
Thanks all for your responses, much appreciated.
I installed the timthumb vulnerability scanner and it says no instances were found.
I'm going to go through and ditch the unnecessary plugins...I use woocommerce and they have recent upgrade but its not compatible with my theme so I can't update it, which is a giant pain. I hope its not that.
Thanks for your help.
-
Agree
-
I think you have already done quite a bit.
I suppose just be a little more selective which plugins you install, some have holes in and once the word is out about particular holes in certain plugins these people will come looking for blogs with it installed.
-
Hello Jo.
Do you know exactly how they got in?
If not, here is one possibility:
Check to see if you have a copy of timthumb.php
If you do, and it is an old version, it has a vulnerability you must fix, otherwise it will happen again.
Here is information about that, including a scanner that should find and fix that problem.
<cite>wordpress.org/extend/plugins/timthumb-vulnerability-scanner/</cite>
-
in my experience, and i've a fair bit with WP, the majority of malware comes from plugins which get updated and become infected themselves. Wordfence certainly can help with this problem, but a regular securi scan will too.
My advice is deactivate and uninstall any plugins you don't really need or use - this will make the site faster and more secure.
Once the malware has gone you can do as you have and ask for relisting or wait it out, google will come back and check. Manual reviews will take a few days to come back I believe, though it depends on the nature of the malware - if its believed to be complex it will be manual if its just one file being "naughty" a robot may scan your site to take a look that it's gone and it could be up in 24-48 hours.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Moz Crawled My Site. Now What?
Hey everyone! So Moz crawled my site and I passed it over to my dev team who's curious about what they should prioritize. Curious what everyone's thoughts are. Here are the issue types: Duplicate Content - Missing Title - Duplicate Title Tag - Redirect Chain - Title too long - Description too short - Missing Description - Missing h1 - Thin Content - URL Too Long - Has meta noindex Would love any assistance! Thank you!
Technical SEO | | inksoft_mm0 -
Why can no tool crawl this site?
I am trying to perform a crawl analysis on a client's website at https://www.bravosolution.com I have tried to crawl it with IIS for SEO, Sreaming Frog and Xenu and not one of them makes it further than the home page of the site. There is nothing I can see in the robots.txt that is blocking these agents. As far as I can see, Google is able to crawl the site although they have noticed a significant drop in organic traffic. Any advise would be very welcome Regards Danny
Technical SEO | | richdan0 -
Webmaster Tools stopped updating my sites
On Feb 6th WMT stopped updating the stats for my two main sites. I have seen other people complain about this but it seems like it's not known what causes it or if it's by design. Does anyone here have any insight on this issue? Thanks, Greg Davis AntiqueBanknotes
Technical SEO | | Banknotes0 -
Robots.txt & Mobile Site
Background - Our mobile site is on the same domain as our main site. We use a folder approach for our mobile site abc.com/m/home.html We are re-directing traffic to our mobile site vie device detection and re-direction exists for a handful of pages of our site ie most of our pages do not redirect the user to a mobile equivalent page. Issue – Our mobile pages are being indexed in desktop Google searches Input Required – How should we modify our robots.txt so that the desktop google index does not index our mobile pages/urls User-agent: Googlebot-Mobile Disallow: /m User-agent: `YahooSeeker/M1A1-R2D2` Disallow: /m User-agent: `MSNBOT_Mobile` Disallow: /m Many thanks
Technical SEO | | CeeC-Blogger0 -
Site offline - Mitigating measures?
Hi, Our domain has expired, and it could take up to 48h to recover our website. Appart from the obvious image damage, It worries me Google will just think we have vanisheg Any recommendations? Maybe update something on WebMasterTools? Not having the domain, cannot even do any temporary redirect, etc... Thanks! Jaime
Technical SEO | | BaseKit0 -
Multilingual blogs and site structure
Hi everyone, I have a question about multilingual blogs and site structure. Right now, we have the typical subfolder localization structure. ex: domain.com/page (english site) domain.com/ja/page (japanese site) However, the blog is a slightly more complicated. We'd like to have english posts available in other languages (as many of our users are bilinguals). The current structure suggests we use a typical domain.com/blog or domain.com/ja/blog format, but we have issues if a Japanese (logged in) user wants to view an English page. domain.com/blog/article would redirect them to domain.com/ja/blog/article thus 404-ing the user if the post doesn't exist in the alternate language. One suggestion (that I have seen on sites such as etsy/spotify is to add a /en/ to the blog area: ex domain.com/en/blog domain.com/ja/blog Would this be the correct way to avoid this issue? I know we could technically work around the 404 issue, but I don't want to create duplicate posts in /ja/ that are in English or visa versa. Would it affect the rest of the site if we use a /en/ subfolder just for the blog? Another option is to use: domain.com/blog/en domain.com/blog/ja but I'm not sure if this alternative is better. Any help would be appreciated!
Technical SEO | | Seiyav0 -
International Site Links In Footer
We have several international sites and we have them linked in the footer of our main .com site . Should we add "nofollow" to these links? Our concern is that Google could see these sites as a network?
Technical SEO | | EwanFisher0 -
I Bought AD on a site, am i being penalized for it
Hello... I have bought two ads on the site : http://goo.gl/nXnRA If you look on the right hand column, you will see the top two images under the word sponsors are mine.... Am i being penalized for this? are these ads frowned upon by Google? I need guidance as my ranking for the words being used as that alt text have tanked, badly and i also received a letter from WMT about unnatural links. If that site, and the ads (not links) i bought are fine with google, please advise what you think it may be... my site is : http://goo.gl/JgK1e Please help... Thanks
Technical SEO | | Prime850