Malicious bots
-
I was looking at some recommended keywords and felt sick to my stomach when I saw ilovevitaly.com search shell, resellerclub scam and a few more.
| 2. | | 28(2.29%)ilovevitaly.com search shell | 0.00% | 0(0.00%) | 42.86% | 1.75 | 00:10:13 | 0.00% | 0(0.00%) | $0.00(0.00%) |
| | 3. | resellerclub scam |I believe I have found the multiple IP addresses in which they're coming from and when I say many I mean I found 200 or so. There from different C blocks so they're very difficult to block easily without blocking legitimate traffic.
I'm using a couple of different web application firewalls with the ability to block it pretty much anything. Does anyone have any device on doing this in a manner that might be more efficient than what I'm doing.I definitely do not want Google to think this is something that I did and penalize somebody this would be horrible. The site is going through Sucuri.net to be cleaned of any possible infection right now I do not know how this happened but zero day attacks are unfortunately a very real reality and unfortunately it could've been 1 million things.
Thanks a million guys. I appreciate your help,
Tom -
Hi Jason,
You can request the hosting company you're using block the hostnames below. You can also look for their IP addresses however note this is probably a waste of time because they are so easily changed. This is a tool that you can use if you do want to block by IP
http://www.whatsmyip.org/whois-dns-lookup/
In many cases it shows me the hostname has more than one IP address.
Better to block the host name itself then to deal with the IP's.
Adding a web application firewalls that give you control will make a world of difference to your clients and yourself.
Remember you can check if your site is infected for free by using the tools below. Simply put your domain in and run them to make sure you are not infected.
http://www.unmaskparasites.com/security-report/
https://support.google.com/analytics/answer/2795830?hl=en
I definitely recommend adding one of the WAF's You Can
http://www.incapsula.com/pricing-and-plans.html (free plan will help)
https://sucuri.net/website-firewall/ ( Probably Best Value)
or
http://www.distilnetworks.com/ ( Incredible Bot Protection)
- darodar.com
- bestsub.com
- blackhatworth.com
- buttons-for-website.com
- casinobonustips.com
- cenoval.ru
- civilwartheater.com
- co.lumb.co
- cukwiki.com
- econom.co
- entourank.com
- hulfingtonpost.com
- ilovevitaly.co
- ilovevitaly.com
- make-money-online.7makemoneyonline.com
- priceg.com
- semalt.semalt.com
- seoairport.com
- seokicks.de
- serw.clicksor.com
- similarpages.com
- webstatsdomain.org
- ymlp.co
Here is a list that will allow you to add multiple bad host names to a block list via using a comma in between the host names. I did this just make it easier not to be redundant.
darodar.com,bestsub.com,blackhatworth.com,cenoval.ru,buttons-for-website.com,casinobonustips.com,co.lumb.co,civilwartheater.com,entourank.com,econom.co,cukwiki.com,hulfingtonpost.com,ilovevitaly.co,ilovevitaly.com,make-money-online.7makemoneyonline.com,priceg.com,semalt.semalt.com,seoairport.com,seokicks.de,similarpages.com,serw.clicksor.com,webstatsdomain.org,ymlp.co
Here is a list that will allow you to add multiple bad host names to a block list via using a, in between the host names. I did this just make it easier not to be redundant.
I think you can do some amazing things for very little money with the Sucuri , incapsula (paid) & Distil Networks WAF Allow You to Separate Human, Good Bot, & Bad Bot Page Requests Simply By Changing Your DNS
Why CloudFlare Is Not The Best Fit
https://twitter.com/cloudflare/status/484755523175063552
Tom
-
Update if you use WordPress
-
**Joshua Strebel - Pagely CEO **Today at 02:12
Hey Thomas,
The site is not hacked, if what you are referring to is what is shown here:http://www.incapsula.com/blog/semalt-botnet-spam.html then it is referrer spam. We'll take a look and see what we can do at the network edge. We'll also look over your site as well.
Check the FAQ at https://support.pagely.com for Answers to commonly asked questions.
-
**Joshua Strebel - Pagely CEO **Today at 03:09
This should help in the meantime: https://pagely.com/blog/2015/01/use-spamreferrerblock-fend-spam-referrer-attacks-website/
Check the FAQ at https://support.pagely.com for Answers to commonly asked questions.
-
Blacklist
/!\ Unfortunately, this plugin can't remove ALL spam referral traffic. Some domains are massively hijacking Google Analytics ID to push false traffic directly to Google's servers.
As they do not interfere with your blog or server, the plugin obviously can't do anything against them ; you have to block them in your Analytics account. Click here to view how : https://support.google.com/analytics/answer/2795830?hl=en.Blacklist last download date : 2015-01-27 23:48:35
| Domain | Status |
| .darodar.com | Can't block |
| bestsub.com | Blocked |
| blackhatworth.com | Unknown |
| buttons-for-website.com | Blocked |
| casinobonustips.com | Blocked |
| cenoval.ru | Unknown |
| civilwartheater.com | Blocked |
| co.lumb.co | Blocked |
| cukwiki.com | Blocked |
| econom.co | Blocked |
| entourank.com | Blocked |
| hulfingtonpost.com | Blocked |
| ilovevitaly.co | Blocked |
| ilovevitaly.com | Blocked |
| make-money-online.7makemoneyonline.com | Blocked |
| priceg.com | Unknown |
| semalt.semalt.com | Blocked |
| seoairport.com | Blocked |
| seokicks.de | Blocked |
| serw.clicksor.com | Blocked |
| similarpages.com | Blocked |
| webstatsdomain.org | Blocked |
| ymlp.co |
-
-
I Moved the domain to FireHost I am using their WAF & ADC ($3,672.03) the combination is keeping me safe right now. If you want to be able to block these things
https://www.firehost.com/secure-cloud/application-delivery-controller-web-application-firewall
I strongly recommend using a WAF
https://sucuri.net/website-firewall/ probably the best deal on the planet. ($9-$350)
Sucuri at nine dollars to give you DDos seven protection and three and four with everything the other guys offer on their top-of-the-line models it's pretty easy to make a wise decision and spend nine bucks.
http://www.incapsula.com/ enterprise version or personal version excellent WAF (free to 350)
http://www.distilnetworks.com/ ( awesome bot control) 30 days free $100
or
I'm not going to recommend this tool below because I don't know that it will do the job I know the ones above will. Still at 20 bucks it's worth a look
https://www.cloudflare.com/ ( the free version of cloud flare is hundred percent worthless)
I will update this continuously and can't wait to hear more from other people that are dealing with this.
All the best,
Tom
-
Hi,
I have just been hit by the situation. I will be happy to know what could be the reason and how it could be resolved. Appreciate if someone can help on this!
Thanks
Jason
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Malicious backlinks
Hello to everyone! We have identified some weird links that are pointing to our site and we are not sure if they are considered malicious backlinks and we should disavow them. Most of them are directories of websites, the most common one is called "Top million domains by alexa" (you can see an example here: www.besafe.in/domain-list-237). Have you ever seen these kind of links before? Are they causing harm to our site? Thank you so much!
White Hat / Black Hat SEO | | xaviplabor0 -
Hiding ad code from bots
Hi. I have a client who is about to deploy ads on their site. To avoid bots clicking on those ads and skewing data, the company would like to prevent any bots from seeing any ads and, of course, that includes Googlebot. This seems like it could be cloaking and I'd rather not have a different version of the sites for bots. However, knowing that this will likely happen, I'm wondering how big of a problem it could be if they do this. This change isn't done to manipulate Googlebot's understanding of the page (ads don't affect rankings, etc.) and it will only be a very minimal impact on the page overall. So, if they go down this road and hide ads from bots, I'm trying to determine how big of a risk this could be. I found some old articles discussing this with some suggesting it was a problem and others saying it might be okay in some cases (links below). But I couldn't find any recent articles about this. Wondering if anybody has seen anything new or has a new perspective to share on this issue? Is it a problem if all bots (including Googlebot) are unable to see ads? https://moz.com/blog/white-hat-cloaking-it-exists-its-permitted-its-useful
White Hat / Black Hat SEO | | Matthew_Edgar
https://www.webmasterworld.com/google/4535445.htm
https://www.youtube.com/watch?v=wBO-1ETf_dY0 -
How to stop google bot from crawling spammy injected pages by hacker?
Hello, Please help me. Our one of website is under attack by hacker once again. They have injected spammy URL and google is indexing, but we could not find these pages on our website. These all are 404 Pages. Our website is not secured. No HTTPS Our website is using wordpress CMS Thanks
White Hat / Black Hat SEO | | ShahzadAhmed0 -
How authentic is a dynamic footer from bots' perspective?
I have a very meta level question. Well, I was working on dynamic footer for the website: http://www.askme.com/, you can check the same in the footer. Now, if you refresh this page and check the content, you'll be able to see a different combination of the links in every section. I'm calling it a dynamic footer here, as the values are absolutely dynamic in this case. **Why are we doing this? **For every section in the footer, we have X number of links, but we can show only 25 links in each section. Here, the value of X can be greater than 25 as well (let's say X=50). So, I'm randomizing the list of entries I have for a section and then picking 25 elements from it i.e random 25 elements from the list of entries every time you're refreshing the page. Benefits from SEO perspective? This will help me exposing all the URLs to bots (in multiple crawls) and will add page freshness element as well. **What's the problem, if it is? **I'm wondering how bots will treat this as, at any time bot might see us showing different content to bots and something else to users. Will bot consider this as cloaking (a black hat technique)? Or, bots won't consider it as a black hat technique as I'm refreshing the data every single time, even if its bot who's hitting me consecutively twice to understand what I'm doing.
White Hat / Black Hat SEO | | _nitman0 -
Why have bots (including googlebot) categorized my website as adult?
How do bots decide whether a website is adult? For example, I have a gifting portal, but strangely here, it is categorized as 'Adult'. Also, my google adsense application to run ads on my site got rejected - I have a feeling this is because googlebot categorized my site as adult. And there are good chances that other bots also consider it an adult website, rather than a gifting website. Can anyone please go through the site and tell me why this is happening? Thanks in advance.
White Hat / Black Hat SEO | | rahulkan0 -
Do searchs bot understand SEF and non SEF url as the same ones ?
I've jsut realized that since almost for ever I use to code first my website using the non sef for internal linkings. It's very convenient as I'm sure that what ever will be the final url the link will always be good. ex: website.com/component1/id=1 Before releasing the website I use extensions to make the url user friendly according the choosen strategy. ex: website.com/component1/id=1 -> website.com/article1.html But I just wondered if google consider both urls as the same ones or if it consider just as a 301 redirection. What do you think is the best to do ?
White Hat / Black Hat SEO | | AymanH0 -
Separate Servers for Humans vs. Bots with Same Content Considered Cloaking?
Hi, We are considering using separate servers for when a Bot vs. a Human lands on our site to prevent overloading our servers. Just wondering if this is considered cloaking if the content remains exactly the same to both the Bot & Human, but on different servers. And if this isn't considered cloaking, will this affect the way our site is crawled? Or hurt rankings? Thanks
White Hat / Black Hat SEO | | Desiree-CP0 -
Is OSE data reliable and removal of malicious inbound links?
I ran a report on my site (www.rentscouter.com) using OSE and it is reporting some very strange inbound links like: anchor text = Megan http://www.newswire.ca/en/releases/mmnr/smr/Paul_Henderson_Interview_Full_Clip_REVISED.f4v?m=pc&a=bookmarkList.view&target_user_id=1&search_type=tag&keyword=蒲田・大森・羽田周辺 http://www.newswire.ca/en/releases/mmnr/smr/Paul_Henderson_Interview_Full_Clip_REVISED.f4v?m=pc&a=bookmarkList.view&target_user_id=1&search_type=tag&keyword=熱闘!甲子園%2F高校野球ゲーム http://www.hawkeyesports.com/photos/schools/stan/sport/m-baskbl/04-05action/Thumbs.db?pages10=10&size=9?pk=1 anchor text = Alexa's Mom http://www.lg.com/it/products/documents/LE8800.epk?action=view&pageId=214&start=69164 http://www.michigan.gov/documents/techtalk/SEM-0601_191695_7.dot?blogname=mahdid&sub=5&tpl=0 anchor text = http://fansofdavid.com/wp-content/uploads/2011/03/4v5sh3k1.htm?seccion=busqarag_s&busq=Huesos&?seccion=basearag_c&id=3&?seccion=busqarag_s&busq=Huesos&?seccion=basearag_c&id=3&_pagi_pg=596 However, none of these seem to show up in my Google Webmaster account. And generally when I go to some of these links I can't find any reference to my site - is the OSE data bad or are these really shady links someone is building to knock down my site? What is showing up in GWT are a bunch of growing crappy links that redirect to some advertising site - does anyone know of a way to get these removed by Google as I doubt I'm going have any luck trying to contact the owner(s) of these sites: | http://harleydavidsonjacket.org/article/252213-best_penis_enlargement_methods.htm |
White Hat / Black Hat SEO | | BoulderJoe
| http://harleydavidsonjacket.org/article/252426-plumbers_and_gasfitters_needed_urgently.htm |
| http://harleydavidsonjacket.org/article/252451-the_importance_of_plumbers_and_more.htm |
| http://harleydavidsonjacket.org/article/253039-football_betting_systems_can_they_be_profitable.htm |
| http://harleydavidsonjacket.org/article/253131-my_teen_wants_to_know_how_sex_was_and_is_for_me_what_do_i_say.htm |
| http://harleydavidsonjacket.org/article/254364-why_marriage_counseling_is_good_for_you.htm |
| http://harleydavidsonjacket.org/article/254449-herpes_dating_service_what_is_it.htm | Yes, I know Google will theoretically and maybe eventually "ignore" such links, but that will be on Google time 4 weeks or 4 years - who knows. Plus, with a younger site with a thinner link profile - anything like the links above can't be helping me...... I'm trying to figure out why my site keeps bouncing between #5 and #255 for specific keywords and determining if I have a google penalty which is being discussed in this thread: http://www.seomoz.org/q/help-with-diagnosing-google-penalty0