Malicious bots
-
I was looking at some recommended keywords and felt sick to my stomach when I saw ilovevitaly.com search shell, resellerclub scam and a few more.
| 2. | | 28(2.29%)ilovevitaly.com search shell | 0.00% | 0(0.00%) | 42.86% | 1.75 | 00:10:13 | 0.00% | 0(0.00%) | $0.00(0.00%) |
| | 3. | resellerclub scam |I believe I have found the multiple IP addresses in which they're coming from and when I say many I mean I found 200 or so. There from different C blocks so they're very difficult to block easily without blocking legitimate traffic.
I'm using a couple of different web application firewalls with the ability to block it pretty much anything. Does anyone have any device on doing this in a manner that might be more efficient than what I'm doing.I definitely do not want Google to think this is something that I did and penalize somebody this would be horrible. The site is going through Sucuri.net to be cleaned of any possible infection right now I do not know how this happened but zero day attacks are unfortunately a very real reality and unfortunately it could've been 1 million things.
Thanks a million guys. I appreciate your help,
Tom -
Hi Jason,
You can request the hosting company you're using block the hostnames below. You can also look for their IP addresses however note this is probably a waste of time because they are so easily changed. This is a tool that you can use if you do want to block by IP
http://www.whatsmyip.org/whois-dns-lookup/
In many cases it shows me the hostname has more than one IP address.
Better to block the host name itself then to deal with the IP's.
Adding a web application firewalls that give you control will make a world of difference to your clients and yourself.
Remember you can check if your site is infected for free by using the tools below. Simply put your domain in and run them to make sure you are not infected.
http://www.unmaskparasites.com/security-report/
https://support.google.com/analytics/answer/2795830?hl=en
I definitely recommend adding one of the WAF's You Can
http://www.incapsula.com/pricing-and-plans.html (free plan will help)
https://sucuri.net/website-firewall/ ( Probably Best Value)
or
http://www.distilnetworks.com/ ( Incredible Bot Protection)
- darodar.com
- bestsub.com
- blackhatworth.com
- buttons-for-website.com
- casinobonustips.com
- cenoval.ru
- civilwartheater.com
- co.lumb.co
- cukwiki.com
- econom.co
- entourank.com
- hulfingtonpost.com
- ilovevitaly.co
- ilovevitaly.com
- make-money-online.7makemoneyonline.com
- priceg.com
- semalt.semalt.com
- seoairport.com
- seokicks.de
- serw.clicksor.com
- similarpages.com
- webstatsdomain.org
- ymlp.co
Here is a list that will allow you to add multiple bad host names to a block list via using a comma in between the host names. I did this just make it easier not to be redundant.
darodar.com,bestsub.com,blackhatworth.com,cenoval.ru,buttons-for-website.com,casinobonustips.com,co.lumb.co,civilwartheater.com,entourank.com,econom.co,cukwiki.com,hulfingtonpost.com,ilovevitaly.co,ilovevitaly.com,make-money-online.7makemoneyonline.com,priceg.com,semalt.semalt.com,seoairport.com,seokicks.de,similarpages.com,serw.clicksor.com,webstatsdomain.org,ymlp.co
Here is a list that will allow you to add multiple bad host names to a block list via using a, in between the host names. I did this just make it easier not to be redundant.
I think you can do some amazing things for very little money with the Sucuri , incapsula (paid) & Distil Networks WAF Allow You to Separate Human, Good Bot, & Bad Bot Page Requests Simply By Changing Your DNS
Why CloudFlare Is Not The Best Fit
https://twitter.com/cloudflare/status/484755523175063552
Tom
-
Update if you use WordPress
-
**Joshua Strebel - Pagely CEO **Today at 02:12
Hey Thomas,
The site is not hacked, if what you are referring to is what is shown here:http://www.incapsula.com/blog/semalt-botnet-spam.html then it is referrer spam. We'll take a look and see what we can do at the network edge. We'll also look over your site as well.
Check the FAQ at https://support.pagely.com for Answers to commonly asked questions.
-
**Joshua Strebel - Pagely CEO **Today at 03:09
This should help in the meantime: https://pagely.com/blog/2015/01/use-spamreferrerblock-fend-spam-referrer-attacks-website/
Check the FAQ at https://support.pagely.com for Answers to commonly asked questions.
-
Blacklist
/!\ Unfortunately, this plugin can't remove ALL spam referral traffic. Some domains are massively hijacking Google Analytics ID to push false traffic directly to Google's servers.
As they do not interfere with your blog or server, the plugin obviously can't do anything against them ; you have to block them in your Analytics account. Click here to view how : https://support.google.com/analytics/answer/2795830?hl=en.Blacklist last download date : 2015-01-27 23:48:35
| Domain | Status |
| .darodar.com | Can't block |
| bestsub.com | Blocked |
| blackhatworth.com | Unknown |
| buttons-for-website.com | Blocked |
| casinobonustips.com | Blocked |
| cenoval.ru | Unknown |
| civilwartheater.com | Blocked |
| co.lumb.co | Blocked |
| cukwiki.com | Blocked |
| econom.co | Blocked |
| entourank.com | Blocked |
| hulfingtonpost.com | Blocked |
| ilovevitaly.co | Blocked |
| ilovevitaly.com | Blocked |
| make-money-online.7makemoneyonline.com | Blocked |
| priceg.com | Unknown |
| semalt.semalt.com | Blocked |
| seoairport.com | Blocked |
| seokicks.de | Blocked |
| serw.clicksor.com | Blocked |
| similarpages.com | Blocked |
| webstatsdomain.org | Blocked |
| ymlp.co |
-
-
I Moved the domain to FireHost I am using their WAF & ADC ($3,672.03) the combination is keeping me safe right now. If you want to be able to block these things
https://www.firehost.com/secure-cloud/application-delivery-controller-web-application-firewall
I strongly recommend using a WAF
https://sucuri.net/website-firewall/ probably the best deal on the planet. ($9-$350)
Sucuri at nine dollars to give you DDos seven protection and three and four with everything the other guys offer on their top-of-the-line models it's pretty easy to make a wise decision and spend nine bucks.
http://www.incapsula.com/ enterprise version or personal version excellent WAF (free to 350)
http://www.distilnetworks.com/ ( awesome bot control) 30 days free $100
or
I'm not going to recommend this tool below because I don't know that it will do the job I know the ones above will. Still at 20 bucks it's worth a look
https://www.cloudflare.com/ ( the free version of cloud flare is hundred percent worthless)
I will update this continuously and can't wait to hear more from other people that are dealing with this.
All the best,
Tom
-
Hi,
I have just been hit by the situation. I will be happy to know what could be the reason and how it could be resolved. Appreciate if someone can help on this!
Thanks
Jason
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Inbound links with malicious anchor text. Negative seo attack
Hi, What to do with more than 300 links with a malicious anchor text that has nothing to do with my content. I am disavowing those links for the last 5 years. Some of them are directed to URLs that have been changed more than 8 years ago. How can I block this malicious behavior? Thanks in advance
White Hat / Black Hat SEO | | Arlinaite470 -
Malicious backlinks
Hello to everyone! We have identified some weird links that are pointing to our site and we are not sure if they are considered malicious backlinks and we should disavow them. Most of them are directories of websites, the most common one is called "Top million domains by alexa" (you can see an example here: www.besafe.in/domain-list-237). Have you ever seen these kind of links before? Are they causing harm to our site? Thank you so much!
White Hat / Black Hat SEO | | xaviplabor0 -
How to stop google bot from crawling spammy injected pages by hacker?
Hello, Please help me. Our one of website is under attack by hacker once again. They have injected spammy URL and google is indexing, but we could not find these pages on our website. These all are 404 Pages. Our website is not secured. No HTTPS Our website is using wordpress CMS Thanks
White Hat / Black Hat SEO | | ShahzadAhmed0 -
Malicious links on our site indexed by Google but only visible to bots
We've been suffering from some very nasty black hat seo. In Google's index, our pages show external links to various pharmaceutical websites, but our actual live pages don't show them. It seems as though only certain user-agents see the malicious links. Setting up Screaming Frog SEO crawler using the Googlebot user agent also sees the malicious links. Any idea what could have caused this or how this can be stopped? We scanned all files on our webserver and couldn't find any of malicious links. We've changed our FTP and CMS passwords, is there anything else we can do? Thanks in advance!
White Hat / Black Hat SEO | | SEO-Bas0 -
Malicious bot attack?
Several of our websites have experienced a major direct load traffic spike in the last 30 days - roughly 40K new visitors for each site. The bots are emulating IE9 and appear to be hitting our home page and bouncing 100% of the time. The traffic is double our usual volume, or more. Our bounce rates, conversion rate, page views, etc have suffered accordingly. The volume hasn't affected site performance, yet. Since the traffic is direct load, I can't see this being a negative SEO attack. Plus, our search visibility for everything but our brands is abysmal - there aren't any real rankings to tank. Our engineers are saying that the IP addresses are diverse, and they aren't seeing any pattern. I also checked GA for traffic locations, and we aren't seeing anything unusual from overseas.It appears that the attack is US based. Has anyone seen this before?
White Hat / Black Hat SEO | | AMHC0 -
Cloaking/Malicious Code
Does anybody have any experience with software for identifying this sort of thing? I was informed by a team we are working with that our website may have been compromised and I wanted to know what programs people have used to identify cloaking attempts and/or bad code. Thanks everybody!
White Hat / Black Hat SEO | | HashtagHustler0 -
Bot or Virus Creating Bad Links?
Hey Everyone, We are getting ready to engage a client for some potential marketing/SEO so in preparing for this have ran the site through OpenSiteExplorer. The site is relatively new and there are only two links under the inbound links section. They are relevant and add value, no issues there. Here is where it get strange. When I look under the 'Just Discovered' section there are many (hundreds) new links going back about a month. Virtually all of them have the anchor text 'Louis Vuitton outlet'. Now the client swears he has not engaged anyone for black hat SEO, so wondering who could possibly be creating these links. They do sell some Louis Vuitton items on the site, so I'm wondering if it is possible that some spam bot has picked up the site and began to spam the web with links to the clients site. So far today, 50 or so new links have been created with said anchor text and the clients root URL all on very poor quality, some foreign blog sites. Would like to find out why this is happening and put a stop to it for obvious reasons. Has anyone experienced something similar? Could this be a bot? Or maybe someone with an axe to grind against the client? Anyone could be doing this on their own, but just seems strange for it to be happening to a new site that does not even rank highly at the moment. Any advice or info is greatly appreciated, thanks in advance.
White Hat / Black Hat SEO | | Whebb0 -
Yahoo Slurp Bot 3.0 Going Crazy
On one of our sites, since the Summer, Yahoo Slurp bot has been crawling our pages at about 5 times a minute. We have put a crawl delay on it and it does not respect our robots.txt. Now the issue is it's triggering javascript (which bots shouldn't) triggering our adsense, ad server, analytics information, etc. We've thought of banning the bot all together but get a good amount of Yahoo traffic. We've though about programmatic-ly not showing the javascript (ad + analytic) tags but are slightly afraid the Yahoo might consider this cloaking. What are the best practices to deal with this bad bot.
White Hat / Black Hat SEO | | tony-755340