Disavow links and domain of SPAM links
-
Hi,
I have a big problem. For the past month, my company website has been scrape by hackers.
This is how they do it:
1. Hack un-monitored and/or sites that are still using old version of wordpress or other out of the box CMS.
2. Created Spam pages with links to my pages plus plant trojan horse and script to automatically grab resources from my server. Some sites where directly uploaded with pages from my sites.
3. Pages created with title, keywords and description which consists of my company brand name.
4. Using http-referrer to redirect google search results to competitor sites.
What I have done currently:
1. Block identified site's IP in my WAF. This prevented those hacked sites to grab resources from my site via scripts.
2. Reach out to webmasters and hosting companies to remove those affected sites. Currently it's not quite effective as many of the sites has no webmaster. Only a few hosting company respond promptly. Some don't even reply after a week.
Problem now is:
When I realized about this issue, there were already hundreds if not thousands of sites which has been used by the hacker. Literally tens of thousands of sites has been crawled by google and the hacked or scripted pages with my company brand title, keywords, description has already being index by google.
Routinely everyday I am removing and disavowing. But it's just so much of them now indexed by Google.
Question:
1. What is the best way now moving forward for me to resolve this?
2. Disavow links and domain. Does disavowing a domain = all the links from the same domain are disavow?
3. Can anyone recommend me SEO company which dealt with such issue before and successfully rectified similar issues?
Note: SEAGM is company branded keyword
-
I'm afraid there's no easy answer. The security side is beyond the scope of Q&A (it's just too dependent on your platform/host/etc.), but locking that down is definitely the biggest and first step. Obviously, though, you can't stop third-party sites from getting hacked.
Disavow can be done at the domain level. There are some oddities, like Wordpress.com (where sub-domains act more like stand-alone domains), but for most sites, if most links are malicious, lock down the entire incoming domain.
Make sure your core links are clean. If you have a solid base of links, and you're not dealing with a lot of quality issues, it's tough for these kinds of hacked links to cause as much harm. Google knows this happens. Unfortunately, if your core link profile is a mess or week, then it's a lot easier to take damage. So, this is a battle on two fronts - stop the attack and, at the same time, clean up your core link profile and strengthen it as best you can.
There are a lot of link removal tools now, but honestly, they're a starting point. You need to dig in and evaluate what they give you, so that you're not taking out links that are potentially good. Right now, this is a labor-intensive process, I'm afraid.
-
Hi Andy,
Am currently gathering data from Webmaster Tools.
No, I didn't get any manual actions message from Google.
I do have a list. Am trying to use Kerboo (LinkRisk) to manage it. However, I have little time to do this.
-
Hi,
2. Disavow links and domain. Does disavowing a domain = all the links from the same domain are disavow?
Yes, I would be disavowing at a domain level (not even subdomain) with a view to blocking everything you find.
How have you been gathering link data? Webmaster Tools? Ahrefs? Majestic? OSE?
Ideally you need to create one master list of everything you can find and start from there. It isn't going to be a quick fix though because if you have been caught by Penguin, you wont get out of any penalty until it is re-run again. All you can do is prepare for when that run happens.
If you haven't yet been caught by Penguin, then you would be saving yourself a lot of worry by getting this resolved before the next refresh happens.
-Andy
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Linking to my Site so I should Link Back?
I remember hearing a few years ago that it was a good practice to link back to a site that was linking to you. My company's site was referenced and linked to in a news article. The news company has an above average domain authority, which is pretty good for my company's backlink profile. Is it still or was ever a "best practice" to link back to this website/domain? I feel like linking back was a best practice, but when I try to search this, all I get back is backlinking 101 and backlinking articles. Nothing really answering my question straight forward. Thanks for any help.
Technical SEO | | aua0 -
Should I disavow links from pages that don't exist any more
Hi. Im doing a backlinks audit to two sites, one with 48k and the other with 2M backlinks. Both are very old sites and both have tons of backlinks from old pages and websites that don't exist any more, but these backlinks still exist in the Majestic Historic index. I cleaned up the obvious useless links and passed the rest through Screaming Frog to check if those old pages/sites even exist. There are tons of link sending pages that return a 0, 301, 302, 307, 404 etc errors. Should I consider all of these pages as being bad backlinks and add them to the disavow file? Just a clarification, Im not talking about l301-ing a backlink to a new target page. Im talking about the origin page generating an error at ping eg: originpage.com/page-gone sends me a link to mysite.com/product1. Screamingfrog pings originpage.com/page-gone, and returns a Status error. Do I add the originpage.com/page-gone in the disavow file or not? Hope Im making sense 🙂
Technical SEO | | IgorMateski0 -
Does a sub-domain benefit a domain...
I have seen some mixed comment as the whether a sub-domain would benefit from the authority built up by its domain... but does a domain benefit from a sub-domain?
Technical SEO | | Switch_Digital0 -
Hot Linking
We recently noticed that our website www.efurniturehouse.com is being hot linked by axsoris.com a Dutch website with many malware issue. Any suggestions how to proceed? Thanks in advance Tony
Technical SEO | | OCFurniture1 -
Blog.domain.co.uk or domain.co.uk/blog
Hi Guys, I'm just wondering which offers more SEO value and which is easier to set up out of: blog.domain.co.uk domain.co.uk/blog Thanks, Dan
Technical SEO | | Sparkstone0 -
Vanity Virgin Domains
Hi, I've acquired a vast amount of domains related to my industry over the past 2-3 years. The domains themselves are keyword rich, and likely to be highly searched in their respective terms. Most of the domains are virgin names, some are expired and re-registered names. I can appreciate re-registered names likely retain little value, but I'm wondering, if one was to setup each of the virgin vanity domains as a 301 re-direct, and add the redirected domains as a new submit to google, would there be any keyword relevance, or would this likely be a wasted effort or result in a penalty? I initially registered the domains to protect intellectual property, or prevent others from benefiting from the competitive terms (evil, I know), but I'd like benefiting from them, rather than renew each year and have them site there and do nothing. Thanks!
Technical SEO | | ispone0 -
What is SEO impact of redirecting from domain to https appspot domain ?
Our site is hosted on google and is fully https. But since google's limitation is that all https needs to be on the appspot domain, we are redirecting users from our website to the appspot domain. What is the impact of this on SEO?
Technical SEO | | incandescent0 -
Domain Forwarding and SEO
I have looked around and only saw older and contradicting responses to this question but what effect does having a domain with VALUABLE-KEYWORD.com forward to MAINSITE.com or COMMON-MISSPELLING.com forward to MAINSITE.com in terms of SEO and is it considered spammy or looked down upon
Technical SEO | | treytt0