Website Vulnerability Leading to Doorway Page Spam. Need Help.
-
Keywords he is ranking for , houston dwi lawyer, houston dwi attorney and etc..
Client was acquired in June and since then we have done nothing but build high quality links to the website. None of our clients were dropped/dinged or impacted by the panda/penguin updates in 2012 or updates previously published via Google. Which proves we do quality SEO work. We went ahead and started duplicating links which worked for other legal clients and 5 months later this client is either dropping or staying in local maps results and we are performing very badly in organic results.
Some more history.....
When he first engaged our company we switched his website from a CMS called plone to word press. During our move I ran some searches to figure out which pages we needed to 301 and we came across many profile pages or member pages created on the clients CMS (PLONE). These pages were very spammy and linked to other plone sites using car model,make,year type keywords (ex:jeep cherokee dealerships). I went through these sites to see if they were linking back and could not find any back links to my clients website. Obviously nobody authorized these pages, they all looked very hackish and it seemed as though there was a vulnerability on his plone CMS installation which nobody caught.
Fast forward 5 months and the newest OSE update is showing me a good 50+ back links with unrelated anchor text back links. These anchor text links are the same color as the background and can only be found if you hover your mouse over certain areas of the site. All of these sites are built on Plone and allot of them are linked to other businesses or community websites. These websites obviously have no clue they have been hacked or are being used for black hat purposes.
There are dozens of unrelated anchor text links being used on external websites which are pointing back to our clients website.
Examples: <a class="clickable title link-pivot" title="See top linking pages that use this anchor text">autex Isuzu, </a><a class="clickable title link-pivot" title="See top linking pages that use this anchor text">Toyota service department ratings, </a><a class="clickable title link-pivot" style="color: #5e5e5e; font-family: Helvetica, Arial, sans-serif; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;" title="See top linking pages that use this anchor text">die cast BMW and etc..</a>
Obviously the first step is to use the disavow link tool, which will be completed this week.
The second step is to take some feedback from the SEO community. It seems like these pages are automatically created using some type of bot. It will be very tedious if we have to continually remove these links. I hope there is a way to notify Google that these websites are all plone and have a vulnerability, which black hats are using to harm the innocent...
If i cannot get Google to handle this, then the only other option is to start fresh with a new domain name.
What would you do in this situation. Your help is greatly appreciated. Thank you
-
Thanks for the thought.
I'm going to give it a try, didn't think about that. Nothing special about our 301's.
-
I've definitely seen issues lately where mass 301-ing a lot of pages all to one page caused some problems with Google. If there were bad/suspicious links to some of those pages, it could definitely exacerbate the problem. You may have to try killing some of those redirects, especially from the worst pages. If you don't get traffic to those pages and you know the links are suspect (whether or not you created them), I'd strongly consider 404-ing some of those pages and cutting the redirects. How deep you have to cut depends on how bad the damage is and how much risk you're willing to take. It's definitely not for the faint of heart, but if the situation is bad enough, it may be necessary.
-
Thanks for the reply. We got the clients primary domain (internal pages were always fine) out of penalization by using the disavow tool and still our rankings have not come back.
Furthermore it looks like we found about 4k new links pointing back to pages which were redirected automatically to the home page upon creation of wordpress (wordpress 301 plugins). We changed the landing page for 301's to be a .com/lost page and that page is setup as no follow/index.
When it comes to the on page factors, I think the domain it self has too many pages talking about DWI. Posts that is. My next step is to remove all these Spammy blog posts (real news however) and see if that gives us a return in rankings.
When it comes to the duplicating links, i am definitely not over exchanging links between clients . Occasionally i will link one or two clients because they are beneficial to one another (personal injury links to a divorce lawyer in the same city). But the majority of links are pr's, he directories, web 2.0 and other links from industry sites.
Picking up a client from a horrible SEO company is probably the hardest project i have picked up thus far and i just picked up two more.... FML
From scratch we can pull a new website from zero to top of page one in 6months, but this has me stumped.
Thanks for your help and maybe one day i will do a write up about my solutions.
-
Unfortunately, even across the broader community, specific technical issues with specific CMS platforms can be really hard to find an answer to. You need someone who's been in exactly your situation, in most cases. I'm seeing multiple mentions on the web for Plone security holes:
http://plone.org/products/plone/security/advisories/20121106-announcement
If you think this is primarily an issue of these bad links, then using the new disavow tool is your best (if imperfect) option right now, most likely. Otherwise, you're left contacting each website to let them know they have a hole. If you think this is a new vulnerability, you could try to work with Plone directly, but that would rely on all of these sites patching the hole. In other words, even if Plone releases a fix, everyone has to actually apply it, and that often doesn't happen. So, cutting off the links via Google is probably more effective.
Given that you switched platforms, though, I'd really dig deep and make sure you haven't run into other problems. For example, did the WordPress switch introduce new duplicate content? Did any of your TITLE tags, URLs, or other on-page factors change? Are they links you're "duplicating" starting to look like a network to Google? It's entirely possible for one site to get hit and not others, especially in a competitive vertical. I'd look long and hard at your whole portfolio and make sure this isn't a signal that something worse is about to happen.
That's conjecture, but I've just seen too many SEO companies jump to the conclusion of foul play, only to miss something they had control over. Make sure you're looking at the whole picture.
-
Amazing i could not get a response on this.
-
any help on this
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
More or Less pages helps in SEO?
Hi all, I have gone through some articles where less pages are suggested and they claim that they will be favoured by Google. I'm not sure as with limited pages, we can only target limited keywords. There might be threat from Google in-terms of doorway pages for more pages. But one of our competitor has many pages like dedicated page for every keyword. And their website ranks high and good for all keywords. I can see three pages created with differnet phrases for same on keyword. If less pages are good, how come this works for our competitor? Thanks
White Hat / Black Hat SEO | | vtmoz0 -
Multiple E-commerce website
Following is a scenario where we plan to have a single database and different sites pulling product information from this. There will be a primary site with all the products listed and then there will be other category based website with the same products. All transactions will happen on respective website. The common factor will be products and its information. Our question is should we have different item numbers for the same product listed on two websites or they can be the same.?
White Hat / Black Hat SEO | | promodirect
e.g.
Website A: Product - Blue Shoes and item number '123'
Product page url will be: websitea.com/blueshoes-123.html Website B: Product - Blue Shoes and item number '123' or should the item# should be unique e.g. 'B123'
Product page url will be: websiteb.com/blueshoes-123.html
or
If item number is unique the product page url will be: websiteb.com/blueshoes-B123.html Please advise what is the best way forward.0 -
Google Disavow and Penalty lifted please help?
We disavowed 80% of our backlink profile due to our last SEO building cheap nasty links and filed a reconsideration requested (we had the Google Webmaster Tools notice of detected unnatural links to http://www.xxx.co.uk penalty for a year from the 24<sup>th</sup> march 2012 but thought it best to clean up before round 2 – even though we had no real penalty and we dd some decent link building that moved us up). We then received a successful penalty lifted note (on the 22<sup>nd</sup> of May 2013) but our rankings dropped (due to the crap links propping us up) since then we have built a fair few high quality links but our rankings do not seem to be moving much if at all (7 weeks clear now). has anyone had any experience with the above (are we in a sandbox type situation). Thank you for your time Thanks Bob
White Hat / Black Hat SEO | | BobAnderson0 -
Advice on using the disavow tool to remove hacked website links
Hey Everyone, Back in December, our website suffered an attack which created links to other hacked webistes which anchor text such as "This is an excellent time to discuss symptoms, fa" "Open to members of the nursing/paramedical profes" "The organs in the female reproductive system incl" The links were only visible when looking at the Cache of the page. We got these links removed and removed all traces of the attack such as pages which were created in their own directory on our server 3 months later I'm finding websites linking to us with similar anchor text to the ones above, however they're linking to the pages that were created on our server when we were attacked and they've been removed. So one of my questions is does this effect our site? We've seen some of our best performing keywords drop over the last few months and I have a feeling it's due to these spammy links. Here's a website that links to us <colgroup><col width="751"></colgroup>
White Hat / Black Hat SEO | | blagger
| http://www.fashion-game.com/extreme/blog/page-9 | If you do view source or look at the cached version then you'll find a link right at the bottom left corner. We have 268 of these links from 200 domains. Contacting these sites to have these links removed would be a very long process as most of them probably have no idea that those links even exist and I don't have the time to explain to each one how to remove the hacked files etc. I've been looking at using the Google Disavow tool to solve this problem but I'm not sure if it's a good idea or not. We haven't had any warnings from Google about our site being spam or having too many spam links, so do we need to use the tool? Any advice would be very much appreciated. Let me know if you require more details about our problem. <colgroup><col width="355"></colgroup>
| | | |0 -
Website mallware attacks
I keep getting attacks to my website every time that are being blocked by OSE firewall Is there any way to stop this? I am affraid because they actually manage enter my website on the past, and i dont know if they can enter on the future or if having all the pluggins and wordpress updated. I am safe enough, and i am not sure if there is any type of virus on my computer Macbook as those attacked pages were recently updated from my computer. Is there any malware scan for Mac Thanl you == Attack Details == TYPE: Found Basic DoS Attacks DETECTED ATTACK VALUE: dDos Attack ACTION: Blocked LOGTIME: 2013-02-25 11:48:18 FROM IP: http://whois.domaintools.com/75.126.24.81 URI: [http://www.propdental.es/](http://www.propdental.es/) METHOD: HEAD USERAGENT: N/A REFERRER: N/A == Attack Details == TYPE: Found Basic DoS Attacks DETECTED ATTACK VALUE: dDos Attack ACTION: Blocked LOGTIME: 2013-02-25 10:13:17 FROM IP: http://whois.domaintools.com/107.21.150.82 URI: [http://www.propdental.es/blanqueamiento-dental/](http://www.propdental.es/blanqueamiento-dental/) METHOD: HEAD USERAGENT: N/A REFERRER: N/A ``` == Attack Details == TYPE: Found Malicious User Agent DETECTED ATTACK VALUE: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 ACTION: Blocked LOGTIME: 2013-02-25 03:13:52 FROM IP: http://whois.domaintools.com/119.245.226.74 URI: [http://www.propdental.es/sonrisas/los-martinez/](http://www.propdental.es/sonrisas/los-martinez/) METHOD: HEAD USERAGENT: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 REFERRER: N/A ``` ```
White Hat / Black Hat SEO | | maestrosonrisas0 -
What do you think of our new category page?
Hey Mozzers! We have come up with a new layout design for a category page and would love to have your opinion on it, specifically from an S_E_O perspective Here is our current page: http://www.builddirect.com/Laminate-Flooring.aspx Our new page (pending approval): http://www.builddirect.com/testing/laminate-flooring/index.html Just to brief you in on the key differences b/w old and new layout: Left text link menu is removed in new layout
White Hat / Black Hat SEO | | Syed1
New layout looks funny with JS disabled - long vertical line up of products(Perhaps important keywords/ content in new layout appears way down?)
Lot of 'clunk' has been removed (bits of text, links, images, etc) Thanks for checking this out.0 -
Need a Service to get back links- info on Youtube PR Ranking
I have about 4000 you tube video urls that I need someone to submit for comment links, and profile links, and other links above pr2 and above. (will consider lower pr too). The ones I see when searching, don't seem to be able to understand how to use their submitters. Yes I know PR most likely will not be passed, but at least the vid will rank better with higher pr. My pr4 vids do. It seems to be that you tube vids are easier to gain pr. When I do a link search for pr5 vid urls, it doesn't seem to return links that justify the PR, so any info on that is appreciated. Any comments about how I should not do this or any form of this will not be appreciated. Thanks
White Hat / Black Hat SEO | | joemas990 -
User comments with page content or as a separate page?
With the latest Google updates in both cracking down on useless pages and concentrating on high quality content, would it be beneficial to include user posted comments on the same page as the content or a separate page? Having a separate page with enough comments on it would he worth warranting, especially as extra pages add extra pagerank but would it be better to include them with the original article/post? Your ideas and suggestions are greatly appreciated.
White Hat / Black Hat SEO | | Peter2640