Manual action due to hack
-
We have had some issues with one of our websites getting hacked. The first time it happened, we noticed it the next morning and cleaned it up before Google even realised. However, the same thing happened again over the weekend, and I came into the office to an email from Google:
Google has detected that your site has been hacked by a third party who created malicious content on some of your pages. This critical issue utilizes your site’s reputation to show potential visitors unexpected or harmful content on your site or in search results. It also lowers the quality of results for Google Search users. Therefore, we have applied a manual action to your site that will warn users of hacked content when your site appears in search results. To remove this warning, clean up the hacked content, and file a reconsideration request. After we determine that your site no longer has hacked content, we will remove this manual action.
_Following are one or more example URLs where we found pages that have been compromised. Review them to gain a better sense of where this hacked content appears. The list is not exhaustive. _
We have again cleaned up the website, however, my problem is that even though we have received this email, I cannot find any evidence of the manual action having actually been applied. I.e. it doesn't show in the Search Console and I am also not getting a warning in the search results when searching for our own website or clicking on the result for our website. That means I cannot submit a reconsideration request - however I am not sure at all there was actually a manual action applied at all based on my test searches.
Has anyone here experienced the same issue? What do you suggest doing in this case?
Thank you very much in advance for any ideas.
-
You're welcome!
-
Thanks Joe. I will do that. Very helpful, I appreciate it!
-
I would keep an eye on organic performance for the next week or two (regularly checking the security issues/manual action reports). If you do not see a downward trend nor receive another message from Google, you should be all set here.
To review organic performance, I suggest monitoring:
-
Organic traffic (GA)
-
Organic Visibility Trends/Rankings (SEMRush, Moz rank tracker)
-
Google Search Console clicks and impressions (particularly for non-branded queries)
Hope this all helps!
-
-
It must have been, although I could also not see anything in Search Console before we cleaned up the hack.
I haven't seen it affect organic performance at all although it's hard to say as we are a B2B business and don't see as much traffic on weekends. Plus it's our corporate website which doesn't get much traffic to begin with.
-
If you are not seeing anything in the manual action report, security issues report or in the SERPs, I would say that Google has detected that the hack was addressed and has removed your manual action. Is organic performance still being impacted?
-
Hi Joe,
The report just says: "Currently, we haven't detected any security issues with your site's content." That's the problem, I had the email, but in Search Console there is no evidence of any hack (although we were definitely hacked, and it is now cleaned up).
Thanks!
-
Hello,
Did you review the Security Issues Report in Google Search Console? If you have a security issue/have been hacked, this is where you will submit a review once the issue has been cleaned up. This Google Webmasters post on hacked sites/requesting a review should help.
Malware or Spam
- Open the Security Issues report in Search Console. The report will probably still show the warnings and sample infected URLs you saw before.
- If you believe that the sample URLs listed are all clean, select Request a review. In order to submit a review, we ask that you provide more information that the site is cleaned of the hacker's damage. For example, for each category within Security Issues, you can write a sentence explaining how the site was cleaned (for example, "For Content injection hacked URLs, I removed the spammy content and corrected the vulnerability: updating an out-of-date plugin.").
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Worth redirecting non-www to www due to higher page authority with www?
When checking my domain I receive higher page authority for www vs non-www. I am considering moving to the www url and applying the necessary redirections but wanted to quickly check if this is worth it. The root page authority https://www.diveidc.com : PA 40 https://diveidc.com : PA 35 By redirecting would I just be transferring over negative signals to the www domain, thus voiding the point for doing any redirect at all?
Technical SEO | | MAGNUMCreative0 -
Some URLs were not accessible to Googlebot due to an HTTP status error.
Hello I'm a seo newbie and some help from the community here would be greatly appreciated. I have submitted the sitemap of my website in google webmasters tools and now I got this warning: "When we tested a sample of the URLs from your Sitemap, we found that some URLs were not accessible to Googlebot due to an HTTP status error. All accessible URLs will still be submitted." How do I fix this? What should I do? Many thanks in advance.
Technical SEO | | GoldenRanking140 -
What is the best practice to re-index the de-indexed pages due to a bad migration
Dear Mozers, We have a Drupal site with more than 200K indexed URLs. Before 6 months a bad website migration happened without proper SEO guidelines. All the high authority URLs got rewritten by the client. Most of them are kept 404 and 302, for last 6 months. Due to this site traffic dropped more than 80%. I found today that around 40K old URLs with good PR and authority are de-indexed from Google (Most of them are 404 and 302). I need to pass all the value from old URLs to new URLs. Example URL Structure
Technical SEO | | riyas_
Before Migration (Old)
http://www.domain.com/2536987
(Page Authority: 65, HTTP Status:404, De-indexed from Google) After Migration (Current)
http://www.domain.com/new-indexed-and-live-url-version Does creating mass 301 redirects helps here without re-indexing the old URLS? Please share your thoughts. Riyas0 -
When doing internal linking back to your home/index file what is the best coding course of action?
When doing internal linking back to your home/index page is it best to set the code as linked to "www.thedomain.com" or "www.thedomain.com/" or just "/" - I'm attempting some canonicalization and our programmer is concerned about linking to just the URL as he's saying it's going to be viewed as an external source. We have www redirects in place that come back to just www.thedomain.com and a redirect to send the www.thedomain.com/index.php back to just www.thedomain.com . Any help would be appreciated, thank you!
Technical SEO | | CharlesDaniels0 -
Hacking and security
Hi, we have had some of our sites hacked and i would like your advice on the situation. We pay a fair but of money for a dedicated server as we thought that by having a dedicated server it would make the sites secure. The language we use for our sites are joomla and wordpress but yesterday a few of them on the dedicated server were hacked. the hosting company have sent us the following info 'There is one extra security improvement on the system we may offer you and it is cloudlinux with cageFS. This improves the overall security on the server but will not stop unsecured code exploiting if such coding is present in your website scripts.' The hosting company is asking for an extra £20 a month to add this on. we asked the hosting company what they meant by unsecured code and they said: 'Unsecure coding is code in your scripts which will allow injections of files from external source. Unfortunately better explanation is not available and for any detailed information you may check with experience local web developer.' We thought that the sites would be secured. The hosting company have said that because one of the sites was not updated from joomla 1.5 to joomla 3.0 which we were planning to do this week, this is the reason why it has happened. However, this does not make any sense, as this is a dedicated server so why has the wordpress sites which are up to date been hacked when they are on the same dedicated server. any advice in understand more on this issue would be great, as i need to find out why this has happened and if i should be taking my sites to another hosting company
Technical SEO | | ClaireH-1848860 -
No manual spam actions found - still my site does not rank
I noticed it on the 1st of October 2012 - that all my rankings disappeared - i filed a reconsideration request w google and i got this - No manual spam actions found. I have no idea why my site would have been subject to an algo change which made my rankings completely go away - i have not used spam, not used any kind of linkbuilding. Can you guys look at my site and see if you have any ideas: http://tinyurl.com/9a5k38u Thank you, Cary
Technical SEO | | CMTM0 -
Duplicate Title Tag issue due to Shopify CMS
Hi guys, I'm a novice really when it comes to SEO, yet have taken it in house for the next year or so, firstly because I have had my fingers burnt twice...and secondly, to allow me to recoup some of the loss from my prior campaigns. One thing I have noticed on my site (which uses a Shopify E-commerce CMS), is that Shopify duplicates a url for each my products. An example of this is http://www.vidahomes.co.uk/collections/designer-radiators-heating/products/reina-aliano
Technical SEO | | philscott2006
http://www.vidahomes.co.uk/products/reina-aliano Both products provide exactly the same information, yet appear in different ways subject to how the customer finds them. I contacted Shopify to find a fix to this issue when I noticed a high amount of Duplicate Title Tags in my SEO crawl. Their response was as follows. Using a rel canonical link will help prevent duplicate content issues with search engines. All you need to do is add this line of code: **<link rel="canonical" href="{{ canonical_url }}" />** ** before the tag in the theme.liquid file. It’s that simple :)** The theme liquid file basically generates the outer template for the whole site, and is only compromised when over-ruled. This all seems a little too easy for me, so I am hoping whether someone can elaborate as to whether this will work or not, as I'm not entirely sold on their response. I was always under the impression with canonical tags, that they should be added to the header section of the duplicate page in question, which refers back to the original page. The code I have been told to add above implies that the canonical tag would be added to every page in my site so the Google robot would have a hard time in finding anything at all of relevance Thanks in advance for any assistance with this. Kind Regards Phil Scott Vida Homes0 -
RSS Hacking Issue
Hi Checked our original rss feed - added it to Google reader and all the links go to the correct pages, but I have also set up the RSS feed in Feedburner. However, when I click on the links in Feedburner (which should go to my own website's pages) , they are all going to spam sites, even though the title of the link and excerpt are correct. This isn't a Wordpress blog rss feed either, and we are on a very secure server. Any ideas whatsoever? There is no info online anywhere and our developers haven't seen this before. Thanks
Technical SEO | | Kerry220