What to do if you've been hacked.....
-
Just logged into our CMS system and it appears we have been hacked.
All page titles have been hijacked adding a secondary title tag linking out to website http://emapaydayloans.com with anchor text pay day loans.
Our Web Dev team are working on fixing the hack now. My concern is the potential knock on effect to SEO.
This looks like a bad neighbourhood site:
- 3 pages indexed
- PR 0
And for I don't know how long we've had almost every page on all our domains linking out with the following page title including the same link and anchor text:
I assume its a wait and see at this stage.
-
Thanks for the responses guys, looks like an SQL Injection.
We have cleared the import and all is back to normal. We'll be looking in to beefing up protection. Thanks for the advice. Will be keeping my eye on the traffic via analytics and watching out for messages in Webmaster Tools
-
This type of problem is really hard to fix unless you know how to do the deep scrubbing needed to get rid of the problem. If you don't scrub it properly the problem will recur over and over.
I would hire a pro ASAP.
-
if you have a paid hosting company call them and they'll run tools on your site to find any exploits.
if your traffic is holding steady you might be ok, just get those links off your site and take care of the security holes. Also your FTP write/edit permissions might need to be tightened up.
-
Fix it as quick as possible
Find any exploits you may have missed (keep WP Up to date, disable admin account, if on shared hosting check all file permissions, make sure you are using SFTP (port 22) ect...)
Monitor your traffic for drops and check web cache of Google to see if it was even indexed
If you do take a knock (which I doubt unless it was there for a while) I am not sure a reconsideration would do anything, so you will probably just have to do some damage control
(ie... get lots of social mentions on a good piece of industry relevant content)
Hope this helps
PS this can help you with hardening WP install http://codex.wordpress.org/Hardening_WordPress
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
How good/bad the exit intent pop-ups? What is Google's perspective?
Hi all, We have launched the exit intent pop-ups on our website where a pop-up will appear when the visitor is about to leave the website. This will trigger when the mouse is moved to the top window section; as an attempt by the visitor to close the window. We see a slight ranking drop post this pop-up launch. As the pop-up is appearing just before someone leaves the website; does this making Google to see as if the user left because of the pop-up and penalizing us? What is your thoughts and suggestions on this? Thanks
White Hat / Black Hat SEO | | vtmoz1 -
HELP!! We are losing search visibility fast and I don't know why?
We have recently moved from http to https - could this be a problem? https://www.thepresentfinder.co.uk As far as I'm aware we are doing everything by SEO best practice and have no manual penalties, all content is unique and we are not doing any link farming etc...
White Hat / Black Hat SEO | | The-Present-Finder0 -
I'm Getting Attacked, What Can I Do?
I recently noticed a jump in my Crawl Errors in Google Webmaster Tools. Upon further investigation I found hundreds of the most spammy web pages I've ever seen pointing to my domain (although all going to 404 errors): http://blurchelsanog1980.blog.com/ http://lenitsky.wordpress.com/ These are all created within the last week. A. What the hell is going on? B. Should I be very concerned? (because they are 404 errors) C. What should my next steps be? Any help would be greatly appreciated.
White Hat / Black Hat SEO | | CleanEdisonInc0 -
Hackers are selling fake 'Likes' on FB, Instragram
An interesting article on how to get social media buzz: http://www.huffingtonpost.com/2013/08/16/fake-instagram-likes_n_3769247.html
White Hat / Black Hat SEO | | ChristopherGlaeser0 -
Goddady's Domain Masking and 301's
I have a client who's 7 domains and single website (instantpages®) exists within the clutches of GoDaddy. They own 6 kewyord rich domain names that 301 redirect with masking to the main branded domain. In effect, what this provides is the ability to add a title tag and meta description for a keyword rich domain name that displays content through an iframe. So really it's not duplicate content but this practice sets off my spidey sense that this is not a best practice regarding SEO. I want to suggest for the client to drop the idea of masking and do a straight 301 redirect to main branded domain. I'm sure that is fine but these domains are Not similar variations but actually vary widely: massage-city.com, city-massage.com, city-acupuncture.com, acupuncture-city.com, city-chiropractic.com, chiropractic-city.com etc ---- Doesn't Google frown on redirecting 6 domains to a single domain if they vary widely? Words of wisdom appreciated.
White Hat / Black Hat SEO | | superZj0 -
Is this a 'real site' or a spam site for backlinks
I have been asked what type of site this is? What kind of page is this? [http://www.gotocostarica.com/](http://www.gotocostarica.com/) In my opinion it is site put up to create back links and should be avoided (especially in the light of the new Penguin and Panda updates coming). But I don't want to give wrong advice. What are your opinions?
White Hat / Black Hat SEO | | Llanero0 -
What's the best way to set up 301's from an old off-site subdomain to a new off-site subdomain?
We are moving our Online store to a new service and we need to create 301's for all of the old product URLs. Being that the old store was hosted off-site, what is the best way to handle the 301 re-directs? Thanks!
White Hat / Black Hat SEO | | VermilionDesignInteractive0 -
Does Google Penalize for Managing multiple Google Places from the same IP Address? Can you manage from same google account or separate? Or does it matter since it's created from the same IP?
I manage a number of client's Google Places from the same IP and heard this is not a good thing. Are there Do's and Don'ts when managing multiple Google Places? Create separate google accounts for each or can you use the same account?
White Hat / Black Hat SEO | | Souk0
