How do I stop someone from hijacking my site?
-
I had lost a lot of search engine rankings & it almost put me out of business. I worked a lot on the site in April and in May my sales rebounded 37%+ almost back to where they typically are. I have blamed Panda and saw another Panda update in May and my traffic is declining again. Today I happened to decide to check what pages were being indexed and I also noticed that when I published an update this morning it said the page "<cite class="_Zd">www.cheaptubes.com/index2.asp</cite>" exists on the destination server but not in current site and it asked if I wanted to delete it. I said no at the time but am going to delete it right after this question. I went to google & put "site:cheaptubes.com" into the search. My website has about 50 pages but google has "About 2,160 results" @ 10X per page. The first four pages are mostly my pages but I noticed even on the first page, 3rd result was for Nike shoes and it isn't my site. Someone has hacked my site and put up over 21,000 pages! That must be the real reason behind my website problems, right? How do I stop this from happening again? Is this having the negative effect that I fear it is?
-
ok, thx for that. I will try it. I know the pages that need the 301 from the others. all the bad pages have index2.asp in the names. I have changed my ftp and login passwords
good to know the 404 don't count against me
-
I would definitely make sure not to 301 redirect any of the bad pages. You might get penalized for that.
They won't count the 404's against you, I would change them to a 410 error though for those pages. Then they will drop out of your GWT and the Google index quicker.
-
I went to GWT today and now that I deleted the 2 malicious pages, my site now had 1950 404 errors of which only 15 are legitimate that I need to 301. I'm not sure how to handle this now. I read that google doesn't count 404 or 410 against you but 1950 pages is a lot. I would like to deal with it. I thought about wiping out the site and uploading a new version of it but I think it will have the same errors. Any advice?
http://www.cheaptubes.com/: Increase in not found errors June 20, 2014
Google detected a significant increase in the number of URLs that return a 404 (Page Not Found) error. Investigating these errors and fixing them where appropriate ensures that Google can successfully crawl your site's pages.
Recommended action
- Check the Crawl Errors page in Webmaster Tools.
- Check that pages on your site don't link to non-existent pages. (If another site lists a broken link to your site, Google may list that URL but you may not be able to fix the error.)
-
Thank you for your help
-
Interesting, it sounds like they had a long term plan. Good thing you found about it in time.
I think the plan sounds good. I would definitely get off front page, it has been out of development for a while so there are vulnerabilities that have not been patched in years.
You might look into a cms like Wordpress or concrete5 to make things easier for you with transitioning the site. Then you would have to only learn minimal html / css, and could focus more on the content.
Good luck to ya.
-
Thank you so much. I changed my main login & FTP passwords today. I found that they had changed my email address to info@chatfieldstatepark.org & the last name on my account was changed to Puraty. I suspect it might be networksolutions who got hacked but i don't know for sure. I updated and scanned my computer last night and it is virus/malware free.
I am on shared hosting. I need to get my site updated and off frontpage & then off network solutions. You helped me back in April when i was trying to get my rankings back, thx. I have an interim plan.
1- I will use filezilla to FTP and it shouldn't have the same vulnerabilities as frontpage as it can be updated.
2- My theme designer said the theme doesn't rely on FP extensions. With this in mind I plan to download an HTML editor and can hopefully do future editing from there.
I think this is my short path to getting off frontpage. Does that make sense? I do realize I need to get from HTML2 to HTML5 or something more modern but I'm tryimng to handle this while juggling my other responsibilites in my 80hr work week.
-
Good that the site is clean. What scurri and programs like that do is analyze the site (your real site, not the made up pages) for malicious code. That means all the public facing files should be intact. Also GWT is google webmaster tools, if you passed the scurri check you should be fine there.
Since it sounds like you are on shared or managed hosting I would send a support email to your host and let them know the issue. They might be able to see where someone got in and when it happened, it is worth a shot at least.
What platform are you running on your site? Is it a cms or a custom platform?
More than likely the reason that Moz never detected the pages is because it is a crawler. It starts with your home page and follows every linking page on your site, if the pages were "orphaned" as it sounds like, the crawler would never have picked them up.
-
sucuri says my site is clean
-
Thanks you for your response. I had thought of changing my FTP password but the hosting co's servers were down for maintenance. They blamed it all on me. I did delete the index2.asp page and all the links are broken. I had deleted pages in April when cleaning up the site & I think I deleted this then but didn't know it. I do have a restorable version and I will pursue this tomorrow as well.I will check about the malware, thx as I wouldn't know where to do that. I have been having email problems for some time. I have moz scan my site every week (started in April) and they never detected 10,000 extra pages. I suspect I deleted it in April & they got back in. Maybe I should start selling Nike? : ) IS GWT google webmaster tools?
-
Change all of your passwords is the first thing you should do. Then you need to examine the server logs to see how they got in. I would check the ftp access logs first. Hopefully you have logging turned on. Then with those logs I would search for lines that are not your ip address. If you are on a static ip and you have had the same ip for a while it should be a lot easier. You will be looking for the other ip address. If you cannot find that the server was accessed from another ip address through ftp, then the next option is to look at the code. There might be an exploit in your site that will allow for it. One thing I would do is look at the files that were added via ftp, they will hold a time stamp on them. You can try to cross reference that time and day with the ftp log. If there is at those times (remember your server might not be set to your time zone) then start looking through the site for a "connector" file. It would have been the first that they created, it is basically a bot file that can create files on your server. If you can find that, check that time stamp against the log.
If you have a restorable version of the site, I would consider doing it. I would also see if your site is label as having malware on it. You can use GWT and sucurri to do that.
As for possibility hurting your rankings, yes, definitely. I would get the issue cleaned up, see if there is a pattern for the files that you can redirect to a 404 page and also the robots.txt file as well. I would also check GWT and see if you have a penalty as well. But I would do all of this ASAP if I were you.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Is there a way to automate finding low quality content on your site?
Hi all, I have a site that was once #1 for many keywords. Fast forward a number of years and I am sinking lower and lower and it really started to sink low from September 2012 and appears to be due to an algo update. How should I go about finding my low quality pages? I am told that I might have pages bringing my entire site down. I deleted heaps of low quality pages but not seeing any improvements (might be a little impatient). Any tips for finding bad content?
Content Development | | BatmanGoonie0 -
We are contemplating whether to put a blog on our site.
The reasons we want to put one up is obviously for SEO reasons but since we are a small business with limited resources the higher ups are worried that we will start strong but slack off. Some feel that it's worse to start and not keep up the blog as it gives an unprofessional vibe to google and other users. I maintain that I will try to keep it up to the best of my abilities and that it's better to have something than nothing. What do you feel and do you have any experiences in this?
Content Development | | EcomLkwd0 -
Blog and Website = 2 different URL's - Is it WORTH to merge content on to one site
Good day Mozzers! A friend of mine recently asked for my help in regards to online marketing. While getting familiar with his online presence, I realized that he has a blog hosted under a completely different URL Main Site = http://pardons.org/ (page rank 4)
Content Development | | vip4service
Blog = http://pardons.wordpress.com/ (page rank 3) What I am battling with is whether or not he should take all of the blog content he has, and merge it on to his main site. It has over 280+ blog posts spanning over a few years, so there is A LOT of content that could benefit his main site. However is it worth it, or should he continue to run everything as 2 different sites? Also, of you suggest moving the content over, what would be the best way to do it in your opinion? He currently has links on his blog TO his main site, so there is a little bit of link juice there, but with a average of 300 views a day, he only get about 10 clicks to his main site from the blog. Thanks a ton for your help!0 -
What are the advantages/disadvantages of a blog residing on a website as opposed to free-standing and linked to site
I have a cleint with a web site and with 3 freestanding wordpress blogs - should we be housing those blogs on the site? should we combine them (its an insurance compnay with several business units). thanks
Content Development | | thirsty30 -
A site review please
Hi, first post here so hope i have posted this in the right place. From reading the forums a number of people have asked for site reviews and received some very good feedback so I thought I would jump aboard too. One of my companies, Digital Cow, is based around the world of affiliate marketing and had been doing very well until recent Google changes killed the whole process of making sites based around other people's datafeeds. Through considerable testing we have countered this by increasing the blend of duplicate content and unique, niche related, content. As a result a website we launched about 2 months ago is currently getting around 350 unique hits a day but seems to have stagnated. We know the potential is there for thousands of daily hits on this site and well over 20,000 hits a day on all our websites, but we are having issues with Google at the moment. One week we could be position 10 for a keyword, next position 90, then back to position 10 again and so on. In the last week some 95 keywords moved up the ranking and 62 moved down - we are seoing for a couple of hundred keywords. A small sample of some of these words and our ranking for them are listed below bodysuits women 13
Content Development | | Grumpy_Carl
tumbum 14
bright leggings 18
bright tights 18
bridal hold ups 19
opaque hold ups 20
girls in leggings 21
pretty polly hold up 21
fish net hold ups 22
slimming tights 22
tum bum 26
magic knickers 27
toeless tights 28 and there are many more. The website in question is www.brighttights.com. If anyone could spare a moment to offer their opinion on what they think of the site re seo that would be most welcome. Given it's an ecommerce site there are limits to the content we can add on the homepage. Many thanks Carl0 -
Site structure question
I'm doing a site that will have many many pages.
Content Development | | OxzenMedia
Now I have heard that you get more seo value if its a lower tear so for example: site.com/product rather than site.com/brand/subbrand/product Is this correct? Should I structure my site like this? site.com/product
site.com/brand points to site.com/product (so all products are on the sub root.) Does that make sense?0 -
Please help me stop google indexing https pages on my wordpress site
I added SSL to my wordpress blog because that was the only way to get a dedicated IP address for my site at my host. Now I am noticing Google has started indexing posts both as http and https. Can some one please help how to force google not to index https as I am sure its like having duplicate content. All help is appreciated. So far I have added this to top of htaccess file: RewriteEngine on Options +FollowSymlinks RewriteCond %{SERVER_PORT} ^443$ RewriteRule ^robots.txt$ robots_ssl.txt And added robots_ssl.txt with following: User-agent: Googlebot Disallow: / User-agent: * Disallow: / But https pages are still being indexed. Please help.
Content Development | | rookie1230 -
Your Site and Google News Question
My site has been in Google News for about 3 years. Over the weekend, I received this message from Google Hi John, We periodically review news sources, to ensure Google News offers a high quality experience for our users. When we reviewed your site, mainstreetmonroe.com, we found that we can no longer include it in Google News at this time. We reviewed your site and are unable to include it in Google News at this time. We can't include sites that don't have a formal editorial-review process for submitted content. If this exists on your site, please let us know where and we'll be happy to review your site again. Mainstreetmonroe is scheduled to be removed from Google News for a period of at least 30 days. After this 30-day period has elapsed, you can re-apply for inclusion in Google News provided your site meets our guidelines. We appreciate your assistance in this matter. Please note that you'll still be able to find your site in Google Web Search and other Google services. Thanks for your interest in Google News. Regards, The Google News Team What exactly do they mean? I submitted my website news section, but they have been displaying our forum area in the news too. I think the forum is what GN is talking about. What is the best way to fix this problem? Move the forum to a subdomain? Website: http://www.mainstreetmonroe.com/ Forum: http://www.mainstreetmonroe.com/Voice/forum.asp?FORUM_ID=2
Content Development | | JohnBeagle0