URL Injection Hack - What to do with spammy URLs that keep appearing in Google's index?

peteboyd

A website was hacked (URL injection) but the malicious code has been cleaned up and removed from all pages. However, whenever we run a site:domain.com in Google, we keep finding more spammy URLs from the hack. They all lead to a 404 error page since the hack was cleaned up in the code. We have been using the Google WMT Remove URLs tool to have these spammy URLs removed from Google's index but new URLs keep appearing every day. We looked at the cache dates on these URLs and they are vary in dates but none are recent and most are from a month ago when the initial hack occurred.

My question is...should we continue to check the index every day and keep submitting these URLs to be removed manually? Or since they all lead to a 404 page will Google eventually remove these spammy URLs from the index automatically?

Thanks in advance Moz community for your feedback.

Dezzign

If the urls follow any particular pattern then you can use a  htaccess redirect and return the header code 410 / 403 / 404 to Google. (I suggest 410) They will soon drop out of the index.

I don't know the exact .htaccess syntax off the top of my head but it will be something like this:

If they all come from the same folder then it would look something like this:
RedirectMatch 410 ^/folder/.*$

If they have a common character string after the forward slash (such as xyz) then it would look something like this:
RedirectMatch 410 ^/xyz.*$

If they have any common character string footprints at all (such as xyz) then it would look something like this (now I'm guessing):
RedirectMatch 410 ^/()xyz.$

This would be a pretty easy fix if all of those spammy urls have any common characters after the forward slash or they all originate from a certain folder.

LesleyPaone

You might get a little quicker removal if you send them with a 410 status code. That will let Google know that the page is gone for good. http://searchenginewatch.com/sew/how-to/2340728/matt-cutts-on-how-google-handles-404-410-status-codes

peteboyd

No problem at all! These new URLs do not actually exist on the website. Since we cleaned up the malicious code all of these URLs redirect to our 404 page.

94501

Sorry to misunderstand the problem. Do those new urls actually exist on your site or just in search?

peteboyd

Hi 94501,

Thanks for taking the time to respond. Just to be clear, we are not submitting multiple removals for the same URL and I don't think Google WMT even allows you to do that. Completely new URLs are appearing each day after removing the older ones.

My main concern is having spammy URLs indexed and associated with my website and the negative effects it can have from an SEO perspective.

94501

Hi Pete,

It sounds like you've done what you can. I wouldn't submit multiple removals for the same url.

I assume it's out of your site map and you're not still being hacked and have figured out how it happened and taken steps to fix it.

Google will eventually figure it out. I'd try to move on to new stuff.

Best... Mike