Manual action due to hack
-
We have had some issues with one of our websites getting hacked. The first time it happened, we noticed it the next morning and cleaned it up before Google even realised. However, the same thing happened again over the weekend, and I came into the office to an email from Google:
Google has detected that your site has been hacked by a third party who created malicious content on some of your pages. This critical issue utilizes your site’s reputation to show potential visitors unexpected or harmful content on your site or in search results. It also lowers the quality of results for Google Search users. Therefore, we have applied a manual action to your site that will warn users of hacked content when your site appears in search results. To remove this warning, clean up the hacked content, and file a reconsideration request. After we determine that your site no longer has hacked content, we will remove this manual action.
_Following are one or more example URLs where we found pages that have been compromised. Review them to gain a better sense of where this hacked content appears. The list is not exhaustive. _
We have again cleaned up the website, however, my problem is that even though we have received this email, I cannot find any evidence of the manual action having actually been applied. I.e. it doesn't show in the Search Console and I am also not getting a warning in the search results when searching for our own website or clicking on the result for our website. That means I cannot submit a reconsideration request - however I am not sure at all there was actually a manual action applied at all based on my test searches.
Has anyone here experienced the same issue? What do you suggest doing in this case?
Thank you very much in advance for any ideas.
-
You're welcome!
-
Thanks Joe. I will do that. Very helpful, I appreciate it!
-
I would keep an eye on organic performance for the next week or two (regularly checking the security issues/manual action reports). If you do not see a downward trend nor receive another message from Google, you should be all set here.
To review organic performance, I suggest monitoring:
-
Organic traffic (GA)
-
Organic Visibility Trends/Rankings (SEMRush, Moz rank tracker)
-
Google Search Console clicks and impressions (particularly for non-branded queries)
Hope this all helps!
-
-
It must have been, although I could also not see anything in Search Console before we cleaned up the hack.
I haven't seen it affect organic performance at all although it's hard to say as we are a B2B business and don't see as much traffic on weekends. Plus it's our corporate website which doesn't get much traffic to begin with.
-
If you are not seeing anything in the manual action report, security issues report or in the SERPs, I would say that Google has detected that the hack was addressed and has removed your manual action. Is organic performance still being impacted?
-
Hi Joe,
The report just says: "Currently, we haven't detected any security issues with your site's content." That's the problem, I had the email, but in Search Console there is no evidence of any hack (although we were definitely hacked, and it is now cleaned up).
Thanks!
-
Hello,
Did you review the Security Issues Report in Google Search Console? If you have a security issue/have been hacked, this is where you will submit a review once the issue has been cleaned up. This Google Webmasters post on hacked sites/requesting a review should help.
Malware or Spam
- Open the Security Issues report in Search Console. The report will probably still show the warnings and sample infected URLs you saw before.
- If you believe that the sample URLs listed are all clean, select Request a review. In order to submit a review, we ask that you provide more information that the site is cleaned of the hacker's damage. For example, for each category within Security Issues, you can write a sentence explaining how the site was cleaned (for example, "For Content injection hacked URLs, I removed the spammy content and corrected the vulnerability: updating an out-of-date plugin.").
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Is putting a manufacturer's product manual on my site in PDF duplicate content
I add the product manuals to our product pages to provide additional product information to our customers. Is this considered duplicate content? Is there a best way to do this so that I can offer the information to my customers without getting penalized for it? Should they be indexable? If not how do I control?
Technical SEO | | merch_zzounds0 -
Home Page Deindexed Only at Google after Recovering from Hack Attack
Hello, Facing a Strange issue, wordpress blog hghscience[dot]com was hacked by someone, when checked, I found index.php file was changed & it was showing some page with a hacked message, & also index.html file was added to the cpanel account.All pages were showing same message, when I found it, I replaced index.php to default wordpress index.php file & deleted index.htmlI could not find any other file which was looking suspicious. Site started working fine & it was also indexed but cached version was that hacked page. I used webmaster tool to fetch & render it as google bot & submitted for indexing. After that I noticed home page get deindexed by google. Rest all pages are indexing like before. Site was hacked around 30th July & I fixed it on 1st Aug. Since then home page is not getting indexed, I tried to fetch & index multiple time via google webmasters tool but no luck as of now. 1 More thing I Noticed, When I used info:mysite.com on google, its showing some other hacked site ( www.whatsmyreferer.com/ ) When Searching from India But when same info:mysite.com is searched from US a different hacked site is showing ( sigaretamogilev.by )However when I search "mysite.com" my site home page is appearing on google search but when I check cached URL its showing hacked sites mentioned above.As per my knowledge I checked all SEO Plugins, Codes of homepage, can't find anything which is not letting the homepage indexed.PS: webmaster tool has received no warning etc for penalty or malware. I also noticed I disallowed index.php file via robots.txt earlier but now I even removed that. 7Dj1Q0w.png 3krfp9K.png
Technical SEO | | killthebillion0 -
Site hacked, but can't find the code
Discovered some really odd words ranking for us in WMT. Looked further and found pages like this www.pdnseek.com/wll/canadian-24-hour-pharmacy. When you click it it redirects to the home page. The developers can't find /wll anywhere on the site. The pages are indexed and cached. Looked at the back links in moz and found many backlinks to our site from other sites using URLs like this. The host says there is nothing on the server, but where else could it be. We've run virus scans, nothing, looked through source code, nothing. Anyone with some idea? www.pdnseek.com is the URL
Technical SEO | | Britewave0 -
Manual Action found in WMTs, no email, no message in WMTs
Someone I know said that they were looking though there WMTs and under Manual Actions they found they had a partial penalty. There is no date against it and they never got an email and there are no messages WMTs for it. I haven't personally dealt with a Manual penalty before, but I would have expected there to be a message in WMTs for it ( an email might have been missed because of a spam filter etc). Could it be a very old penalty?
Technical SEO | | PaddyDisplays0 -
Has anyone had their Google manual spam penalty lifted without notice?
In June of this year, our company submitted a reconsideration request, which Google rejected and confirmed that they had a manual spam penalty placed on us. After cleaning up our extensive link portfolio, we submitted our 2nd reconsideration at the end of this month (July) and received this response: Dear site owner or webmaster of domain, We received a request from a site owner to reconsider domain for compliance with Google's Webmaster Guidelines. We reviewed your site and found no manual actions by the webspam team that might affect your site's ranking in Google. There's no need to file a reconsideration request for your site, because any ranking issues you may be experiencing are not related to a manual action taken by the webspam team. Of course, there may be other issues with your site that affect your site's ranking. Google's computers determine the order of our search results using a series of formulas known as algorithms. We make hundreds of changes to our search algorithms each year, and we employ more than 200 different signals when ranking pages. As our algorithms change and as the web (including your site) changes, some fluctuation in ranking can happen as we make updates to present the best results to our users. If you've experienced a change in ranking which you suspect may be more than a simple algorithm change, there are other things you may want to investigate as possible causes, such as a major change to your site's content, content management system, or server architecture. For example, a site may not rank well if your server stops serving pages to Googlebot, or if you've changed the URLs for a large portion of your site's pages. This article has a list of other potential reasons your site may not be doing well in search. If you're still unable to resolve your issue, please see our Webmaster Help Forum for support. Sincerely, Google Search Quality Team Has anyone else or their clients experienced this recently? Can this be attributed to the "softer" Panda update? Any other additional information is greatly appreciated.
Technical SEO | | eugeneku0 -
Duplicate Title Tag issue due to Shopify CMS
Hi guys, I'm a novice really when it comes to SEO, yet have taken it in house for the next year or so, firstly because I have had my fingers burnt twice...and secondly, to allow me to recoup some of the loss from my prior campaigns. One thing I have noticed on my site (which uses a Shopify E-commerce CMS), is that Shopify duplicates a url for each my products. An example of this is http://www.vidahomes.co.uk/collections/designer-radiators-heating/products/reina-aliano
Technical SEO | | philscott2006
http://www.vidahomes.co.uk/products/reina-aliano Both products provide exactly the same information, yet appear in different ways subject to how the customer finds them. I contacted Shopify to find a fix to this issue when I noticed a high amount of Duplicate Title Tags in my SEO crawl. Their response was as follows. Using a rel canonical link will help prevent duplicate content issues with search engines. All you need to do is add this line of code: **<link rel="canonical" href="{{ canonical_url }}" />** ** before the tag in the theme.liquid file. It’s that simple :)** The theme liquid file basically generates the outer template for the whole site, and is only compromised when over-ruled. This all seems a little too easy for me, so I am hoping whether someone can elaborate as to whether this will work or not, as I'm not entirely sold on their response. I was always under the impression with canonical tags, that they should be added to the header section of the duplicate page in question, which refers back to the original page. The code I have been told to add above implies that the canonical tag would be added to every page in my site so the Google robot would have a hard time in finding anything at all of relevance Thanks in advance for any assistance with this. Kind Regards Phil Scott Vida Homes0 -
Using differing calls to action based on IP address
Hi, We have an issue with a particular channel on a lead generation site where we have sales staff requiring different quality of leads in different parts of the country. In saturated markets they require a stricter lead qualification process than those in more challenging markets. To combat the problem I am toying with the idea of severing very slightly different content based on IP address. The main change in content would be in terms of calls to action and lead qualification processes. We would plan to have a "standard" version of the site for when IP location can not be detected. URLs on this version would be the rel="canonical" for the location specific pages. Is there a way to do this without creating duplicate content, cloaking or other such issues on the site? Any advice, theories or case studies would be greatly appreciated.
Technical SEO | | SEM-Freak1 -
Severe rank drop due to overwritten robots.txt
Hi, Last week we made a change to drupal core for an update to our website. We accidentally overwrote our good robots.txt that blocked hundreds of pages with the default drupal robots.txt. Several hours after that happened (and we didn't catch the mistake) our rankings dropped from mostly first, second place in Google organic to bottom and mid first page. Basically I believe we flooded the index with very low quality pages at once and threw a red flag and we got de-ranked. We have since fixed the robots.txt and have been re-crawled but have not seen a return in rank. Would this be a safe assumption of what happened? I haven't seen any other sites getting hit in the retail vertical yet in regards to any Panda 2.3 type of update. Will we see a return in our results anytime soon? Thanks, Justin
Technical SEO | | BrettKrasnove0