Manual action due to hack
-
We have had some issues with one of our websites getting hacked. The first time it happened, we noticed it the next morning and cleaned it up before Google even realised. However, the same thing happened again over the weekend, and I came into the office to an email from Google:
Google has detected that your site has been hacked by a third party who created malicious content on some of your pages. This critical issue utilizes your site’s reputation to show potential visitors unexpected or harmful content on your site or in search results. It also lowers the quality of results for Google Search users. Therefore, we have applied a manual action to your site that will warn users of hacked content when your site appears in search results. To remove this warning, clean up the hacked content, and file a reconsideration request. After we determine that your site no longer has hacked content, we will remove this manual action.
_Following are one or more example URLs where we found pages that have been compromised. Review them to gain a better sense of where this hacked content appears. The list is not exhaustive. _
We have again cleaned up the website, however, my problem is that even though we have received this email, I cannot find any evidence of the manual action having actually been applied. I.e. it doesn't show in the Search Console and I am also not getting a warning in the search results when searching for our own website or clicking on the result for our website. That means I cannot submit a reconsideration request - however I am not sure at all there was actually a manual action applied at all based on my test searches.
Has anyone here experienced the same issue? What do you suggest doing in this case?
Thank you very much in advance for any ideas.
-
You're welcome!
-
Thanks Joe. I will do that. Very helpful, I appreciate it!
-
I would keep an eye on organic performance for the next week or two (regularly checking the security issues/manual action reports). If you do not see a downward trend nor receive another message from Google, you should be all set here.
To review organic performance, I suggest monitoring:
-
Organic traffic (GA)
-
Organic Visibility Trends/Rankings (SEMRush, Moz rank tracker)
-
Google Search Console clicks and impressions (particularly for non-branded queries)
Hope this all helps!
-
-
It must have been, although I could also not see anything in Search Console before we cleaned up the hack.
I haven't seen it affect organic performance at all although it's hard to say as we are a B2B business and don't see as much traffic on weekends. Plus it's our corporate website which doesn't get much traffic to begin with.
-
If you are not seeing anything in the manual action report, security issues report or in the SERPs, I would say that Google has detected that the hack was addressed and has removed your manual action. Is organic performance still being impacted?
-
Hi Joe,
The report just says: "Currently, we haven't detected any security issues with your site's content." That's the problem, I had the email, but in Search Console there is no evidence of any hack (although we were definitely hacked, and it is now cleaned up).
Thanks!
-
Hello,
Did you review the Security Issues Report in Google Search Console? If you have a security issue/have been hacked, this is where you will submit a review once the issue has been cleaned up. This Google Webmasters post on hacked sites/requesting a review should help.
Malware or Spam
- Open the Security Issues report in Search Console. The report will probably still show the warnings and sample infected URLs you saw before.
- If you believe that the sample URLs listed are all clean, select Request a review. In order to submit a review, we ask that you provide more information that the site is cleaned of the hacker's damage. For example, for each category within Security Issues, you can write a sentence explaining how the site was cleaned (for example, "For Content injection hacked URLs, I removed the spammy content and corrected the vulnerability: updating an out-of-date plugin.").
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
How can I make it so that robots.txt is not ignored due to a URL re-direct?
Recently a site moved from blog.site.com to site.com/blog with an instruction like this one: /etc/httpd/conf.d/site_com.conf:94: ProxyPass /blog http://blog.site.com
Technical SEO | | rodelmo4
/etc/httpd/conf.d/site_com.conf:95: ProxyPassReverse /blog http://blog.site.com It's a Wordpress.org blog that was set as a subdomain, and now is being redirected to look like a directory. That said, the robots.txt file seems to be ignored by Google bot. There is a Disallow: /tag/ on that file to avoid "duplicate content" on the site. I have tried this before with other Wordpress subdomains and works like a charm, except for this time, in which the blog is rendered as a subdirectory. Any ideas why? Thanks!0 -
My PR1 website with no manual action is not appearing in the google top 200 result, it used to be top 1
Hi All, My website has 5 years of history, it used to be top 3 for its keyword with an SEO firm I hired back then with PR3. After 2013, its ranking starts dropping to not appearing at all in the google search result. But my site is not banned. There are still some long tail google traffic. There is no manual action in the webmaster tool. Even today, it still has PR1 but it is still not appearing in the top 200 results of google. My onsite optimization for the main keyword is good. It's just not appearing in google results at all. I manually reviewed all the top 200 results, there are so many spammy blogs were listed but not my legit website homepage with unique content. I do regret hiring that SEO firm now. But there is no manual action to my site according to google so I don't know if I should disavow all the old backlinks. I started to do some quality SEO works myself now. My ranking is now at around 11~15 in Yahoo/Bing from 30~40. Do I see some light at the end of the tunnel? Does that mean my site may appear in google again? Thank you all for the reply.
Technical SEO | | ChelseaP0 -
Some URLs were not accessible to Googlebot due to an HTTP status error.
Hello I'm a seo newbie and some help from the community here would be greatly appreciated. I have submitted the sitemap of my website in google webmasters tools and now I got this warning: "When we tested a sample of the URLs from your Sitemap, we found that some URLs were not accessible to Googlebot due to an HTTP status error. All accessible URLs will still be submitted." How do I fix this? What should I do? Many thanks in advance.
Technical SEO | | GoldenRanking140 -
My site was hacked and spammy URLs were injected that pointed out. The issue was fixed, but GWT is still reporting more of these links.
Excuse me for posting this here, I wasn't having much luck going through GWT support. We recently moved our eCommerce site to a new server and in the process the site was hacked. Spammy URLs were injected in, all of which were pointing outwards to some spammy eCommerce retail stores. I removed ~4,000 of these links, but more continue to pile in. As you can see, there are now over 20,000 of these links. Note that our server support team does not see these links anywhere. I understand that Google doesn't generally view this as a problem. But is that true given my circumstance? I cannot imagine that 20,000 new, senseless 404's can be healthy for my website. If I can't get a good response here, would anyone know of a direct Google support email or number I can use for this issue?
Technical SEO | | jampaper0 -
How long does it take before a site is back in the SERP after a manual spamaction is revoked
Hi, A client of ours has a website with a manual spam action (duplicate content). Because they made some mistakes with redirects while moving the site from a URL to another google penitalized the site. We fixed the errors and the spamction is revoked. My question is how long it ussualy takes before the first results are back in the SERP. In WMT Google says "some time". But has anyone got some more information on it? Best Regards, Sam
Technical SEO | | U-Digital0 -
Manual Action found in WMTs, no email, no message in WMTs
Someone I know said that they were looking though there WMTs and under Manual Actions they found they had a partial penalty. There is no date against it and they never got an email and there are no messages WMTs for it. I haven't personally dealt with a Manual penalty before, but I would have expected there to be a message in WMTs for it ( an email might have been missed because of a spam filter etc). Could it be a very old penalty?
Technical SEO | | PaddyDisplays0 -
What is the best practice to re-index the de-indexed pages due to a bad migration
Dear Mozers, We have a Drupal site with more than 200K indexed URLs. Before 6 months a bad website migration happened without proper SEO guidelines. All the high authority URLs got rewritten by the client. Most of them are kept 404 and 302, for last 6 months. Due to this site traffic dropped more than 80%. I found today that around 40K old URLs with good PR and authority are de-indexed from Google (Most of them are 404 and 302). I need to pass all the value from old URLs to new URLs. Example URL Structure
Technical SEO | | riyas_
Before Migration (Old)
http://www.domain.com/2536987
(Page Authority: 65, HTTP Status:404, De-indexed from Google) After Migration (Current)
http://www.domain.com/new-indexed-and-live-url-version Does creating mass 301 redirects helps here without re-indexing the old URLS? Please share your thoughts. Riyas0 -
Duplicate content due to credit card testing
I recently launched a site - http://www.footballtriviaquestions.co.uk and the site uses Paypal. In order to test the PayPal functionality I set up a zapto.org domain via a permanent IP service that points directly to the computer I've written the website on. It appears that Google has now indexed the zapto.org website. Will this cause problems to my main website, as the zapto.org website will pretty much contain content that is an exact duplicate of what is held on the main website. I've looked in Google webmaster tools for the main website and it doesn't mention any duplicate content, but I'm currently not in the top 50 ranking for "football trivia questions' on Google despite SEOMoz ranking my home page with an A rating. The page does rank at position 16 in Yahoo and Bing. This seems odd to me, although I do have very few back links pointing to my site. If the duplicate content is likely to be causing me problems what would be the best way to knock the zapto.org results out of Google
Technical SEO | | ipr1010