Familiar with the malware reinclusion process?
-
One of our sites was haXX0red and at the moment I'm thinking it was a non-updated paid for WP plugin using the old version of timthumb.
While not important to my question, the hack included .htaccess files in all the /uploads/ to redirect to a site (tonycar dot com) which I assume installed some sort of malware or spyware.
I changed all ftp and admin log ins, updated the timthumb files and deleted all the .htaccess files, for added measure I've currently made the upload folders read only.
I've requested a review through webmaster tools and the image that WMT claimed to be an issue has been removed as being an issue. That is to say if I clicked on the malware warning in WMT, it told me imagex.jpg was a problem and now it doesn't tell me anything is an issue, though the malware warning still persists.
As I no longer have any indication as to what (if anything) is wrong, I tried going through some contacts at adwords to no avail, though they have said there's a note saying there's no malware currently on the site (I'm hoping that's by them and not just my reinclusion request).
Assuming the all mighty G is now satisfied there's no malware on the site (or being processed by the site), does anyone have any idea how to get rid of the warning?
Alternatively if the warning is accurate, how can I find out what's being effected?
-
It's a waiting game at this point. If they don't find problems then ask for reinclusion again. Wait 24 hours between asking for reinclusion & seeing if Google reports new problems.
-
If Google's stopped telling me what the problem files are, any idea how to find out what they are seeing?
I think I've plugged the problem and removed the suspicious files, but I can't really be sure.
-
I ran into an issue with malware once and Google was very responsive during the process. Each time I asked for reinclusion the request was responded to within 24 hours.
I say "each time" because this particular piece of malware infected random files across an entire dedicated server hosting a great deal of websites. After I became aware that the problem was impossible to solve manually, I wrote a script to detect and remove all traces of the malware. At this point it was my 5th request I believe, and there was no problem with Google approving my request.
There are scanners you can use but during my look at them, I didn't find any reliable free ones. Hopefully you got it all and won't need to pay for anything.
Wonderful people, these malware creators. Best of luck.
-
It should go away on it's own once you removed all the offending malware code from your site.
Call your hosting company and they will scan your site and remove the malware for you. A lof of people don't know that their hosting company will be more than happy in assisting removing hacks or viruses present on your sites at no charge. It's probably still on your site if you're still getting the message days later.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
What steps should I take to address damage to my website, including malware insertion and content theft?
The question revolves around the steps required to mitigate damage inflicted upon a website, encompassing issues such as malware insertion and content theft. It prompts a comprehensive exploration of the necessary actions to take in response to these challenges. The inquirer seeks guidance on how to effectively address the damage, indicating a desire for practical solutions and strategies to restore and safeguard their website's integrity. By posing this question, the individual demonstrates an awareness of the severity of the situation and a readiness to undertake corrective measures.
Technical SEO | | ralphbaer0 -
User Agent -teracent-feed-processing
Does anyone knows some info about "teracent-feed-processing" user agent? IP's from which user agent reside: 74.125.113.145, 74.125.113.148, 74.125.187.84 .... In our logs, 2 out of 3 requests are made by it, causing server crash.
Technical SEO | | propertyshark0 -
Google Webmaster tools: Sitemap.xml not processed everyday
Hi, We have multiple sites under our google webmaster tools account with each having a sitemap.xml submitted Each site's sitemap.xml status ( attached below ) shows it is processed everyday except for one _Sitemap: /sitemap.xml__This Sitemap was submitted Jan 10, 2012, and processed Oct 14, 2013._But except for one site ( coed.com ) for which the sitemap.xml was processed only on the day it is submitted and we have to manually resubmit every day to get it processed.Any idea on why it might?thank you
Technical SEO | | COEDMediaGroup0 -
GWT Malware notification for meta noindex'ed pages ?
I was wondering if GWT will send me Malware notification for pages that are tagged with meta noindex ? EG: I have a site with pages like example.com/indexed/content-1.html
Technical SEO | | Saijo.George
example.com/indexed/content-2.html
example.com/indexed/content-3.html
....
example.com/not-indexed/content-1.html
example.com/not-indexed/content-2.html
example.com/not-indexed/content-3.html
.... Here all the pages like the ones below, are tagged with meta noindex and does not show up in search.
example.com/not-indexed/content-1.html
example.com/not-indexed/content-2.html
example.com/not-indexed/content-3.html Now one fine day example.com/not-indexed/content-2.html page on the site gets hacked and starts to serve malware, none of the other pages are affected .. Will GWT send me a warning for this ? What if the pages are blocked by Robots.txt instead of meta noindex ? Regard
Saijo UPDATE hope this helps someone else : https://plus.google.com/u/0/109548904802332365989/posts/4m17sUtPyUS0 -
Our Panda Content Audit Process
We've put together this process over the past year that has shown success when it comes to sites that appear to be hit by Panda. The idea was to put together a process that would allow us to give our clients an understanding of the problem at hand and metrics we can use to explain how recovery is going. Would love to hear your opinion or if you have a different/similar strategy.
Technical SEO | | eyeflow1 -
404 or 503 Malware Content ?
Hi Folks When it comes to malware , if I have a site that uses iframe to show content off 3rd party sites which at times gets infected. Would you recommend 404 or 503 ing those pages with the iframe till the issue is resolved ? ( I am inclined to use 503 .. ) Then take the 404/503 off and ask for a reindex ( from GWT malware section ) OR Ask for a reindex as soon as the 404/503 goes up. ( I do understand we are asking to index as non existing page , but the malware warning gets removed ) PS : it makes sense for this business to showcase content using iframe on these special pages . I do understand these are not the best way to go about SEO.
Technical SEO | | Saijo.George0 -
Has anyone had to deal with malware found on their website?
I am helping my friend website and whole site has been hacked. Does anyone have had this problems? What's the best way to fix this problem? www.marksobhani.com/ Thank you
Technical SEO | | BistosAmerica0 -
Malware ranking drops
Hi, One of our sites got hit with malware in November. We cleaned it up and sent a reconsideration request and no malware warnings are in WMT anymore. We still haven't seen an improvement in rankings even though people say it can take up to 90days? Organic traffic is down 40% and still dropping. Any advice? Thanks
Technical SEO | | Sayers0