Website hacked
-
Hi I've been asked to help a colleague with his website. It seems to be hacked. He recently received an e-mail from Google saying his adwords account was suspended 'due to high probability his site may be hosting or distributing malicious software' I just checked his source and there seems to loads of weird on code on his pages, this would not have been but on by any members of the website owners.
Please image attached when we try to access his website via google search
I just contacted the hosting provider - does anyone have experience with this and how to prevent such hacking in the future. The site is build using HTML with no CMS.
-
Hi Socialdude,
Did you get this sorted out, or would you like some more advice still?
-
Hi Socialdude,
A look at that code suggests that the most likely point of access has to be a file that is more than just regular HTML somewhere on your site. This means that somewhere, there must be at least one php file.
My first guess would be that there is a page with a PHP driven contact form which has been used to inject code into the site and propogate the malicious javascript into the other pages.
If you have a clean backup copy of all pages in the site (either with your friend or their developer), then the quickest fix is to upload your backup version.
If you don't have a backup, then you could try checking the Wayback Machine and see if there is a clean copy archived there which you can grab and upload to replace the hacked site.
If neither of those is an option, then the first thing to do is to find any pages in the site with the .php extension.
Rename the files by changing the file extension from .php to .txt. (If you are unsure of how to change the file extension, you can just open the files, save a copy with a .txt extension and then delete the .php version from the server)
You can now look at the file(s) that were PHP, see what has been added to the code and clean it up. You will then need to individually edit the HTML files and remove all of the bad javascript code. Now that you have everything cleaned up, create a complete backup of the site just in case you need it again in the future. Upload your clean copy and you should be good to go.
I would also go to Google Webmaster Tools & use "fetch as googlebot" to fetch and add the index page so that Google knows you are now OK to crawl again.
Hope that helps,
Sha
-
One way this can happen and your code you posted looks like a case I have seen happenn to a friend, is SQL injection. Where someone posts script into your database though inputs in your form. then when you request the data from the database it is executed.
Most newer technologies have fixed this hole, but older technologies are prone to it.
-
Cheers for your reply, as far as I know the site was built by an experienced developer but I couldn't really comment as I'm not sure. I must say the site is pretty old and it's not html validated.
We are currently looking to get the site build on a CMS either worpdress or modx.
Based on what you mentioned above I will just wait and see what the hosting company have to say with regards to this issue.
-
Web security is a very complex field which has literally hundreds of layers. You said the site was built using HTML. Is this an experienced developer with formal web development training who uses valid HTML code and has years of experience? Or is this a do-it-yourself kind of project?
It's kind of like saying someone broke into your house. They could come through the front door, the back door, the side door, any window or slide down the chimney. They could have a key made or pick the lock or smash the lock. Security is a very comprehensive field which involves the web server itself, the website, the admin panel and more. There is not a Q&A response anyone can offer to address the many factors involved.
You can pay for McAfee or a similar service to perform daily malware scans of your site and alert you to security issues. You can also move to a CMS and ensure you keep the latest updates and read their security guidelines.
-
I'm not to sure to be honest I'm not a web designer / developer and don't have experience with databases.
-
is it on the pages where you naviagte to them though the file system?
does the website use a database?
-
I found this in the source code and it's placed on all pages and looks like the below there are about 10 paragraphs on each page: I just hope the hosting provider can help us out.
-
I have never had this happen, but i would guess that the code is probably added thought a rewite rule. See if the code is actualy on the pages via the fiels system. if not i would be looking for rewrite rules in the server settings.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Images on Website for SEO
Good Morning, We have a magento website with hundreds of different products that have slight size variations. The image for each of these products looks the same (the only difference between the products is some of the dimensions) .... Would you recommend using the same image for each of these products and just use a generic file name that describes the overall product or would you give each product its own image with it's specific product name as the file name? Should I use 1 image for 500 different sku's or should i rename the file the name of each individual sku and load an individual image? The end user will not know the difference since all of the images will appear identical, simply asking from an SEO perspective. Thanks
Technical SEO | | Prime850 -
Site hacked, but can't find the code
Discovered some really odd words ranking for us in WMT. Looked further and found pages like this www.pdnseek.com/wll/canadian-24-hour-pharmacy. When you click it it redirects to the home page. The developers can't find /wll anywhere on the site. The pages are indexed and cached. Looked at the back links in moz and found many backlinks to our site from other sites using URLs like this. The host says there is nothing on the server, but where else could it be. We've run virus scans, nothing, looked through source code, nothing. Anyone with some idea? www.pdnseek.com is the URL
Technical SEO | | Britewave0 -
Website Redesign - Blogger To WordPress Platform URL Structure
I am transferring a website (www.EXAMPLE.com) From Blogger To Wordpress. Currently, the website content is specific to cover the Colorado Market. In the near future, I plan on covering the same market in other state. I have seen regional websites like this that have the URL structure - (STATE.EXAMPLE.com) I have also seen websites with URL Structure - (EXAMPLE.COM/STATE) Is there any advantage using one URL structure over the other in term of SEO & otherwise? In the process of transferring the website, I would like to clean-up the URL structure but I don't want to lose a significant amount of link juice/organic traffic. Do you recommend I restructure the URLs at this time?
Technical SEO | | InternetRep0 -
How to change primary language of the website?
Problem: there is a domain.com which primary language is Lithuanian, we want to switch it to English. The English content is on the website fully translated under domain.com/en/english-url. Question: How do i switch English content to domain.com while moving the Lithuanian one to domain.com/lt/lithuanian-url The purpose of course is NOT to loose neither English nor Lithuanian organic traffic Possible solution: the only solution I though of is to 301 English /en urls to domain.com ant to 301 the Lithuanian domain.com urls to /lt. Is that everything I should do or is there some other meta tags, server side or other stuff i should be worried about?
Technical SEO | | SEO_MediaInno0 -
New Website and Domain Question
Hi all, I am launching a new website around the end of October and I have purchased a great domain to use for it. My question is should I put some kind of holding page up to try and start building up some domain authority in preperation for launch? Or maybe a blog at www.domain.com/blog and then keep all the blog content at the same location when the full site goes up? Or is it best to wait and just launch the site when the first version is complete? Thanks, Ben
Technical SEO | | BenInder0 -
Should I promote each section of my website
Hi, i have a magazine website and i have been heavily promoting the main page of the site thinking that all the work i am doing for the main page which includes links and so on would then pass onto the rest of my site but i have a feeling this is not correct. Can anyone let me know if i should be concentrating on each section of the site and also on my articles should i be promoting these articles or let the search engines pick them up. I already use facebook and twitter to promote new articles but i would like to know if i should be doing more than this
Technical SEO | | ClaireH-1848860 -
Advice on Linking to an Adult Related Website
I have a question regarding whether or not Google would penalize my main website for linking to a website that has adult content. The site I am linking to is not a porn site, rather it is a site that sells web site templates for adult related stores selling sexy toys, videos, etc. For example my site that is linking to the adult related website is here: http://www.websitetemplatedesign.com/ and the link to the site is in the footer at the bottom left which is an icon. And it links to http://www.adultsextemplates.com/ Im just looking for advice as to whether or not this could be a penalty or not. I did suffer major SERP loss in the last month and Im trying to find what I am doing that may have caused this. Any advice would be appreciated.
Technical SEO | | jmccommas0 -
What is the best website structure for SEO?
I've been on SEOmoz for about 1 month now and everyone says that depending on the type of business you should build up your website structure for SEO as 1st step. I have a new client click here ( www version doesn't work)... some bugs we are fixing it now. We are almost finished with the design & layout. 2nd question have been running though my head. 1. What would the best url category for the shop be /products/ - current url cat ex: /products/door-handles.html 2. What would you use for the main menu as section for getting the most out of SEO. Personally i am thinking of making 2-3 main categories on the left a section where i can add content to it (3-4 paragraphs... images maybe a video).So the main page focuses on the domain name more and the rest of the sections would focus on specific keywords, this why I avoid cannibalization. Main keyword target is "door handles" Any suggestions would be appreciated.
Technical SEO | | mosaicpro0