Website hacked
-
Hi I've been asked to help a colleague with his website. It seems to be hacked. He recently received an e-mail from Google saying his adwords account was suspended 'due to high probability his site may be hosting or distributing malicious software' I just checked his source and there seems to loads of weird on code on his pages, this would not have been but on by any members of the website owners.
Please image attached when we try to access his website via google search
I just contacted the hosting provider - does anyone have experience with this and how to prevent such hacking in the future. The site is build using HTML with no CMS.
-
Hi Socialdude,
Did you get this sorted out, or would you like some more advice still?
-
Hi Socialdude,
A look at that code suggests that the most likely point of access has to be a file that is more than just regular HTML somewhere on your site. This means that somewhere, there must be at least one php file.
My first guess would be that there is a page with a PHP driven contact form which has been used to inject code into the site and propogate the malicious javascript into the other pages.
If you have a clean backup copy of all pages in the site (either with your friend or their developer), then the quickest fix is to upload your backup version.
If you don't have a backup, then you could try checking the Wayback Machine and see if there is a clean copy archived there which you can grab and upload to replace the hacked site.
If neither of those is an option, then the first thing to do is to find any pages in the site with the .php extension.
Rename the files by changing the file extension from .php to .txt. (If you are unsure of how to change the file extension, you can just open the files, save a copy with a .txt extension and then delete the .php version from the server)
You can now look at the file(s) that were PHP, see what has been added to the code and clean it up. You will then need to individually edit the HTML files and remove all of the bad javascript code. Now that you have everything cleaned up, create a complete backup of the site just in case you need it again in the future. Upload your clean copy and you should be good to go.
I would also go to Google Webmaster Tools & use "fetch as googlebot" to fetch and add the index page so that Google knows you are now OK to crawl again.
Hope that helps,
Sha
-
One way this can happen and your code you posted looks like a case I have seen happenn to a friend, is SQL injection. Where someone posts script into your database though inputs in your form. then when you request the data from the database it is executed.
Most newer technologies have fixed this hole, but older technologies are prone to it.
-
Cheers for your reply, as far as I know the site was built by an experienced developer but I couldn't really comment as I'm not sure. I must say the site is pretty old and it's not html validated.
We are currently looking to get the site build on a CMS either worpdress or modx.
Based on what you mentioned above I will just wait and see what the hosting company have to say with regards to this issue.
-
Web security is a very complex field which has literally hundreds of layers. You said the site was built using HTML. Is this an experienced developer with formal web development training who uses valid HTML code and has years of experience? Or is this a do-it-yourself kind of project?
It's kind of like saying someone broke into your house. They could come through the front door, the back door, the side door, any window or slide down the chimney. They could have a key made or pick the lock or smash the lock. Security is a very comprehensive field which involves the web server itself, the website, the admin panel and more. There is not a Q&A response anyone can offer to address the many factors involved.
You can pay for McAfee or a similar service to perform daily malware scans of your site and alert you to security issues. You can also move to a CMS and ensure you keep the latest updates and read their security guidelines.
-
I'm not to sure to be honest I'm not a web designer / developer and don't have experience with databases.
-
is it on the pages where you naviagte to them though the file system?
does the website use a database?
-
I found this in the source code and it's placed on all pages and looks like the below there are about 10 paragraphs on each page: I just hope the hosting provider can help us out.
-
I have never had this happen, but i would guess that the code is probably added thought a rewite rule. See if the code is actualy on the pages via the fiels system. if not i would be looking for rewrite rules in the server settings.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Should I noindex pages on my website that are pulled from an API integration
SEO/Moz newbie here! My organisation's website (dyob.com.au), uses an API integration to pull through listings that are shown in the site search. There is a high volume of these, all of which only contain a title, image and contact information for the business. I can see these pages coming up on my Moz accounts with issues such as duplicate content (even if they are different) or no description. We don't have the capacity to fill these pages with content. Here's an example: https://www.dyob.com.au/products/nice-buns-by-yomg I am looking for a recommendation on how to treat these pages. Are they likely to be hurting the sites SEO? We do rank for some of these pages. Should they be noindex pages? TIA!
Technical SEO | | monica.arklay0 -
Huge uptick in 404s on new website
I just launched a new website, and I see that the 404s shot up hugely in Google Webmaster Tools right during the launch. We went from Drupal to WordPress, but I was wondering if anyone has any thoughts on whether these 404s represent a crisis, or potentially something harmless? There has been no noticeable SEO downtick in terms of keywords or queries during the same period... Thanks for any thoughts. Screenshot-2015-05-19-13.58.55.png
Technical SEO | | yoursearchteam0 -
Mobile website content optimisation
Hi there, someone I know is going to put their site to a mobile version with a mobile sub domain (m.). I have recommended responsive but for now this is their only way forward to cope with the 21st April update by Google. My question is what is the best practice for content, as its a different url will there need to be a canonical tag in to stop duplication and thus being penalised from the Google panda update? Any advice much appreciated.
Technical SEO | | tdigital0 -
SEO impact classifieds website
Hi, I'm part of an organization running a classifieds platform in Spain. (Mercadonline.es) We are hit by Google penalties since a few weeks, possibly caused by numerous errors we are experiencing. Most frequent errors are 404's and duplicate content (titles tags etc) since the nature of our website is dynamic. Many ads change daily, are added or removed, causing Googlebots (and others) to flag us and not being able to see our more unique content. Until what part of our platform should we be indexed? Since we have +34,000 pages indexed (mostly due to internal filter pages) I would need a systematic solution for us to display relevant and unique content, with enough usage of keywords that can bring us back up - we are actually ranked <50 on google for most of our main keywords. It is costing us precious time and money since we can only aquire our visitors (adwords etc) and not being to attract any organically. I can go in more detail with someone who can give me a bit more direction. Your answer is much appreciated! Ivor
Technical SEO | | ivordg0 -
Redirecting pages from a website to another
Hello Moz community, I’ve got a question and hope you can help! I’ve been working to improve my website’s ranking for the keywords “singing lessons London”. My current website url is http://www.sonic-crew-london.com and the page dedicated to the singing lessons is http://www.sonic-crew-london.com/booking/singinglessons.php I’ve recently bought the url http://www.singing-lessons-london.com which I hope will help to climb Google’s ranks a bit more easily for my chosen keywords. I thought I could redirect the old singing page to the new url. Is that something you would recommend me to do? Is there any specific procedure I should follow to make sure the transition runs smoothly? Any help really appreciated! Many thanks
Technical SEO | | SonicCrewLondon0 -
Concerned about Dup content between old and new website
I have an 8 year old plastic surgery website with my name in the url. I have just released a new website with a generic local plastic surgery url without my name. However my google authorship photo is appearing in listings from both sites with different URLs. So far Google is listing pages from both sites on the same google page result for similar search terms. However I am concerned that eventually I may be punished for dup content since I am the same author for both pages?
Technical SEO | | wianno1680 -
301 redirect + new website copy
Hi There, We are currently redeveloping our website and we're rewriting and optimising our many of our service pages. I think I may already know the answer but should we apply 301 redirects from our old services pages to the new versions? The content subject matter will be the same on the new versions, they will just be completely reworded. I would be interested to hear your views. Thanks, Stu
Technical SEO | | Stuart260 -
Website Redirects
Background information: We have a website (devicelock.com) which is currently our corporate website. The company use to operate under (ntutility.com) which is now being redirected to devicelock.com via a DNS Forward - 302 Redirect. The IT admin (a founder of the company) is reluctant to change it to a 301. The current flow is ntutility.com redirects to protect-me.com then redirects again to devicelock.com. When i search up Devicelock on google, it shows up as ntutlity.com. There is no devicelock.com homepage on google search. Question: Are there any negative implications about this? Is this hurting our SEO in any way? When i do link building, will this have any negative affects? Will my links for devicelock be attributed to devicelock.com?
Technical SEO | | Devicelock0