Website hacked
-
Hi I've been asked to help a colleague with his website. It seems to be hacked. He recently received an e-mail from Google saying his adwords account was suspended 'due to high probability his site may be hosting or distributing malicious software' I just checked his source and there seems to loads of weird on code on his pages, this would not have been but on by any members of the website owners.
Please image attached when we try to access his website via google search
I just contacted the hosting provider - does anyone have experience with this and how to prevent such hacking in the future. The site is build using HTML with no CMS.
-
Hi Socialdude,
Did you get this sorted out, or would you like some more advice still?
-
Hi Socialdude,
A look at that code suggests that the most likely point of access has to be a file that is more than just regular HTML somewhere on your site. This means that somewhere, there must be at least one php file.
My first guess would be that there is a page with a PHP driven contact form which has been used to inject code into the site and propogate the malicious javascript into the other pages.
If you have a clean backup copy of all pages in the site (either with your friend or their developer), then the quickest fix is to upload your backup version.
If you don't have a backup, then you could try checking the Wayback Machine and see if there is a clean copy archived there which you can grab and upload to replace the hacked site.
If neither of those is an option, then the first thing to do is to find any pages in the site with the .php extension.
Rename the files by changing the file extension from .php to .txt. (If you are unsure of how to change the file extension, you can just open the files, save a copy with a .txt extension and then delete the .php version from the server)
You can now look at the file(s) that were PHP, see what has been added to the code and clean it up. You will then need to individually edit the HTML files and remove all of the bad javascript code. Now that you have everything cleaned up, create a complete backup of the site just in case you need it again in the future. Upload your clean copy and you should be good to go.
I would also go to Google Webmaster Tools & use "fetch as googlebot" to fetch and add the index page so that Google knows you are now OK to crawl again.
Hope that helps,
Sha
-
One way this can happen and your code you posted looks like a case I have seen happenn to a friend, is SQL injection. Where someone posts script into your database though inputs in your form. then when you request the data from the database it is executed.
Most newer technologies have fixed this hole, but older technologies are prone to it.
-
Cheers for your reply, as far as I know the site was built by an experienced developer but I couldn't really comment as I'm not sure. I must say the site is pretty old and it's not html validated.
We are currently looking to get the site build on a CMS either worpdress or modx.
Based on what you mentioned above I will just wait and see what the hosting company have to say with regards to this issue.
-
Web security is a very complex field which has literally hundreds of layers. You said the site was built using HTML. Is this an experienced developer with formal web development training who uses valid HTML code and has years of experience? Or is this a do-it-yourself kind of project?
It's kind of like saying someone broke into your house. They could come through the front door, the back door, the side door, any window or slide down the chimney. They could have a key made or pick the lock or smash the lock. Security is a very comprehensive field which involves the web server itself, the website, the admin panel and more. There is not a Q&A response anyone can offer to address the many factors involved.
You can pay for McAfee or a similar service to perform daily malware scans of your site and alert you to security issues. You can also move to a CMS and ensure you keep the latest updates and read their security guidelines.
-
I'm not to sure to be honest I'm not a web designer / developer and don't have experience with databases.
-
is it on the pages where you naviagte to them though the file system?
does the website use a database?
-
I found this in the source code and it's placed on all pages and looks like the below there are about 10 paragraphs on each page: I just hope the hosting provider can help us out.
-
I have never had this happen, but i would guess that the code is probably added thought a rewite rule. See if the code is actualy on the pages via the fiels system. if not i would be looking for rewrite rules in the server settings.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Faq problem in wordpress website
hi hi i add script faq in my site but doest show in serp and add moudle ithink may be problem in version wordpress or theme not stable ... my site url is https://giftmax.ir example when i search" خرید گیفت کارت" my competitor show faq script but my site doesnt show please help to resolve this problem thanks moz
Technical SEO | | ahmad21aga0 -
Another company's website indexing for my site
Hi, I am looking at all the pages which Google are indexing for my website and have come across pages of another company's website. I have contacted them through their online form and Facebook page asking for them to remove their listings for us, but to no avail so far. Is there a way I can do this myself?
Technical SEO | | British-Car-Registrations0 -
Redirect our www.website.com to website. Com/target-keyword
Dear moz community I have been analyzing the websites that rank in top 20 for our target keywords. All of the top 20 sites except us have their websites re directing to websites.com/target keyword. This is due to probably because they have multiple city's and one of the target keywords term is cityname + word. My question is and idea - make a 301 to our www.website.com to /city-keyword and start linking to that page with new links. Would that bring any benefit? Seems that it's a very strong ranking signal. Any threats that I must take into account? We currently rank as #9
Technical SEO | | advertisingcloud0 -
Will Google crawl and rank our ReactJS website content?
We have 250+ products dynamically inserted and sorted on our site daily (more specifically our homepage... yes, it's a long page). Our dev team would like to explore rendering the page server-side using ReactJS. We currently use a CDN to cache all the content, which of course we would like to continue using. SO... will Google be able to crawl that content? We've read some articles with different ideas (including prerendering): http://andrewhfarmer.com/react-seo/
Technical SEO | | Jane.com
http://www.seoskeptic.com/json-ld-big-day-at-google/ If we were to only load the schema important to the page (like product title, image, price, description, etc.) from the server and then let the client render the remaining content (comments, suggested products, etc.), would that go against best practices? It seems like that might be seen as showing the googlebot 1 version and showing the site visitor a different (more complete) version.0 -
SEO for a a static content website
Hi everyone, We would like to ask suggestions on how to improve our SEO for our static content help website. With the release of each new version, our company releases a new "help" page, which is created by an authoring system. This is the latest page: http://kilgray.com/memoq/2015/help-en/ I have a couple of questions: 1- The page has an index with many links that open up new subpages with content for users. It is impossible to add title tags to this subpages, as everything is held together by the mother page. So it is really hard to for users to find these subpage information when they are doing a google search. 2- We have previous "help" pages which usually rank better in google search. They also have the same structure (1 page with big index and many subpages) and no metadata. We obviously want the last version to rank better, however, we are afraid exclude them from bots search because the new version is not easy to find. These are some of the previous pages: http://kilgray.com/memoq/2014R2/help-en/ http://kilgray.com/memoq/62/help-en/ I would really appreciate suggestions! Thanks
Technical SEO | | Kilgray0 -
Will bringing news from other sources to my site damage my website
hi my website is www.in2town.co.uk which is a lifestyle magazine and for some time now i have been thinking about bringing in news from other sources but i want to know how this will affect my site. I have read that by bringing in articles from other sources which will be sources like bbc news, that it can increase visitors but i would like some advice. What i do not want is for the sites to take away my link juice and for me to drop down the rankings. I also would like people to read the news and hopefully come back to my site. any advice on this would be great.
Technical SEO | | ClaireH-1848860 -
How to find a specific link on my website (currently causing redirects)
Hi everyone, I've used crawlers like Xenu to find broken links before, and I love these tools. What I can't figure out is how to find specific pieces of code within my site. For example, Webmaster Tools tells me there are still links to old pages somewhere on my website but I just can't find them. Do you know of a crawler that can search for a specific link within the html? Thanks in advance, Josh
Technical SEO | | dreadmichael0 -
URL Duplicate Content Issues (Website Transition)
Hey guys, I just transitioned my website and I have a question. I have built up all the link juice around my old url styles. To give you some clarity: My old CMS rendered links like this: www.example.com/sweatbands My new CMS renders links like this: www.example.com/sweatbands/ My new CMS's auto-sitemap also generates them with the slash on the end. Also throughout the website the CMS links to them with the slash at the end and i link to them without the slash (because it's what i am used to). I have the canonical without the slash. Should I just 301 to the version with the slash before google crawls again? I'm worried that i'll lose all the trust and ranking i built up to the one without the slash. I rank very high for certain keywords and some pages house a large portion of our traffic. What a mess! Help! 🙂
Technical SEO | | Hyrule0