Site Blacklisted
-
Good morning.
Just done my WMT ritual morning check and one of my sites has been blacklisted for malware.
It's a wordpress site - I've run various scans, e.g. http://sitecheck.sucuri.net/scanner/ and also installed wordfence and scanned with that and wordfence produced some offending files which I have now deleted.
I've also installed website defender in the hope that it wont happen again. I'm pretty good with staying on top of updates and rarely let a few days pass without upgrading new version of wordpress or plugins etc. I've also checked my users to make sure no new admins or anything and also changes passwords.
I've asked for a review from Google and just wondered how long these reviews take?
Also, has anybody got any advice, is there anything else I should be doing?
Thanks
-
That is good to hear, Jo.
Thanks for letting us know. feedback is good.
Be vigilant, because the hackers never stop.
My dedicated server constantly has hackers trying to break in, mostly chinese and russians. Complex passwords and countermeasures keep us safe, but it only takes one weak link somewhere to break it all down.
-
Thanks all for your help, I was de-blacklisted this afternoon - phew.
-
The webserver log is what you need.
You may be able to see that in Cpanel, depending on how it is configured.
The log may also be in the document root, updated daily and compressed.
If you haven't looked at logs before, it can be difficult to determine what is really going on in there.
-
I didn't check the dates
The site is less than a month old though.When you say logs, I'm not entirely sure what I'm looking for. I use cpanel so have access to various logs, but I have to admit, I haven't spent any time in there and now I'm conscious that this is something I need to educate myself on quick.
Any suggested resources for which logs to use for what?
-
Jo,
before you removed the bad files, did you check the dates?
If you have logs, you could go back to see when those files were first accessed.
Then go backwards looking for activity that doesn't look normal.
That could tell you where the problem is.
-
Thanks, I'm not so sure! I'm a freelancer and I wok on my own so I have nobody to really bounce ideas off, so this community is great for that. Glad to know I'm doing it right
I'm not a bit lover of plugins and I try to keep to a minimum, but I've removed anything unessential - even my beloved Flare sharing buttons, for now anyway.
I'll let you know when Google come back to me
-
I just want to reiterate what Andy said about sitespeed as well, try to have as little plugins as possible.
When you visit a WP site and its super slow, its usually because they have gallery plugins and all sorts running which sucks the life out of the sitespeed.
Anyway, good luck seems as though you know what your doing anyway.
-
Thanks all for your responses, much appreciated.
I installed the timthumb vulnerability scanner and it says no instances were found.
I'm going to go through and ditch the unnecessary plugins...I use woocommerce and they have recent upgrade but its not compatible with my theme so I can't update it, which is a giant pain. I hope its not that.
Thanks for your help.
-
Agree
-
I think you have already done quite a bit.
I suppose just be a little more selective which plugins you install, some have holes in and once the word is out about particular holes in certain plugins these people will come looking for blogs with it installed.
-
Hello Jo.
Do you know exactly how they got in?
If not, here is one possibility:
Check to see if you have a copy of timthumb.php
If you do, and it is an old version, it has a vulnerability you must fix, otherwise it will happen again.
Here is information about that, including a scanner that should find and fix that problem.
<cite>wordpress.org/extend/plugins/timthumb-vulnerability-scanner/</cite>
-
in my experience, and i've a fair bit with WP, the majority of malware comes from plugins which get updated and become infected themselves. Wordfence certainly can help with this problem, but a regular securi scan will too.
My advice is deactivate and uninstall any plugins you don't really need or use - this will make the site faster and more secure.
Once the malware has gone you can do as you have and ask for relisting or wait it out, google will come back and check. Manual reviews will take a few days to come back I believe, though it depends on the nature of the malware - if its believed to be complex it will be manual if its just one file being "naughty" a robot may scan your site to take a look that it's gone and it could be up in 24-48 hours.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Why are these blackhat sites so successful?
Here's an interesting conundrum. Here are three sites with their respective ranking for "dental implants [city]:" http://dentalimplantsvaughan.ca - 9 (on google.ca) http://dentalimplantsinhonoluluhi.com - 2 (on google.com) http://dentalimplantssurreybc.ca - 7 (on google.ca) These markets are not particularly competitive, however, all of these sites suffer from: Duplicate content, both internally and across sites (all of this company's implant sites have the same exact content, minus the bio pages and the local modifier). Average speed score. No structured data No links And these sites are ranking relatively quickly. The Vaughan site went live 3 months ago. But, what's boggling my mind is that they rank on the first page at all. It seems they're doing the exact opposite of what you're supposed to do, yet they rank relatively well.
Technical SEO | | nowmedia10 -
How to create site map for large site (ecommerce type) that has 1000's if not 100,000 of pages.
I know this is kind of a newbie question but I am having an amazing amount of trouble creating a sitemap for our site Bestride.com. We just did a complete redesign (look and feel, functionality, the works) and now I am trying to create a site map. Most of the generators I have used "break" after reaching some number of pages. I am at a loss as to how to create the sitemap. Any help would be greatly appreciated! Thanks
Technical SEO | | BestRide0 -
Redesigning the site with same Domain (IMP.)
technical SEO question - If we take down a site and use the same domain but just redesign the whole site. I guess sometimes in this case Google still keeps indexing old pages though they do not exist now! What the solution for this? Google suggests redirect them to a 404 page but in this case as its same domain- Is it possible that we throw 404 errors and redirect them to 404 page and this 404 page exists in the new site itself (but of course we don't have link our menu to this 404 page) (if that makes sense)? Would appreciate if you can suggest or add anything to above topic.
Technical SEO | | Personnel_Concept0 -
Site getting referral traffic from its self
Buon giorno from zero degrees C freezing fog Wetherby UK On this site http://www.collegeofphlebology.com i ran a referral report via Google Analytics and was surprised ro see referral traffic being counted from its own url, illustration here http://i216.photobucket.com/albums/cc53/zymurgy_bucket/referral-anomoly.jpg So my question is please how can a site get referral traffic from the same url? Grazie Tanto, David
Technical SEO | | Nightwing0 -
ECommerce site - Duplicate pages problem.
We have an eCommerce site with multiple products being displayed on a number of pages. We use rel="next" and rel="prev" and have a display ALL which I understand Google should automatically be able to find. Should we also being using a Canonical tag as well to tell google to give authority to the first page or the All Pages. Or was the use of the next and prev rel tags that we currently do adequate. We currently display 20 products per page, we were thinking of increasing this to make fewer pages but they would be better as this which would make some later product pages redundant . If we add 301 redirects on the redundant pages, does anyone know of the sort of impact this might cause to traffic and seo ?. General thoughts if anyone has similar problems welcome
Technical SEO | | SarahCollins0 -
Sitemap Creation + Site speed
Hi there, I am looking for a sitemap creation tool, so I can submit my site to Google. My site is www.vallnord.com On the other hadn I would like to speed up my web. Any tip? Regards, Guido.
Technical SEO | | SilbertAd0 -
Www. version of my site shows nothing in Open Site Explorer
When I first setup my site the domain was learnbonds.com. I moved hosts a couple of months ago and as part of the process I asked them to make the site show as www.learnbonds.com which they did. Now however when I goto www.learnbonds.com in open site explorer it says there is no data. When I enter learnbonds.com into open site explorer it gives me data but says that the site has been redirected to the www. version which shows no data. Also in google webmaster when I try to set the preferred domain as the www. version it gives me the following message: Part of the process of setting a preferred domain is to verify that you own http://www.learnbonds.com/. Please verify http://www.learnbonds.com/. I am concerned that this is hurting my SEO and would appreciate any advice you can give. Thanks Dave
Technical SEO | | fxtrader19790 -
How to find all the links to my site
hi i have been trying to find all the links that i have to my site http://www.clairehegarty.co.uk but i am not having any luck. I have used the open explorer but it is not showing all the links but when i go to my google webmaster page it shows me more pages than it does on the semoz tool. can anyone help me sort this out and find out exactly what links are going into my site many thanks
Technical SEO | | ClaireH-1848860