Website hacked
-
Hi I've been asked to help a colleague with his website. It seems to be hacked. He recently received an e-mail from Google saying his adwords account was suspended 'due to high probability his site may be hosting or distributing malicious software' I just checked his source and there seems to loads of weird on code on his pages, this would not have been but on by any members of the website owners.
Please image attached when we try to access his website via google search
I just contacted the hosting provider - does anyone have experience with this and how to prevent such hacking in the future. The site is build using HTML with no CMS.
-
Hi Socialdude,
Did you get this sorted out, or would you like some more advice still?
-
Hi Socialdude,
A look at that code suggests that the most likely point of access has to be a file that is more than just regular HTML somewhere on your site. This means that somewhere, there must be at least one php file.
My first guess would be that there is a page with a PHP driven contact form which has been used to inject code into the site and propogate the malicious javascript into the other pages.
If you have a clean backup copy of all pages in the site (either with your friend or their developer), then the quickest fix is to upload your backup version.
If you don't have a backup, then you could try checking the Wayback Machine and see if there is a clean copy archived there which you can grab and upload to replace the hacked site.
If neither of those is an option, then the first thing to do is to find any pages in the site with the .php extension.
Rename the files by changing the file extension from .php to .txt. (If you are unsure of how to change the file extension, you can just open the files, save a copy with a .txt extension and then delete the .php version from the server)
You can now look at the file(s) that were PHP, see what has been added to the code and clean it up. You will then need to individually edit the HTML files and remove all of the bad javascript code. Now that you have everything cleaned up, create a complete backup of the site just in case you need it again in the future. Upload your clean copy and you should be good to go.
I would also go to Google Webmaster Tools & use "fetch as googlebot" to fetch and add the index page so that Google knows you are now OK to crawl again.
Hope that helps,
Sha
-
One way this can happen and your code you posted looks like a case I have seen happenn to a friend, is SQL injection. Where someone posts script into your database though inputs in your form. then when you request the data from the database it is executed.
Most newer technologies have fixed this hole, but older technologies are prone to it.
-
Cheers for your reply, as far as I know the site was built by an experienced developer but I couldn't really comment as I'm not sure. I must say the site is pretty old and it's not html validated.
We are currently looking to get the site build on a CMS either worpdress or modx.
Based on what you mentioned above I will just wait and see what the hosting company have to say with regards to this issue.
-
Web security is a very complex field which has literally hundreds of layers. You said the site was built using HTML. Is this an experienced developer with formal web development training who uses valid HTML code and has years of experience? Or is this a do-it-yourself kind of project?
It's kind of like saying someone broke into your house. They could come through the front door, the back door, the side door, any window or slide down the chimney. They could have a key made or pick the lock or smash the lock. Security is a very comprehensive field which involves the web server itself, the website, the admin panel and more. There is not a Q&A response anyone can offer to address the many factors involved.
You can pay for McAfee or a similar service to perform daily malware scans of your site and alert you to security issues. You can also move to a CMS and ensure you keep the latest updates and read their security guidelines.
-
I'm not to sure to be honest I'm not a web designer / developer and don't have experience with databases.
-
is it on the pages where you naviagte to them though the file system?
does the website use a database?
-
I found this in the source code and it's placed on all pages and looks like the below there are about 10 paragraphs on each page: I just hope the hosting provider can help us out.
-
I have never had this happen, but i would guess that the code is probably added thought a rewite rule. See if the code is actualy on the pages via the fiels system. if not i would be looking for rewrite rules in the server settings.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Website relauch - traffic dropped in Latin America
Hi guys, We relaunched our website www.troteclaser.com on Sept. 6th. Traffic on the new website has been stable or slightly increased except for one area: In Central and South America organic traffic dropped by 50%. We properly set up all 301 redirects and solved all 404s within a week. We changed approx. 30% of the website structure. But I don't think that internal link juice could be the problem. Any idea what might be the cause for a local drop in traffic like this? Did anyone have similar cases in the past? Thomas
Technical SEO | | Troteclaser0 -
How to deal with 80 websites and duplicated content
Consider the following: A client of ours has a Job boards website. They then have 80 domains all in different job sectors. They pull in the jobs based on the sectors they were tagged in on the back end. Everything is identical across these websites apart from the brand name and some content. whats the best way to deal with this?
Technical SEO | | jasondexter0 -
HUGE decrease in links since website redesign
We recently added several new pages pages to our website. These new pages were constructed on a dev site, and then pushed live. Since the new site has gone live I have seen a huge decline in links. My external followed links have dropped from 3000 to 500 and my total website links have fallen from 35,000 to 4,500. I have done some research, and I think there is a server side issue. Where multiple versions of my URL may be running. The majority of the links built were pointing to the homepage. That being said I do not have access to our in-house dev person this week, so I am trying to identify the problem myself. I have used screaming frog to crawl my site and did not see any errors which stand out. I realize I probably need to use 301 redirects to solve this problem, I just need some guidance on how to identify what I need to 301 redirect. Second question. If I move a landing page out of the global navigation but it can still be reached through other pages on the website , will this cause issues?
Technical SEO | | GladdySEO0 -
Removing indexed website
I had a .in TLD version of my .com website floated for about 15 days, which was a duplicate copy of .com website. I did not wish to use the .in further for SEO duplication reasons and had let the .in domain expire on 26th April. But still now when I search from my website the .in version also shows up in results and even in google webmaster it shows the the website with maximum (190) number of links to my .com website. I am sure this is hurting the ranking of my .com website. How can the .in website be removed from googles indexing and search results. Given that is has expired also. thanks
Technical SEO | | geekwik0 -
Sudden drop in website ranking
Since past 2 week my website www.micromaxtablet.in is experiencing sudden drops in the site ranking. I can understand this regression in the site ranking is not because of Goggle Panda update, and their is some other reason. Kindly let me know what could be the other possibilities, and plz also suggest how to get it fixed. Keyword for which the site had the best rankings (in top 3) was "micromax tablet". Now it shows on the second page in the google search and to make it worse, it's losing its position almost every second day.
Technical SEO | | nishant9110 -
Website Redirects
Background information: We have a website (devicelock.com) which is currently our corporate website. The company use to operate under (ntutility.com) which is now being redirected to devicelock.com via a DNS Forward - 302 Redirect. The IT admin (a founder of the company) is reluctant to change it to a 301. The current flow is ntutility.com redirects to protect-me.com then redirects again to devicelock.com. When i search up Devicelock on google, it shows up as ntutlity.com. There is no devicelock.com homepage on google search. Question: Are there any negative implications about this? Is this hurting our SEO in any way? When i do link building, will this have any negative affects? Will my links for devicelock be attributed to devicelock.com?
Technical SEO | | Devicelock0 -
Struggling to get my lyrics website fully indexed
Hey guys, been a longtime SEOmoz user, only just getting heavily into SEO now and this is my first query, apologies if it's simple to answer but I have been doing my research! My website is http://www.lyricstatus.com - basically it's a lyrics website. Rightly or wrongly, I'm using Google Custom Search Engine on my website for search, as well as jQuery auto-suggest - please ignore the latter for now. My problem is that when I launched the site I had a complex AJAX Browse page, so Google couldn't see static links to all my pages, thus it only indexed certain pages that did have static links. This led to my searches on my site using the Google CSE being useless as very few pages were indexed. I've since dropped the complex AJAX links and replaced it with easy static links. However, this was a few weeks ago now and still Google won't fully index my site. Try doing a search for "Justin Timberlake" (don't use the auto-suggest, just click the "Search" button) and it's clear that the site still hasn't been fully indexed! I'm really not too sure what else to do, other than wait and hope, which doesn't seem like a very proactive thing to do! My only other suspicion is that Google sees my site as more duplicate content, but surely it must be ok with indexing multiple lyrics sites since there are plenty of different ones ranking in Google. Any help or advice greatly appreciated guys!
Technical SEO | | SEOed0 -
What are SEO factors in re-doing a website?
Most of my work now involves converting older websites to CMS-based sites (in Wordpress) and I'm wondering about best practices here. If I create a "dev" or "sandbox" directory for my development work how do I keep the pages from being indexed while I am working on the new site? Can I "noindex" a directory? What do I do with the old html files when the new site goes live? I'm assuming I will do a 301 redirect from domain.com/index.html to the new domain.com/, and also on all of the inner pages that have equivalent pages in the new site. But there will be a lot of old files left that have no equal in the new site. Do I just delete these, or noindex nofollw them?
Technical SEO | | bvalentine0