Website hacked
-
Hi I've been asked to help a colleague with his website. It seems to be hacked. He recently received an e-mail from Google saying his adwords account was suspended 'due to high probability his site may be hosting or distributing malicious software' I just checked his source and there seems to loads of weird on code on his pages, this would not have been but on by any members of the website owners.
Please image attached when we try to access his website via google search
I just contacted the hosting provider - does anyone have experience with this and how to prevent such hacking in the future. The site is build using HTML with no CMS.
-
Hi Socialdude,
Did you get this sorted out, or would you like some more advice still?
-
Hi Socialdude,
A look at that code suggests that the most likely point of access has to be a file that is more than just regular HTML somewhere on your site. This means that somewhere, there must be at least one php file.
My first guess would be that there is a page with a PHP driven contact form which has been used to inject code into the site and propogate the malicious javascript into the other pages.
If you have a clean backup copy of all pages in the site (either with your friend or their developer), then the quickest fix is to upload your backup version.
If you don't have a backup, then you could try checking the Wayback Machine and see if there is a clean copy archived there which you can grab and upload to replace the hacked site.
If neither of those is an option, then the first thing to do is to find any pages in the site with the .php extension.
Rename the files by changing the file extension from .php to .txt. (If you are unsure of how to change the file extension, you can just open the files, save a copy with a .txt extension and then delete the .php version from the server)
You can now look at the file(s) that were PHP, see what has been added to the code and clean it up. You will then need to individually edit the HTML files and remove all of the bad javascript code. Now that you have everything cleaned up, create a complete backup of the site just in case you need it again in the future. Upload your clean copy and you should be good to go.
I would also go to Google Webmaster Tools & use "fetch as googlebot" to fetch and add the index page so that Google knows you are now OK to crawl again.
Hope that helps,
Sha
-
One way this can happen and your code you posted looks like a case I have seen happenn to a friend, is SQL injection. Where someone posts script into your database though inputs in your form. then when you request the data from the database it is executed.
Most newer technologies have fixed this hole, but older technologies are prone to it.
-
Cheers for your reply, as far as I know the site was built by an experienced developer but I couldn't really comment as I'm not sure. I must say the site is pretty old and it's not html validated.
We are currently looking to get the site build on a CMS either worpdress or modx.
Based on what you mentioned above I will just wait and see what the hosting company have to say with regards to this issue.
-
Web security is a very complex field which has literally hundreds of layers. You said the site was built using HTML. Is this an experienced developer with formal web development training who uses valid HTML code and has years of experience? Or is this a do-it-yourself kind of project?
It's kind of like saying someone broke into your house. They could come through the front door, the back door, the side door, any window or slide down the chimney. They could have a key made or pick the lock or smash the lock. Security is a very comprehensive field which involves the web server itself, the website, the admin panel and more. There is not a Q&A response anyone can offer to address the many factors involved.
You can pay for McAfee or a similar service to perform daily malware scans of your site and alert you to security issues. You can also move to a CMS and ensure you keep the latest updates and read their security guidelines.
-
I'm not to sure to be honest I'm not a web designer / developer and don't have experience with databases.
-
is it on the pages where you naviagte to them though the file system?
does the website use a database?
-
I found this in the source code and it's placed on all pages and looks like the below there are about 10 paragraphs on each page: I just hope the hosting provider can help us out.
-
I have never had this happen, but i would guess that the code is probably added thought a rewite rule. See if the code is actualy on the pages via the fiels system. if not i would be looking for rewrite rules in the server settings.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Entire website is duplicated on 2 domains - what to do?
My client's website has 1000+ pages and a Domain Authority of 23. I have just discovered that the entire site is duplicated on a second domain (main URL = companyname.com - duplicate site URL = company-name.com). The home page of the duplicate domain has a 301 redirect going to the main domain. However, none of the 1000+ other pages have any redirect set up, so Google is indexing the entire duplicate site. I'm assuming this is a bad thing for SEO. Duplicate site has a domain Authority of 4, so I'd like to transfer whatever link juice it has, towards the main site. What's the best thing to do? Ultimately I think it would be best to delete the duplicate site. So would it be a case of adding a redirect to the htaccess file along the lines of: redirect company-name.com/?slug? to https://companyname.com/?slug? (I realise this isn't the correct syntax - but is the concept correct?) Has anyone ever dealt with this successfully?
Technical SEO | | BottleGreenWebsites0 -
Canonical sitemap URL different to website URL architecture
Hi, This may or may not be be an issue, but would like some SEO advice from someone who has a deeper understanding. I'm currently working on a clients site that has a bespoke CMS built by another development agency. The website currently has a sitemap with one link - EG: www.example.com/category/page. This is obviously the page that is indexed in search engines. However the website structure uses www.example.com/page, this isn't indexed in search engines as the links are canonical. The client is also using the second URL structure in all it's off and online advertising, internal links and it's also been picked up by referral sites. I suspect this is not good practice... however I'd like to understand whether there are any negative SEO effectives from this structure? Does Google look at both pages with regard to visits, pageviews, bounce rate, etc. and combine the data OR just use the indexed version? www.example.com/category/page - 63.5% of total pageviews
Technical SEO | | MikeSutcliffe
www.example.com/page - 34.31% of total pageviews Thanks
Mike0 -
Has anyone relocated a website from one country to another?
Has anyone relocated a website from one country to another? I want to replace all reference from one country (UK) to another (Australia) Phone number change, currency change, address will change Meta/products/content/urls will remain the same The .com URL will be associated to Australia Will the website keep its ranking or will it be damaged to the point where another website should be built from scratch?
Technical SEO | | GardenBeet0 -
My website keeps getting hit every other month. What should I do?
Since April 2012, my website impressions has dropped about 88% according to GWT. Every other month or so, the impressions are dropping by about 30%. My total traffic (visitors, not impressions) has dropped by about 25% but now I am getting lots of junk traffic. A few of the major keywords I used to rank for are still ranking in the top 10 but only in the USA. Lots of the keywords have gone to page 2 or 3 in the US and are gone to hell in other countries. Now I know I'm mostly responsible for this mess. About 3 years ago, I hired a freelancer to write news for my blog and she did a great job for quite some time so I stopped monitoring her work for duplicated content. Unfortunately, she started to provide me with copied content after a while and did so for almost 9 months before I noticed it. I had also hired RankPoop - errr I mean RankPop - to build some backlinks and that eventually got me in trouble too. I got an unnatural links warning in GWT in July 2012. Since then, I had more than 50% of the bad links taken down. There are still lots of them but they sure account for way less than 50% of all the backlinks. I have not submitted a reconsideration request yet as I haven't compensate for all the links taken down yet. I also started adding LOTS of fresh, unique and useful content to the website. I've added near 400 articles (sometimes up to 7 or 8 articles a day) over the last 5 months. I've also set lots of the duplicated posts to "noindex" and when they're not indexed anymore, I completely removed them in order to avoid any copyright issues (some were 100% identical to the source). I keep doing this gradually to avoid 404 errors. In early March of this year, I did a complete redesign of the site. The navigation structure stayed the same and visually, the layout is quite the same although the graphical elements are much more professional and the site is much faster. As much as I would've like to avoid a complete redesign, major technical issues from the previous design (and development platform) was now forcing me to do so. Unfortunately, I updated the website design right before the last Panda update so now I don't know if the recent traffic lost is due to the new design or because of Panda... or both. Google is like a police officer who repeatedly give you tickets for the same offense, yet they won't tell you what that offense is. My website is located at http://www.thewebhostinghero.com/ Any advice is welcomed. P.S. sorry for my english, I speak french.
Technical SEO | | sbrault740 -
SIte cloned my entire website and is now outranking me
My site is http://www.medic8.com and http://www.mealldubh.org has cloned my site and is now outranking my site. I have submitted DMCA requests to Google with no response. I do not know what to do now but surely it should be obvoius that this site has cloned me and there must be a way to have this scraper removed from the index? Im lost in terms of what I can do next so any help would be greatly appreacited.
Technical SEO | | thefresh0 -
Website disappeared from Google organic keyword searches.
We have an auto repair company as a client www.autorepairauroratilden.com who for the better part of a year their website had ruled the 1st page organic Google search results. Their website, Blogs, Facebook, and Twitter all came up on page one for their keyword searches. On May 13th, it all came to a screeching halt. The website is nowhere to be found for any of their keywords (example: brake repair Aurora.) There are a couple of blogs on page 2 but it’s nothing like it was prior to May 13th. On May 12th we published 5 branded websites for this client – Chrysler, Ford, Honda, Jeep, and Toyota, all on separate URL’s. All the page titles, keywords, and descriptions were specifically branded to the individual websites as were all the keywords. Since the beginning of June we’ve taken down the 5 branded websites and we’ve gone through our keywords on the auto repair website. The website was last crawled on June 11th. We still do not have any page 1 placement or for that matter any page placement. I checked 10 pages out. We have a 2nd auto repair client that has been running their website as well as their 5 branded websites a couple of months longer than this client and we’ve had no problems with any of their websites and keyword search results. How do we fix this?
Technical SEO | | markindenver0 -
How to search HTML source for an entire website
Is there a way for me to do a "view source" for an entire website without having to right-click every page and select "view source" for each of them?
Technical SEO | | SmartWebPros0 -
How do you measure content on a website?
I never thought of this question before. Maybe because i didn't focus myself on content but only on optimizing existing content from clients. So how do you measure the content on a specific page?
Technical SEO | | mosaicpro0