Website hacked
-
Hi I've been asked to help a colleague with his website. It seems to be hacked. He recently received an e-mail from Google saying his adwords account was suspended 'due to high probability his site may be hosting or distributing malicious software' I just checked his source and there seems to loads of weird on code on his pages, this would not have been but on by any members of the website owners.
Please image attached when we try to access his website via google search
I just contacted the hosting provider - does anyone have experience with this and how to prevent such hacking in the future. The site is build using HTML with no CMS.
-
Hi Socialdude,
Did you get this sorted out, or would you like some more advice still?
-
Hi Socialdude,
A look at that code suggests that the most likely point of access has to be a file that is more than just regular HTML somewhere on your site. This means that somewhere, there must be at least one php file.
My first guess would be that there is a page with a PHP driven contact form which has been used to inject code into the site and propogate the malicious javascript into the other pages.
If you have a clean backup copy of all pages in the site (either with your friend or their developer), then the quickest fix is to upload your backup version.
If you don't have a backup, then you could try checking the Wayback Machine and see if there is a clean copy archived there which you can grab and upload to replace the hacked site.
If neither of those is an option, then the first thing to do is to find any pages in the site with the .php extension.
Rename the files by changing the file extension from .php to .txt. (If you are unsure of how to change the file extension, you can just open the files, save a copy with a .txt extension and then delete the .php version from the server)
You can now look at the file(s) that were PHP, see what has been added to the code and clean it up. You will then need to individually edit the HTML files and remove all of the bad javascript code. Now that you have everything cleaned up, create a complete backup of the site just in case you need it again in the future. Upload your clean copy and you should be good to go.
I would also go to Google Webmaster Tools & use "fetch as googlebot" to fetch and add the index page so that Google knows you are now OK to crawl again.
Hope that helps,
Sha
-
One way this can happen and your code you posted looks like a case I have seen happenn to a friend, is SQL injection. Where someone posts script into your database though inputs in your form. then when you request the data from the database it is executed.
Most newer technologies have fixed this hole, but older technologies are prone to it.
-
Cheers for your reply, as far as I know the site was built by an experienced developer but I couldn't really comment as I'm not sure. I must say the site is pretty old and it's not html validated.
We are currently looking to get the site build on a CMS either worpdress or modx.
Based on what you mentioned above I will just wait and see what the hosting company have to say with regards to this issue.
-
Web security is a very complex field which has literally hundreds of layers. You said the site was built using HTML. Is this an experienced developer with formal web development training who uses valid HTML code and has years of experience? Or is this a do-it-yourself kind of project?
It's kind of like saying someone broke into your house. They could come through the front door, the back door, the side door, any window or slide down the chimney. They could have a key made or pick the lock or smash the lock. Security is a very comprehensive field which involves the web server itself, the website, the admin panel and more. There is not a Q&A response anyone can offer to address the many factors involved.
You can pay for McAfee or a similar service to perform daily malware scans of your site and alert you to security issues. You can also move to a CMS and ensure you keep the latest updates and read their security guidelines.
-
I'm not to sure to be honest I'm not a web designer / developer and don't have experience with databases.
-
is it on the pages where you naviagte to them though the file system?
does the website use a database?
-
I found this in the source code and it's placed on all pages and looks like the below there are about 10 paragraphs on each page: I just hope the hosting provider can help us out.
-
I have never had this happen, but i would guess that the code is probably added thought a rewite rule. See if the code is actualy on the pages via the fiels system. if not i would be looking for rewrite rules in the server settings.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Ranking a Polish website in English with existing keywords
I have a website that is currently in Polish and I'm interested in ranking it for the same keywords in English. I'm wondering if I need to create entirely new pages for the English version or if there are plugins or other tools that can help me translate and optimize my existing content for English search engines. my website seo factor. Any recommendations or experiences are greatly appreciated!
Technical SEO | | mohammadrehanseo0 -
My website is constantly decreasing
For few weeks ago my website is constantly decreasing in search position. I lost keywords and is gooooing down.
Technical SEO | | Dan_Tala
Although it is well rated on several on page and off page seo verification software that I have tried.
I checked Google search console and Analytics and found no major problems. However… from one day to another it keeps going down.
I also checked what the main competitors are doing and they are not doing well, at all.
The main competitor actually has a creepy website. Totally devoid of onpage or offpage SEO but with an enormous number of backlinks. And of a very bad quality, which should disqualify it, still…
Few weeks ago I changed something.
In the pages I had H1, 4xH2, no H3 and an H4 without content.
An unnatural H tag structure.
Now I have H1, H2, H3, 3xH4, with the coherent information.
Theoretically, Google should have been “happy” or I’m missing something. I use a SAAS platform.
I just found out that they made changes to the keywords (tags).
I am selling toner cartridges for printers.
So…
The tags are printer models and generate a url in which they have the products.
Ex. https://www.sertit.ro/cartus-imprimanta-cilindru-color-hp-laserjet-pro-m-177fw goes to the products for that printer model.
The question is… should I make tag canonical?
Is it possible for products to loose so much in Google search?0 -
My WP website got attack by malware & now my website site:www.example.ca shows about 43000 indexed page in google.
Hi All My wordpress website got attack by malware last week. It affected my index page in google badly. my typical site:example.ca shows about 130 indexed pages on google. Now it shows about 43000 indexed pages. I had my server company tech support scan my site and clean the malware yesterday. But it still shows the same number of indexed page on google.
Technical SEO | | ChophelDoes anybody had ever experience such situation and how did you fixed it. Looking for help. Thanks FILE HIT LIST:
{YARA}Spam_PHP_WPVCD_ContentInjection : /home/example/public_html/wp-includes/wp-tmp.php
{YARA}Backdoor_PHP_WPVCD_Deployer : /home/example/public_html/wp-includes/wp-vcd.php
{YARA}Backdoor_PHP_WPVCD_Deployer : /home/example/public_html/wp-content/themes/oceanwp.zip
{YARA}webshell_webshell_cnseay02_1 : /home/example2/public_html/content.php
{YARA}eval_post : /home/example2/public_html/wp-includes/63292236.php
{YARA}webshell_webshell_cnseay02_1 : /home/example3/public_html/content.php
{YARA}eval_post : /home/example4/public_html/wp-admin/28855846.php
{HEX}php.generic.malware.442 : /home/example5/public_html/wp-22.php
{HEX}php.generic.cav7.421 : /home/example5/public_html/SEUN.php
{HEX}php.generic.malware.442 : /home/example5/public_html/Webhook.php0 -
Should we reinstate the old website?
In a nut shell we had a great site that performed well and grew month on month but it perhaps looked a bit dated. A decision was taken to build a new site and the job given to a PR agency for some reason. All the titles, H1 tags, page content and url structure was changed and now the site has drop 50% of organic traffic. I've been tasked with trying to rebuild rankings but so far it's not going well. A snapshot of the old website still exists and i'm very tempted to have it reinstated in the hopes that our traffic will recover. What are your thoughts?
Technical SEO | | etienneb0 -
Migrating micro site into existing website
My company is planning to migrate an existing (ecommerce) micro site - which sits on its own domain - into their main ecommerce site. This means that the content will be moved from www.microdomain.co.uk to www.maindomain.com/category. Some products already exist on the main domain. The micro site is fairly small with just over 400 pages - I am planning to map each URL to the new URL (exact corresponding page) and create 301 redirects for each. Where any additional content does not exist yet on the existing main domain, we will create it and 301 redirect to it. The micro site currently ranks fairly well for some keywords - being such a specialised micro site, (some of) the keywords also form part of the domain name, however, they won't on the main page although they may form part of the URL (category). As an example (using a made up URL), our micro site www.bread-sticks.co.uk ranks on page 1 for the keyword bread sticks - we don't just sell bread sticks on www.bread-sticks.co.uk but also rolls and bread though, bread sticks is one category of very closely related categories. Say our main domain is www.supermarket.co.uk (selling a wide range of food / drink products. The micro site will be moving to www.supermarket.co.uk/baked-products/ - which is a category. Within that category, there are sub categories, i.e. bread sticks, rolls and bread which will sit under www.supermarket.co.uk/bread-sticks/ etc. What would be the best way for ensuring that our main domain would take over the rankings from our micro site, given that it will be sitting on our main domain as a category (one of many)? Can we expect www.supermarket.co.uk/baked-products/ or www.supermarket.co.uk/bread-sticks/ to replace www.bread-sticks.co.uk in the rankings simply by 301 redirecting? Thanks for your help!
Technical SEO | | ViviCa10 -
Recovery After A Hack - No Manual Action Notice
Hi Guys, I am helping out an agency who have had a couple of site hacked on their server. I can confirm by correlating increase in not found errors and drop in rankings, that the drop was definitely hack based although the site had no manual action notice from Google. The site looks to have been fixed i.e all not found pages look to have been sorted. Obviously there are some dodgy backlinks to now non existant pages but it looks like two months on no sign of a recovery. Is this normal?, Could the site still be hacked and the web designer is claming it has been cleaned up? I am used to dealing with hacked sites when there has been a manual action listed and then it's quite easy to complete the clean up work, submit a reconsideration and then get the manual action revoked but when you don't receieve a manual notification and the site doesn't recover, what do you do? Kind Regards Neil
Technical SEO | | nezona0 -
Development Website Duplicate Content Issue
Hi, We launched a client's website around 7th January 2013 (http://rollerbannerscheap.co.uk), we originally constructed the website on a development domain (http://dev.rollerbannerscheap.co.uk) which was active for around 6-8 months (the dev site was unblocked from search engines for the first 3-4 months, but then blocked again) before we migrated dev --> live. In late Jan 2013 changed the robots.txt file to allow search engines to index the website. A week later I accidentally logged into the DEV website and also changed the robots.txt file to allow the search engines to index it. This obviously caused a duplicate content issue as both sites were identical. I realised what I had done a couple of days later and blocked the dev site from the search engines with the robots.txt file. Most of the pages from the dev site had been de-indexed from Google apart from 3, the home page (dev.rollerbannerscheap.co.uk, and two blog pages). The live site has 184 pages indexed in Google. So I thought the last 3 dev pages would disappear after a few weeks. I checked back late February and the 3 dev site pages were still indexed in Google. I decided to 301 redirect the dev site to the live site to tell Google to rank the live site and to ignore the dev site content. I also checked the robots.txt file on the dev site and this was blocking search engines too. But still the dev site is being found in Google wherever the live site should be found. When I do find the dev site in Google it displays this; Roller Banners Cheap » admin dev.rollerbannerscheap.co.uk/ A description for this result is not available because of this site's robots.txt – learn more. This is really affecting our clients SEO plan and we can't seem to remove the dev site or rank the live site in Google. In GWT I have tried to remove the sub domain. When I visit remove URLs, I enter dev.rollerbannerscheap.co.uk but then it displays the URL as http://www.rollerbannerscheap.co.uk/dev.rollerbannerscheap.co.uk. I want to remove a sub domain not a page. Can anyone help please?
Technical SEO | | SO_UK0 -
2 similar websites targetting different countries
I have a website that has a .com.au extension running on zencart. If I load up the exact same wesbite (with the same website name) on the .com, will my .com.au be penalised by Google? Thanks in advance.
Technical SEO | | theshining0