Disavow links and domain of SPAM links
-
Hi,
I have a big problem. For the past month, my company website has been scrape by hackers.
This is how they do it:
1. Hack un-monitored and/or sites that are still using old version of wordpress or other out of the box CMS.
2. Created Spam pages with links to my pages plus plant trojan horse and script to automatically grab resources from my server. Some sites where directly uploaded with pages from my sites.
3. Pages created with title, keywords and description which consists of my company brand name.
4. Using http-referrer to redirect google search results to competitor sites.
What I have done currently:
1. Block identified site's IP in my WAF. This prevented those hacked sites to grab resources from my site via scripts.
2. Reach out to webmasters and hosting companies to remove those affected sites. Currently it's not quite effective as many of the sites has no webmaster. Only a few hosting company respond promptly. Some don't even reply after a week.
Problem now is:
When I realized about this issue, there were already hundreds if not thousands of sites which has been used by the hacker. Literally tens of thousands of sites has been crawled by google and the hacked or scripted pages with my company brand title, keywords, description has already being index by google.
Routinely everyday I am removing and disavowing. But it's just so much of them now indexed by Google.
Question:
1. What is the best way now moving forward for me to resolve this?
2. Disavow links and domain. Does disavowing a domain = all the links from the same domain are disavow?
3. Can anyone recommend me SEO company which dealt with such issue before and successfully rectified similar issues?
Note: SEAGM is company branded keyword
-
I'm afraid there's no easy answer. The security side is beyond the scope of Q&A (it's just too dependent on your platform/host/etc.), but locking that down is definitely the biggest and first step. Obviously, though, you can't stop third-party sites from getting hacked.
Disavow can be done at the domain level. There are some oddities, like Wordpress.com (where sub-domains act more like stand-alone domains), but for most sites, if most links are malicious, lock down the entire incoming domain.
Make sure your core links are clean. If you have a solid base of links, and you're not dealing with a lot of quality issues, it's tough for these kinds of hacked links to cause as much harm. Google knows this happens. Unfortunately, if your core link profile is a mess or week, then it's a lot easier to take damage. So, this is a battle on two fronts - stop the attack and, at the same time, clean up your core link profile and strengthen it as best you can.
There are a lot of link removal tools now, but honestly, they're a starting point. You need to dig in and evaluate what they give you, so that you're not taking out links that are potentially good. Right now, this is a labor-intensive process, I'm afraid.
-
Hi Andy,
Am currently gathering data from Webmaster Tools.
No, I didn't get any manual actions message from Google.
I do have a list. Am trying to use Kerboo (LinkRisk) to manage it. However, I have little time to do this.
-
Hi,
2. Disavow links and domain. Does disavowing a domain = all the links from the same domain are disavow?
Yes, I would be disavowing at a domain level (not even subdomain) with a view to blocking everything you find.
How have you been gathering link data? Webmaster Tools? Ahrefs? Majestic? OSE?
Ideally you need to create one master list of everything you can find and start from there. It isn't going to be a quick fix though because if you have been caught by Penguin, you wont get out of any penalty until it is re-run again. All you can do is prepare for when that run happens.
If you haven't yet been caught by Penguin, then you would be saving yourself a lot of worry by getting this resolved before the next refresh happens.
-Andy
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Old domain to new domain
Hi, A website on server A is no longer required. The owner has redirected some URLS of this website (via plugin) to his new website on server B -but not all URLS. So when I use COMMAND site:website A , I see a mixture of redirected URLS and not redirected URLS.Therefore two websites are still being indexed in some form and causing duplication. However, weirdly when I crawl with Screaming Frog I only see one URL which is 301 redirected to the new website. I would have thought I'd see lots of URLs which hadn't been redirected. How come it is different to using the site:command? Anyway, how do I move to the new website completely without the old one being indexed anymore. I thought I knew this but have read so many blogs I've confused myself! Should I: Redirect all URLS via the HTACESS file on old website on server A? There are lots of pages indexed so a lot of URLs. What if I miss some? or Point the old domain via DNS to server B and do the redirects in website B HTaccess file? This seems more sensible but does this method still retain the website rankings? Thanks for any help
Technical SEO | | AL123al0 -
Backlink Profile: Should I disavow these links? Auto-Generated Links etc
Hello Moz Community, At first I wanted to say that I really like the Q&A section and that I read and learned a lot - and today it is time for my first own question 😉 I checked our backlink-profile these days and I found in my opinion a few bad/spammy links, most of them are auto-generated by pickung up some (meta) information from our webpage. Now my question is if I should dasavow these links over webmasters or if these links shouldn't matter as I guess basically every webpage will be picked up from them. Especially from the perspective that our rankings dropped significantly last weeks, but I am not sure if this can be the real reason. Examples are pages like: https://www.askives.com/ -Auto-Generates for example meta descriptions with links http://www.websitesalike.com/ -find similar websites http://mashrom.ir/ -no idea about this, really crazy Or we are at http://www.europages.com/, which makes sense for me and we get some referral traffic as well, but they auto-generated links from all their TLDs like .gr / .it / .cn etc. -just disavow all other TLDs than .com? Another example would be links from OM services like: seoprofiler.com Moreover we have a lot of links from different HR portals (including really many outdated job postings). Can these links “hurt” as well? Thanks a lot for your help! Greez Heiko
Technical SEO | | _Heiko_0 -
What do I do with these back links?
In the last two weeks, I've got 10 pingbacks from this http://caraccidentlawyer.cc/coroner-ids-berkeley-bodies-who-were-killed-in-recent-car-accident/ and sites like it. The featured attorney is a competitor of ours and, since the links aren't sex/drugs/rock&roll related, (and he's linked too) I doubt this is a negative SEO campaign, but I want it to stop. These blogs are basically pure spam. Any suggestions?
Technical SEO | | KempRugeLawGroup1 -
Cross domain canonical, pros, cons, and link popularity?
We have a client who has two well trusted web properties, their insurance site where they sell insurance offerings, and a state specific blog they own where they promote healthy living. They want to improve their traffic/rankings/etc to the main site but they want to keep their blog where its at for PR (it already has a great following). So my quesiton is, if we do set up a secondary blog on the main site and use canonical tags on the more trusted external blog to link to the main site. Will that pass on the link popularity their external blog gets along with all the benefits of the fresh content, etc? I've never actually seen anyone do this yet, keen to try it but not with a client.
Technical SEO | | iAnalyst.com0 -
How to prevent duplicat content issue and indexing sub domain [ CDN sub domain]?
Hello! I wish to use CDN server to optimize my page loading time ( MaxCDN). I have to use a custom CDN sub domain to use these services. If I added a sub domain, then my blog has two URL (http://www.example.com and http://cdn.example.com) for the same content. I have more than 450 blog posts. I think it will cause duplicate content issues. In this situation, what is the best method (rel=canonical or no-indexing) to prevent duplicate content issue and prevent indexing sub domain? And take the optimum service of the CDN. Thanks!
Technical SEO | | Godad0 -
Google Links
I am assuming that the list presented by Google Webmaster tools (TRAFFIC | Links To Your Site) is the one that will actually be used by Google for indexing ? There seem to be quite a few links that there that should not be there. ie Assumed NOFOLLOW links. Am I working under an incorrect assumption that all links in webmaster tools are actually followed ?
Technical SEO | | blinkybill0 -
Added data to links
Hello I am in the process of cleaning a site and getting less pages cached. it is a magento site and I was wondering what is your advice fo pages that get this padded to the link ?material=139&price=10%2C12 accept the obvious canonical? thanks
Technical SEO | | ciznerguy0 -
Top Level Domains
Howdy Everyone, I have a website that will span multiple countries. The content served will be different for each country. As such, I've acquired the top level domains for different countries. I want to map the cop level domains (e.g. domain.co.uk) to uk.domain.com for development purposes (LinkedIn does this). I'm curious to know whether this is adviseable and if mapping a country-specific TLD to a subdomain will maintain local SEO value. Thanks!
Technical SEO | | RADMKT-SEO0