Disavow links and domain of SPAM links
-
Hi,
I have a big problem. For the past month, my company website has been scrape by hackers.
This is how they do it:
1. Hack un-monitored and/or sites that are still using old version of wordpress or other out of the box CMS.
2. Created Spam pages with links to my pages plus plant trojan horse and script to automatically grab resources from my server. Some sites where directly uploaded with pages from my sites.
3. Pages created with title, keywords and description which consists of my company brand name.
4. Using http-referrer to redirect google search results to competitor sites.
What I have done currently:
1. Block identified site's IP in my WAF. This prevented those hacked sites to grab resources from my site via scripts.
2. Reach out to webmasters and hosting companies to remove those affected sites. Currently it's not quite effective as many of the sites has no webmaster. Only a few hosting company respond promptly. Some don't even reply after a week.
Problem now is:
When I realized about this issue, there were already hundreds if not thousands of sites which has been used by the hacker. Literally tens of thousands of sites has been crawled by google and the hacked or scripted pages with my company brand title, keywords, description has already being index by google.
Routinely everyday I am removing and disavowing. But it's just so much of them now indexed by Google.
Question:
1. What is the best way now moving forward for me to resolve this?
2. Disavow links and domain. Does disavowing a domain = all the links from the same domain are disavow?
3. Can anyone recommend me SEO company which dealt with such issue before and successfully rectified similar issues?
Note: SEAGM is company branded keyword
-
I'm afraid there's no easy answer. The security side is beyond the scope of Q&A (it's just too dependent on your platform/host/etc.), but locking that down is definitely the biggest and first step. Obviously, though, you can't stop third-party sites from getting hacked.
Disavow can be done at the domain level. There are some oddities, like Wordpress.com (where sub-domains act more like stand-alone domains), but for most sites, if most links are malicious, lock down the entire incoming domain.
Make sure your core links are clean. If you have a solid base of links, and you're not dealing with a lot of quality issues, it's tough for these kinds of hacked links to cause as much harm. Google knows this happens. Unfortunately, if your core link profile is a mess or week, then it's a lot easier to take damage. So, this is a battle on two fronts - stop the attack and, at the same time, clean up your core link profile and strengthen it as best you can.
There are a lot of link removal tools now, but honestly, they're a starting point. You need to dig in and evaluate what they give you, so that you're not taking out links that are potentially good. Right now, this is a labor-intensive process, I'm afraid.
-
Hi Andy,
Am currently gathering data from Webmaster Tools.
No, I didn't get any manual actions message from Google.
I do have a list. Am trying to use Kerboo (LinkRisk) to manage it. However, I have little time to do this.
-
Hi,
2. Disavow links and domain. Does disavowing a domain = all the links from the same domain are disavow?
Yes, I would be disavowing at a domain level (not even subdomain) with a view to blocking everything you find.
How have you been gathering link data? Webmaster Tools? Ahrefs? Majestic? OSE?
Ideally you need to create one master list of everything you can find and start from there. It isn't going to be a quick fix though because if you have been caught by Penguin, you wont get out of any penalty until it is re-run again. All you can do is prepare for when that run happens.
If you haven't yet been caught by Penguin, then you would be saving yourself a lot of worry by getting this resolved before the next refresh happens.
-Andy
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Internal no follow links
I have just discovered that the WordPress theme I have been using for some time has no follow internal links on the blog. Simply put each post has an image and text link plus a 'read more'. The Read more is a no-follow which is also on my homepage. The developer is saying duplicate follow links are worse than an internal no follow. What is your opinion on this? Should I spend time removing the no follow?
Technical SEO | | Libra_Photographic0 -
Sitemap links
Hi, I´m running a sitemap using pro-sitemaps and I find several pages that shouldn´t be listed. How do I find how are these pages being generated? Can´t find the links the robot is following to get to those pages..
Technical SEO | | ceci27100 -
Bad link profile?
Hi Mozzers! We have recently been handed this client due to the former SEO company building up a bad link profile, which resulted in the site dropping off the search results all together. Forcing them to get a new domain. This happened in July last year and we are unsure whether it would be wise to submit a reconsideration request and then 301 their old sites pages to the new domain. Basically I'm asking whether you can spot any spammy links being built in their profile. Here is the old domain: http://www.claimssolicitors.co.uk/ It would be great if you could help me out! 🙂 Thanks
Technical SEO | | Webrevolve0 -
Broken link
I know SEO Moz has a lot of info about 404 301 302 etc but I am trying to figure out easy way to fix two of the broken links from flash. I am redirecting following links with wordpress redirect plug in http://soobumimphotography.com/gallery.php?GalleryID=126&GalleryName=Wedding&OrderNum=1 http://soobumimphotography.com/gallery.php?GalleryID=126&GalleryName=Wedding&OrderNum=1 What would be the best way to solve this? Is there anyway I can remove those?
Technical SEO | | BistosAmerica0 -
301 for old domain to new domain - Joomla plugin or cpanel?
A client changed domains and both are being indexed. There are thousands of content pages. I can install a 301 redirect Joomla plugin and configure it so that each page redirects to the new domain. I have a feeling I will need to manual set every page. OR I can create a domain level redirect setting in cpanel using wildcards. I think this will automatically pass every old URL to the new URL. Which is the better approach? The cpanel option sounds like less work.
Technical SEO | | designquotes0 -
Migrating a better performing domain to a less well performing domain
I have a customer who has many domain names and assets but she's wanting to consolidate some of them to help her simplify things for her customers but mostly she wants to build up her website through which she sells products. Grief Reflection - www.griefreflection.com is a personal journal that she's keeping to process the impending death of her husband and it's also linked to her business website which sells healing from grief types of products. Storybooks for Healing - www.storybooksforhealing.com is the website through which she sells workbooks and memory books for people who want to keep the memory of their loved one alive after they've gone. I've setup both of these domains as campaigns and have been looking at the metrics for both. The grief reflection blog out performs the storybooks for healing website. If we merge the two then the Grief Reflection blog would likely become a subdirectory under www.storybooksforhealing.com and be more fully integrated which she thinks will help her visitors not get confused while navigating her website. www.griefreflection.com has 12,637 links while www.storybooksforhealing.com has 1,462. Also, Google has indexed 380 pages of Grief Reflection and only 100 pages for Storybooks for Healing, though that may be because there are fewer pages to index. Grief reflection also has a 4.36 mozRank and 5.30 mozTrust, where Storybooks has 4.13 mozRank and 5.15 mozTrust. Should I counsel her to keep these domains separate? If not, would simply setting up 301 redirects from the www.griefreflection.com domain name to the new subdirectory under www.storybooksforhealing.com be the way to go? Thank you ever so much for any wisdom anyone can provide.
Technical SEO | | ChristiMc0 -
Old Domain - What to do?
A client recently bought an older domain that is keyword-rich to an aspect of his company. The main website has both e-commerce and call-to-action elements. Our team is split on whether or not to create a micro-site on that domain focused on that aspect of the work that he does or to simply redirect the old domain to his main website. I have not had the opportunity to look at the link profile of the recently acquired domain nor do I have any idea of how many times it's changed hands (which would seem to now be a possible indicator of doorway pages). If any clarification would help, please let me know and I'll do my best to answer.
Technical SEO | | MountainMedia0 -
Is link cloaking bad?
I have a couple of affiliate gaming sites and have been cloaking the links, the reason I do this is to stop have so many external links on my sites. In the robot.txt I tell the bots not to index my cloaked links. Is this bad, or doesnt it really matter? Thanks for your help.
Technical SEO | | jwdesign0