Mobile app version of vmapp.org
Login or Join
Deb1703797

: Hacked website had it's SEO compromised, after recovery, google still index new corrupted URLs A wordpress website was hacked using old-plugin-version vulnerabilities. The result of the hack was

@Deb1703797

Posted in: #Google #HackedSite #Seo #Wordpress

A wordpress website was hacked using old-plugin-version vulnerabilities.

The result of the hack was that index.php redirected google to a chinese website and hence the original SEO was corrupted but also new links were added to google index like site.com/chinese-product.

That was only visible with a google user-agent, so the result was visible on google search index ONLY, meaning a random user would only see the google search result compromised, but not the website.

The site was then updated and fixed, all backdoors removed. Even with a google agent, no compromised result was returned.

However, few weeks after, I can see that google is adding to it's index again urls like site.com/chinese-product.

How is that possible given that:


The URL returns a 404 with a regular user-agent AND with google's.
I can see nowhere a resource pointing to that URL.
Checks and scans reveal no intrusion or hack.


Could you please advice on what could be done ?

Edit: Also, this seems that due to that compromised SEO and the site.com/chinese-product-in-chinese language, the website was now removed from search results in english, WITHOUT being banned (no alert in google search console).

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Deb1703797

2 Comments

Sorted by latest first Latest Oldest Best

 

@Hamm4606531

I discovered an htaccess-option to block spam-urls effectivly

RewriteRule ^(.*)(viagra|levitra|sildenafil|zilfic|cialis|vardenafil|kamagra|pfizer)(.*)$ - [NC,R=410,L]


All URLs with specific keywords are treated as 410. Depending on the Hack, you can swap the keywords. separated by pipe |

Not sure, if this is best practice.

10% popularity Vote Up Vote Down


 

@Reiling115

It's completely two sepered tasks from removing hacked pages/malwares
and fixing your SERPs result.
There's no way you can properly remove particular indexes from Google even with Google Search Console, they only temporarily hide it.
It's officially suggested by Google that you need to completely remove the source of these pages, then Google will proceed the rest
work for you.
However, to make the process more clean and professional, I found using 410 response most specific and efficient way to tell Google that these pages have been permanently removed and should be de-indexed asap.


Simple steps


Locate your hacked folder, for example mine was "uykius," including 40s of hacked html pages.
Here you better note the number of file, so you can estimate how many SERPs result you need to take down.
Let's say I've removed all those 40 infected pages (by blowing the folder), with a note in my hand (ideally all the file name!)
Now you need to work on SERPs result removal, the best way is to check whether all the hacked pages have been indexed or not, if
you're lucky some of them might be already de-indexed (not my case
tho)
I found some efficient way to locate these pages, I searched "site:mydomain.com uykius" so all the indexed file in that hacked
folder popping up.
If you access them, they have to be inaccessible or reported 404 error, which ensure that their source have been completely removed.
Now you better send 410 response to Google using redirection method, technically this is the most specific way to de-index them.
You can do 410 for all of them manually or using "410 for wordpress," if your site is running on WP. (Hopefully) The plugin
allows you to manually add the lists, or if you clicked all the
hacked indexes it will keep 404 error logs and you are able to
redirect them right away.


After you proceed every step, your site should be good, first you got all the hacked content removed!, second you report Google to eliminate them using 410 reponse. All you need is go to "Search Console > Manual Work" and submit site for review if you were being flagged as hacked.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme