HELP! Google Webmaster Tools showing weird internal links!?

13 years ago

At a guess, your site has been hacked. I had the same thing happen to one of mine. Log onto your host account with a ftp, and download your htaccess and robots.txt and view them in notepad. I'm thinking you will find heaps of the links there, they pretty much act as a redirect to another site. The reason you need to download them and check them is that they will be hidden if you true to view source or anything like that online.

Thanks
1 reply

{{ DiscussionBoard.errors[4592016].message }}

paulgl 13 years ago

Your site may have been hacked in the past, and now it's
been cleaned up.

The fact that the links were found, at one time, does not mean
they exist now.

If you have access to your cpanel, check some things out.

Hackers are able to do things without actually needing to take
it over. There are many flaws in mysql databases and such.

You have to find out the status of all files on your website.

Contact your host about vulnerabilities and plugging some holes.

Paul
- Thanks
- 1 reply
Signature

If you were disappointed in your results today, lower your standards tomorrow.
{{ DiscussionBoard.errors[4592043].message }}
- seosoldier 13 years ago
  
  Okay I just went to my site's control panel at vexxhost (usually I don't go there, I just upload everything via dreamweaver and check it to see if the page(s) arrived in working order).
  
  I poked around and the robots.txt was fine.
  
  However I found a Folder called "Biographies" and it has all the links on it which I did not put there.
  
  Maybe I'm thick but I just don't get how this helps the perpetrator of this hack, having a page like they created which took my main page and made a complete MESS of it (bad formatting, too wide, etc. etc.)... adding in their info about pop stars etc...
  
  I don't know much (nothing really) about hacking sites, so I am perplexed by this. Just out of curiosity can anyone venture an explanation as to how it helps them to put over 100 pages like this on my site? And why on earth would they choose my site, which has VERY LITTLE traffic?
  
  Anyway, so I'm deleting the folder and changing my password and hopefully that will fix it.
  
  Thanks for encouraging me to check my CP. I should have thought of that right away but I was kind of in shock, I think...
  
  Thanks
  
  Signature
  
  > My Promise To You: I will never promote any offer I do not truly believe to be 100% worth buying and using!
  https://bestwaterfilter.us
  
  {{ DiscussionBoard.errors[4592214].message }}

seosoldier

13 years ago

Thanks for the replies. I'll contact vexxhost and ask them for help. I'll look at my robots.txt as you suggest and poke around to see if I see anything unusual there.

Is this likely to eff up my google standing? My pages are undergoing backlink creation right now as I mentioned. So my site seems to be coming back up in the rankings, for most keywords, after having been knocked down to #100-200 etc for a week or so...

Whatever happened - hacking I guess - I think it just happened recently...

In investigating this today I wanted to contact the Great Google, and ask them about my site, but it seems there is really no way to do that, is there? If there is they sure make it hard to find any contact address/number/email...

Thanks

Signature

> My Promise To You: I will never promote any offer I do not truly believe to be 100% worth buying and using!
https://bestwaterfilter.us

{{ DiscussionBoard.errors[4592114].message }}

MarcCPASAW

13 years ago

Check your htaccess, as I said there should be some form of redirects there. From memory what happens is that traffic is directed to your site for those keywords and after clicking one of those links in the serps. They are straight away redirected to the hackers site which usually tries to drop a virus of some sought on to their computer.

With my site I lost all rankings as I left it for a month without checking anything, I also had google put a dangerous site tag next to my serp results. I deleted the folder with the links, editted my htaccess file and tried looking through the sql database but couldn't notice anything. The site stayed clean for 3 days before it was reinfected so figured the sql database was hacked. I ended up deleting the site and started again, as it was taking way to much of my time to try and fix it. Took it as a lesson to always update my WP to the latest version.

I'm guessing that the reason they do this is most likely they get legitimate serp traffic to their site, which has probably been delisted, due to hacking,scams or phishing.

Thanks
1 reply

{{ DiscussionBoard.errors[4592319].message }}

seosoldier

13 years ago

Originally Posted by PooFinger

Check your htaccess, as I said there should be some form of redirects there. From memory what happens is that traffic is directed to your site for those keywords and after clicking one of those links in the serps. They are straight away redirected to the hackers site which usually tries to drop a virus of some sought on to their computer.

With my site I lost all rankings as I left it for a month without checking anything, I also had google put a dangerous site tag next to my serp results. I deleted the folder with the links, editted my htaccess file and tried looking through the sql database but couldn't notice anything. The site stayed clean for 3 days before it was reinfected so figured the sql database was hacked. I ended up deleting the site and started again, as it was taking way to much of my time to try and fix it. Took it as a lesson to always update my WP to the latest version.

I'm guessing that the reason they do this is most likely they get legitimate serp traffic to their site, which has probably been delisted, due to hacking,scams or phishing.

Thanks for the info.
One thing has me stumped: All the links I found were in a folder called Biographies so I deleted that.
However google Webmaster Tools shows 1 internal link that was not in "Biographies" but was in my root folder. However when I look in my root folder, that file, called "winsted-alexandra-tydings" is not there! I looked all over for it but it's not there. I guess they themselves deleted it??

I'm an amateur at this web design stuff. Can you tell me what htaccess is and where it would be found?

I looked through every folder in my CPanel and did not find an htaccess file nor any other files that look like they don't belong, now that I deleted the "Biographies" folder they put there.

I guess I can only hope that my changing to a much stronger password will prevent further attacks.

Thanks for your help!
p.s. Is there any way I can let google know that all these effed up links weren't really mine and that I have now removed them from my site so they don't spank me? I just now submitted a new sitemap, after cleaning those files out of there, that's all I could think of to do.

Thanks
1 reply

Signature

> My Promise To You: I will never promote any offer I do not truly believe to be 100% worth buying and using!
https://bestwaterfilter.us

{{ DiscussionBoard.errors[4592593].message }}

MarcCPASAW

13 years ago

It's been awhile, from memory you will probably have to log in via a ftp client and force show hidden files, i don't think the CP client has this feature . I use filezilla. Your .htaccess file should be in the root of your public_html/domainname/ folder, after downloading it open it with notepad.

As I said alot of the stuff that will be happening will not be visible from looking at your site as they generally hide all the files.

You will need to edit it back to its original form. Is your site WP or Joomla? Do you have a backup? If they have got into your SQL database that will hurt. My site was a WP and pretty sure they had hacked the sql DB, I had a quick look but couldn't find anything. With your files look at the last modified date as well, because if you haven't updated anything for awhile, and there is dates modified since then, you can guarantee that they are the hacked files.

Also you are losing ground in your SERPs because of the number of outbound links that google is seeing. Mine had something like 250k listed in webmaster tools.

Thanks
1 reply

{{ DiscussionBoard.errors[4593249].message }}

seosoldier

13 years ago

Originally Posted by PooFinger

It's been awhile, from memory you will probably have to log in via a ftp client and force show hidden files, i don't think the CP client has this feature . I use filezilla. Your .htaccess file should be in the root of your public_html/domainname/ folder, after downloading it open it with notepad.

As I said alot of the stuff that will be happening will not be visible from looking at your site as they generally hide all the files.

You will need to edit it back to its original form. Is your site WP or Joomla? Do you have a backup? If they have got into your SQL database that will hurt. My site was a WP and pretty sure they had hacked the sql DB, I had a quick look but couldn't find anything. With your files look at the last modified date as well, because if you haven't updated anything for awhile, and there is dates modified since then, you can guarantee that they are the hacked files.

Also you are losing ground in your SERPs because of the number of outbound links that google is seeing. Mine had something like 250k listed in webmaster tools.

Thanks again for the further info.

I asked my site host to look into it and see if they can find any bad files. Not sure if they'll help much or not, I've never had to deal with them before - their service has been almost totally without problems or interruption of service, about 99.9% for the past 3 years or so, no down time.

I have neither WordPress nor Joomla, it's a site built on a template within Dreamweaver, html and css. CSS part is the template, my part is the html.

My site doesn't appear to be affected as much as yours was. I only had a couple hundred internal links they added, at most and my rankings don't seem to have suffered much, if at all.

It's hard to tell for sure because I just paid to have a bunch of backlinks built for me and that caused my site to take a big dip but now it's coming back. The SEO folks said it was the "google dance". Who knows? COuld have been from the hacked links.

In any case it has been coming back since the dip which occured 2 weeks ago or so, and now it's actually gaining in rank. So the hack doesn't seem to have hurt me much if at all. Or maybe I'm being overly optimistic. But I don't see a lot of damage as of yet it seems.

When I google my site I see mostly good links, with some of the hacked links mixed in. These hacked links have nothing to do with my site and when I go to them there is nothing there linking back to my site at all but somehow they come up in a search for my site.

But I think I may have caught it before any major harm was done.

I'll keep looking for that file you mention and I'll ask my host (Vexxhost) to look for it too. So if I find it I just delete it?

From what I have seen of these links they are not about giving a virus, they are entertainment sites, stuff about pop stars from Europe or ? (not familiar to me). I have AVG Firewall and it's real good about recognizing bad sites and warning me and when I clicked on the links I got no warning.

I just hope they don't get back into my site now that I've gotten rid of the internal backlinks they put there.

Thanks
1 reply

Signature

> My Promise To You: I will never promote any offer I do not truly believe to be 100% worth buying and using!
https://bestwaterfilter.us

{{ DiscussionBoard.errors[4594056].message }}

seosoldier

13 years ago

QUESTION:
This has yet to be answered and I am wondering if maybe I should start another thread specifically for this question:

What can I do about keeping this from negatively affecting my rankings? Is there any way to advise google what happened so they don't punish my site for being hacked? Is there anything at all I can do to recover from this hack besides deleting their files? Anything I can do re google's response to all these spammy links?

Thanks
1 reply

Signature

> My Promise To You: I will never promote any offer I do not truly believe to be 100% worth buying and using!
https://bestwaterfilter.us

{{ DiscussionBoard.errors[4594076].message }}

MarcCPASAW

13 years ago

From my experience Google didn't care, I had to keep submitting for reconsideration after they sent me a message via webmaster tools, this message was also how I found out I got hacked. Keep watching it and if they reappear then there is still something there that is allowing them to hack you, I never found it on mine. Can't help you with a html/css site.

Thanks
1 reply

{{ DiscussionBoard.errors[4594436].message }}

seosoldier

13 years ago

Originally Posted by PooFinger

From my experience Google didn't care, I had to keep submitting for reconsideration after they sent me a message via webmaster tools, this message was also how I found out I got hacked. Keep watching it and if they reappear then there is still something there that is allowing them to hack you, I never found it on mine. Can't help you with a html/css site.

Hey, thanks for hanging with me on this issue!

Here's the latest:
I found the htaccess file (I had to use an older system of cpanel they offered which allowed it to be seen). It was in both my public_html folder and my Home folder.

It was a text file full of code that looked like this:
(I'll delete some characters etc. for showing it here but you get the idea...)
RewriteRule ^antidote_+(.*)/-/biographies/virgin.php?$1
RewriteRule ^spooner_+(.*)/-/biographies/virgin.php?$1

BUT although I went through the motions of deleting it, it would not delete, it would only turn into a blank page. I suspect that means the file is necessary to my site? Or ??? why would it not allow me to delete it?

I downloaded it to a folder on my hard drive too just to show anyone who may need to see it for any reason. I also tried to move it within my cpanel to a different folder. It would allow me to move it, but again, it still stayed where it was, too. It's as if when I move or delete it, it just re-creates itself (but minus the code as above).

So is this what yours did, too? Or were you actually able to delete it?

I have been trying to reach my host but their line is busy all day long and they have not replied to my support ticket. This may lead me to dump them unless I hear from them at least by tomorrow morning.

Oh, and I also found a folder that is labeled htpasswords. I looked at it and there was a text file in there too that just had one 15 character string, as in a password. It wasn't anything I created, so I just moved that whole folder to a folder I created just in case I do need it. Do you think that htpassword folder is also part of the hacking?

Thanks

Signature

> My Promise To You: I will never promote any offer I do not truly believe to be 100% worth buying and using!
https://bestwaterfilter.us

{{ DiscussionBoard.errors[4599475].message }}

imback

13 years ago

Following you on this thread. It does look like a hack to me. I have seen this before with a client I had. I don't remember what he ended up doing.

CHAD

Thanks
1 reply

{{ DiscussionBoard.errors[4599504].message }}

seosoldier 13 years ago

Hi imback, there's no question that it is a hack.
I actually think I have booted them out and changing my password to a much stronger one should keep them out - UNLESS they got in via the host's backdoor, not mine. I'll be monitoring my site daily from now on and several times a day when I can over the next week or so. But hopefully I've gotten them out of there for good.

Now it's just a matter of keeping them out. And doing what I can to stay in The Great and Mighty Google's good graces.
- Thanks
Signature

> My Promise To You: I will never promote any offer I do not truly believe to be 100% worth buying and using!
https://bestwaterfilter.us
{{ DiscussionBoard.errors[4599852].message }}

Incoan

13 years ago

Thanks for the thread.

On the related topic, maybe there is some kind of service (maybe monthly payment) that would protect you/notify you instantly if your website was hacked?

Anyone knows?

Thanks
1 reply

{{ DiscussionBoard.errors[4599926].message }}

seosoldier

13 years ago

Originally Posted by Incoan

Thanks for the thread.

On the related topic, maybe there is some kind of service (maybe monthly payment) that would protect you/notify you instantly if your website was hacked?

Anyone knows?

I recently hears about About | Sucuri Security

I'm not in any way affiliated with them, I just heard about them a few days ago. They do have a free site check and I had checked my site while it was hacked and it showed nothing. Does not give me a lot of confidence in their free Site Check. I wonder if their pay service is any better.
I wonder if there's a good one out there. I'm going to google it.

I found out my site was hacked by checking my internal and external links via Google Webmaster Tools. I suppose if you checked there regularly you might find it right after it happened.

Theoretically, (tell me if I'm wrong) one's Hosting service should be responsible for keeping your site secure. No?

I find it interesting that Sucuri is talking about how their scans find this type of hack, but I scanned my site using their service the day before I discovered it had been hacked (the hack was done a month or two previously according to records of their files uploaded), and yet Sucuri gave me a "clean bill of health" via their free scan. I'm not saying this to disparage Sucuri - I really know little about them - but rather to warn you all that maybe these type of site checks in general don't work that well. Maybe the best way to go is to make sure your site has a strong password and any extra security your host offers, and to at least check your backlinks and internal links at google Webmaster Tools every few days to see if there's anything there that looks wrong, as in my case.

If you check Sucuri's blog at their site above, you can find a lot of info about the htaccess hack, particularly as it relates to Wordpress. Apparently a lot of Wordpress sites are being hacked this way or similarly. My site is not a Wordpress site, however.

FYI: A google search for " check website for malicious code " came up with a whole lot of free info and tools that I'm in the process of checking. Will report back on at least some of it.

Thanks
1 reply

Signature

> My Promise To You: I will never promote any offer I do not truly believe to be 100% worth buying and using!
https://bestwaterfilter.us

{{ DiscussionBoard.errors[4605057].message }}

MarcCPASAW

13 years ago

With your .htaccess file download it with a ftp program, i found the one in cpanel to be crap for this purpose. As I said I use filezilla, its a free ftp program. Once u have downloaded the .htaccess edit it in notepad, save it, then upload it again overwriting the one that is there.

The reason you need to download it is because as you have found out the file permissions have been changed so you can't edit it where it is.

Another thing, do you have a admin page that you log into from the web (Not cpanel), on your site? If so they can generally brute force this if it allows infinite attempts to login without locking them out after so many wrong attempts.

Thanks
1 reply

{{ DiscussionBoard.errors[4605640].message }}

seosoldier

13 years ago

Originally Posted by PooFinger

With your .htaccess file download it with a ftp program, i found the one in cpanel to be crap for this purpose. As I said I use filezilla, its a free ftp program. Once u have downloaded the .htaccess edit it in notepad, save it, then upload it again overwriting the one that is there.

The reason you need to download it is because as you have found out the file permissions have been changed so you can't edit it where it is.

Another thing, do you have a admin page that you log into from the web (Not cpanel), on your site? If so they can generally brute force this if it allows infinite attempts to login without locking them out after so many wrong attempts.

No, there is no admin page connection from my site, only a cpanel which now has a strong password.

Not sure why I need to download and edit the htaccess file. When I deleted it, it remained but went blank. I have no idea how else I would edit it (that is, I don't know what info it should contain; I just know the redirect info it DID contain was wrong! ;-D )

From what I have read, it seems the Hosts tend to hide the htaccess file from view, even from the site owner. Mine was hidden but they had an option to enter the cpanel from an older "software" (web page) and that system allowed me to view it, delete it etc.

I'm still waiting to hear from my Host. I'm going to try to call them tomorrow evening after I get home from work but since it's a holiday and evening I imagine I'll have to wait til Tuesday and I am not optimistic about reaching them then either being that they have not responded to my email and I couldn't get through by phone on Friday.

Thanks
1 reply

Signature

> My Promise To You: I will never promote any offer I do not truly believe to be 100% worth buying and using!
https://bestwaterfilter.us

{{ DiscussionBoard.errors[4611166].message }}

seosoldier 13 years ago

So I have pretty much had it with Vexxhost and plan to move my site at the earliest available time.

Vexxhost claims to have 24x7x365 support.
I submitted a ticket on Friday and though I received an automated response back that they received it, when I click on the link to the ticket there is nothing there.

So I finally had a chance to call their Tech Suport 800# there. There was a menu which referred me to the Tech Support line. When I got to the tech support line a recording informed me that they do not give tech support on the phone, that I should submit a ticket!

As I stated in another forum, to someone who was defending low cost Hosts for not providing personal service, the fact is Vexxhost DOES promise 24/7/365 tech support, so the fact that they have not responded to my ticket within 120 hours says to me they do not deserve my business nor anyone else's. I opened a new ticket a few days ago too - via a different part of their site, via my CP, and that has also gone unanswered. On that one I didn't even get an auto-response.

So I could pay a service to go in and clean up my site, but that does not seem practical since I have no idea how the hacker got into the site. If he got in via my password I feel pretty confident they will not be able to hack my new one. BUT since the hacker may well have gotten in via Vexxhost themselves, it makes no sense for me to continue hosting there under the circumstances.

So here's my questions now are: (maybe this should be in another forum here?)

1) Since I use Dreamweaver to upload my site which lives on my hard drive, can I just move it to a new host - upload the files to a new host? What steps do I have to take to move it? (I mean I know how to physically move it, but do I have to file any type of form with google and the other search engines, etc. to let them know it's moved?)

2) Will I lose any google ranking by moving my site, assuming I keep all the page urls and page titles and all that exactly the same?

Thanks for any input on this. I'm probably going to move it on Friday if I can.
- Thanks
Signature

> My Promise To You: I will never promote any offer I do not truly believe to be 100% worth buying and using!
https://bestwaterfilter.us
{{ DiscussionBoard.errors[4631524].message }}

HELP! Google Webmaster Tools showing weird internal links!?

Trending Topics

Google Ads, landing pages, and Clickbank links

Carry out better target audience research

YouTube gets shopping display tools and affiliate partnership updates

A Very Strange Internet Problem

Membership area with multiple income streams