My site has been hacked - What should I do?

16 replies
Hello
Looked in my Google Tools a couple of days ago and could see I had a notice from Google regarding my site. They said something like......
"Domain .com will has been labeled as potentially compromised in our search results. This is because some of your pages contain content which may harm the quality and relevance of our search results. It appears that these pages were created or modified by a third party, who may have hacked all or part of your site. Many times, they will upload files or modify existing ones, which then show up as spam in our index.
Once you've made sure your site is clean and secure, you can request reconsideration etc"
I contacted my host and we have restored the site and I have updated latest WP version. Have requested reconsideration from Google.
1. 75% of my traffic has gone. What are the chances of my pages coming back :confused:
2. Is it worth adding new content now to the site or will these rankings be effected :confused:
3. Is it better to scrape or leave the blog and start over with a new domain for my
future content :confused:
If anyone has been through similar I would appreciate any advice on how I can move forward. The blog was a successful site so I really need to do something, pls help!
Thanks in advance
#hacked #site
  • Profile picture of the author Greedy
    Contact your hosting, a lot time they can help you out.

    Because they want it off their servers.
    {{ DiscussionBoard.errors[6881299].message }}
    • Profile picture of the author Moneyland
      Originally Posted by Greedy View Post

      Contact your hosting, a lot time they can help you out.

      Because they want it off their servers.

      As in my notes I have contacted my host. They did not want it off their servers. They helped me to restore the site to bring it back to what it was, clean hopefully.
      {{ DiscussionBoard.errors[6881347].message }}
  • Profile picture of the author banx63
    Damm hackers - 'sucuri' is really good. A bit late for you now - but maybe for next time.
    Signature
    Message me about joining our secret Viral Sites Clan on Facebook (not for newbies)
    {{ DiscussionBoard.errors[6881333].message }}
    • Profile picture of the author Moneyland
      Originally Posted by banx63 View Post

      Damm hackers - 'sucuri' is really good. A bit late for you now - but maybe for next time.
      "Sucuri" sounds like a good service. I have submitted my site to Google for reconsideration but I am wondering if it is worth getting these guys to check over. Anyone used Sucuri :confused:
      {{ DiscussionBoard.errors[6881398].message }}
  • Profile picture of the author petemcal
    Sorry to hear that mate.
    For reference I use wordpress firewall (or firewall for wordpress) I can't remember the exact wording.

    It's notified me once of an attempted hacked file upload thus far so I'm glad I've got it. There's a lot of good wordpress security plugins that can help you. Although the best hackers will always get through if they want to.

    Just make sure you back up regularly, both your page files and sql database etc.
    Signature
    Follow Pete on Twitter #SEO #Marketing
    "It's like if Einstein did SEO"
    "Much shorter than Shakespeare"
    "I would follow Pete over Jesus Christ himself"
    {{ DiscussionBoard.errors[6881387].message }}
  • Profile picture of the author zacsmith
    If you're running Wordpress, it's likely a bot has injected bad code into one or more of your pages. I've had this happen and found it's usually an insecure page, like the footer.php file, that has had bad code placed

    Others with more experience can weigh in, but here's what I did:

    1. Change all passwords to something much more secure. I use 13-digit alphanumeric passwords and change them often. Won't help fix the problem, but will keep troublemakers out for the time being.
    2. Check Google Webmaster Tools. It will often tell you what file is the bad actor.
    3. Got a backup of the site or database? Restore it or ask your host to do so. If that doesn't work...
    4. Delete, not replace, all of your core THEME files.
    5. Remove all unnecessary or untrustworthy plugins. Your host can often tell you which ones cause the most problems. Some are huge security holes. Make sure all needed and trustworthy plugins are the current version.
    6. Upgrade or re-install WP, which will replace the core WP files without trashing your wp-content files or database.

    You can check your site after each step and see if the Google warning comes up.

    When your site is clean, install some security (other then the password). I use BulletProof Security and WP Firewall among other things, and a host that's fanatical about server protection, including free CloudFlare to help block this kind of thing (among other benefits). Make certain your host REALLY has a backup — each night. Some hosts say they do, but don't — as I've found to my regret.

    Once I did these things to my sites (all 10-12 of them), including switching hosts, it eliminated these types of problems.

    Just my $.03. Good luck to you.

    gary
    Signature
    Gary Smith, Partner, Wells-Smith Partners
    Your Employee Handbook Personnel Policies for Small Businesses
    Eliminate the barriers to a successful life: How to Create a Happier Life
    Stressful home life?: How to Create a Happier Home
    {{ DiscussionBoard.errors[6881445].message }}
    • Profile picture of the author Moneyland
      Originally Posted by zacsmith View Post


      1. Change all passwords to something much more secure. I use 13-digit alphanumeric passwords and change them often. Won't help fix the problem, but will keep troublemakers out for the time being.
      2. Check Google Webmaster Tools. It will often tell you what file is the bad actor.
      3. Got a backup of the site or database? Restore it or ask your host to do so. If that doesn't work...
      4. Delete, not replace, all of your core THEME files.
      5. Remove all unnecessary or untrustworthy plugins. Your host can often tell you which ones cause the most problems. Some are huge security holes. Make sure all needed and trustworthy plugins are the current version.
      6. Upgrade or re-install WP, which will replace the core WP files without trashing your wp-content files or database.

      You can check your site after each step and see if the Google warning comes up.


      gary
      How do I check the site after each step to see if the Google warnings comes up? In Google Tools :confused:
      {{ DiscussionBoard.errors[6881591].message }}
  • Profile picture of the author mosthost
    Your web host could patch their PHP and stop this from happening again. If they don't, this will repeat itself sooner rather than later.
    {{ DiscussionBoard.errors[6881454].message }}
  • Profile picture of the author HostWind
    Often times these are simple fixes. If you check File Manager in cpanel, and sort by Date, find all files modified recently. Often times you will see index.php and some gibberish in there that is your culprit.
    {{ DiscussionBoard.errors[6881460].message }}
  • Profile picture of the author DWaters
    I would consider Wewatchyourwebsite.com
    They are a small operation, sometimes slow to get a response from them but they appear to be very knowledgable and they have have helped me out, as recently as today when I had an unusual infection bothering one of my sites.
    I have also added WP Firewall 2 and Login lockdown plugins for extra security.
    Signature
    How I really Make Money With Amazon

    Want to get rich with top rated FREE Super Affiliate Training?
    {{ DiscussionBoard.errors[6881509].message }}
  • Profile picture of the author TimGross
    If you're running Wordpress, common vulnerabilities are out of date plugins and/or themes. That's great that your webhost was able to revert back to an unhacked version of your site, but the vulnerability that was exploited is still there for it to happen again.

    1) Update any plugins you're using to the latest version, and delete any you're not using.

    2) See if there's an updated version of the Wordpress theme you're using.

    3) Install security plugins like "Login Lockdown" and "Bulletproof Security" free version. If you like the free version, consider buying the pro version.

    4) Change your Wordpress logins and FTP logins, and while you're doing that, make them harder passwords.

    By the way, malicious code can be injected into your php pages without the date stamp of the file changing, so you can't rely solely on the latest date stamps to tell whether a file has been hacked.
    {{ DiscussionBoard.errors[6881541].message }}
  • Profile picture of the author Kingfish85
    Alright, it seems that you've got the latest version of Wordpress itself... Now, what about the plugins?
    • How many do you have?
    • What are they?
    • Are they even supported anymore?

    Zacsmith outlined some great steps.

    You have to keep in mind that a lot of Wordpress plugin developers stop supporting the plugin once it's been written. When this happens, it does not get updated when a new exploit is found in the core Wordpress installation leaving you with a security hole.

    8 out of 10 Wordpress "hacks" are due to vulnerable/non-supported plugins. Then you have to factor in that literally everything the average Wordpress user wants to do, they go about it the easiest route which is finding some plugin to do it. There's no need to use a plugin to do simple things like add Google Analytics code. There are plenty of guides on how to add the few lines to your header file.

    People seem to continuously add plugin after plugin to do who knows what, which ultimately is the root cause of the problem. (in most cases). I'll list a few things that you can do below -
    • Move the config.php up a dir to the /home directory
    • Change the admin user via the database, not just the "friendly" name
    • Use strong passwords: uppercase, lower case, numbers & special characters
    • Password protect your wp-admin directory at the server level. Now there are 2 steps.
    • Don't use "free" themes you found on Google. They're almost always exploited
    • Choose a web host that cares about security
    • Limit the failed login attempts, something like Login Lockdown

    The list goes on, but there are a few things that will definitely help secure your site. Monitor your failed login attempts. If they continue, provide your web host with the IP's and they can be blocked at the firewall level. Failed cPanel or direct server logins "should" already be getting perm. blocked after XX failed attempts or scanning.

    EDIT: While there are some good tips here on installing security plugins, don't just blindly install them. Read about them and understand what they're doing or have someone do it for you. Installing a bunch of "security" plugins on top of each other could ultimately cause them to conflict with each other causing more issues.

    Hope that helps!
    {{ DiscussionBoard.errors[6881607].message }}
    • Profile picture of the author websolution08
      if your hosting company can not restore/clean up your site,i suggest you to hire "platinum server management. com" (no space between words). i was in the same situation last year and the only guys able to fix my website were them.

      just my 2 cents...
      {{ DiscussionBoard.errors[6881748].message }}
      • Profile picture of the author Moneyland
        Many thanks to everyone for all your comments. Google have mentioned it could take many weeks to come back to me after the request for reconsideration. Under these circumstances would you still continue to add content to the blog now or wait :confused: I will tighten up many security measures as suggested here but just don't know how to proceed with the site, any suggestions :confused:
        {{ DiscussionBoard.errors[6881965].message }}
  • Profile picture of the author Cesar Sampaio
    I hope your host will help you. You pay for that as well.

    Some services like Hostgator and a few others are exemplar. Some... not so.
    Signature
    A Step-By-Step Guide! Do Just This One Thing And Finally Make Money As An Amazon Affiliate
    {{ DiscussionBoard.errors[6882779].message }}

Trending Topics