13 {{ upvoteCount | shortNum }}
13 {{ upvoteCount | shortNum }}

New Website Advice- I Was Hacked

by kk075
10 replies
  • WEB DESIGN
    • |
Hey everyone, I have a quick question-

I was looking in Google webmaster tools today and it showed that my site had about 400 extra pages than normal. These were spam pages like /buy-cialis-online or /buy-viagra-canada so I was definitely hacked at some point, but the pages themselves don't appear to be on my Wordpress website....but they are still indexed by Google and showing mobile errors in a different section.

My site is Wordpress and the host is FatCow, and for the life of me I can't find these pages. If I type them directly in the search directory, it says the pages don't exist either. Now, I did delete all user accounts except for my own on Wordpress and I did change my password, so I think I'm safe for now.

What are the long term repercussions though? The spam pages did drop my overall rank on Alexa (which really doesn't matter) but most of my main keywords are still ranking well. So do I need to do anything else at this point? Could I be missing the content somehow? Any advice would be genuinely appreciated.
#advice #hacked #website
  • Profile picture of the author RobinInTexas
    Try the Webmaster tools and fetch as Google to make sure google isn't getting the bad pages
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[9955352].message }}
    • Profile picture of the author kk075
      Originally Posted by RobinInTexas View Post

      Try the Webmaster tools and fetch as Google to make sure google isn't getting the bad pages
      When I fetch as Google it finds the pages, but when I type the addresses in a search engine directly it doesn't find anything. And the pages don't appear to be on my site either, unless they can somehow be hidden to where I can't find them.

      Now, I also noticed my crawl stats spiked way up in late December for about a week, dropped to normal and then spiked back up again about 3 weeks ago...but Google has only crawled 10-25 pages since then. So could the content have been placed on my site and deleted by the same hacker twice? I don't understand the logic behind that.

      Additionally, I'm seeing about 60 total spam backlinks (47 from one site) that points to these phantom pages plus about 150 internal links that interlink to each other. Could someone have created a sub-domain on my site that I don't have access to? I just don't understand the backend stuff enough to know what to do. All my experience is on-page; I'm definitely not a site builder and I know nothing about black hat stuff.
      Signature

      Learn to sell like a pro through Web Synergy's marketing blog.

      {{ DiscussionBoard.errors[9955433].message }}
  • Profile picture of the author RobinInTexas
    Try running this plugin on your site https://wordpress.org/plugins/gotmls/
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[9955796].message }}
    • Profile picture of the author kk075
      Originally Posted by RobinInTexas View Post

      Try running this plugin on your site https://wordpress.org/plugins/gotmls/
      At the 2% mark it's already found 7 known threats, so thanks for the recommendation. It running slowly but hopefully it digs out all the bad stuff. I never would have even thought of that....so ty ty ty.

      One question though- how did it get there in the first place? The file extensions are under my user name and I had a 14 letter/number random password...and I've never shared it with anyone. The original site designer also had access through his login (up until yesterday), but everything points to them hacking thru my account. Is this a common issue for websites these days?
      Signature

      Learn to sell like a pro through Web Synergy's marketing blog.

      {{ DiscussionBoard.errors[9955878].message }}
  • Profile picture of the author davidpham
    You can try https://wordpress.org/plugins/sucuri-scanner/ to scan your site. Or https://www.rfxn.com/projects/linux-malware-detect/ to scan your server
    Signature
    Best Magento Hosting 2015 | Speed Up Wordpress in 10 easy Steps | Best Magento Hosting | Top 3 Best Magento Hosting | Speed Up Magento | Magento Hosting
    {{ DiscussionBoard.errors[9955833].message }}
  • Profile picture of the author RobinInTexas
    Usually they get access through a vulnerable plugin. Gotmls will do a good job of finding malware. Once you have cleaned up the site, install https://wordpress.org/plugins/wordfence/ plugin to monitor and protect your site, the first one can be deactivated.

    Often on a shared server hackers can get access through other sites or your server login.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[9956562].message }}
    • Profile picture of the author kk075
      Originally Posted by RobinInTexas View Post

      Usually they get access through a vulnerable plugin. Gotmls will do a good job of finding malware. Once you have cleaned up the site, install https://wordpress.org/plugins/wordfence/ plugin to monitor and protect your site, the first one can be deactivated.

      Often on a shared server hackers can get access through other sites or your server login.
      Thanks again Robin. I looked at wordfence today but wasn't sure if it would have a conflict, so that helped a lot. I'll download/install it now and hopefully I'll be in the clear. Between disvowing the spam backlinks, fixing broken options/pages and the other misc issues, that hack easily cost me 5-6 hours. I'm definitely not going through that again if I don't have to.

      One more question though- Google still shows that I have over 400 pages indexed, and 45 of them are from me. And I have no way to find out what around 300 of them even were since there's no longer a trace- that's the part that confuses me. The bot program must have made around 350 pages and then deleted 300 of them a few weeks later by itself...all without leaving a trace that I can see from my end.

      So of the 350 pages, I'm guessing I can't do anything about the mysterious 300. Should I manually tell Google to de-list the remaining 40-50 that I can see the former address for though? Or will they drop off Google's radar by themselves eventually? I just don't want to take a penalty down the road for something I didn't have anything to do with.

      Thanks again though...you and everyone who's given advice. While I'm great at most forms of online marketing and anything involving writing, I'm a total noob when it comes to the back-end stuff and HTML. So this really took me by surprise and it was a definite learning experience.

      I owe you one Robin....just give me a yell if you need help with anything content/marketing related.
      Signature

      Learn to sell like a pro through Web Synergy's marketing blog.

      {{ DiscussionBoard.errors[9957359].message }}
      • Profile picture of the author rhinocl
        If you have an off site backup, I would suggest sending it to a different hosting company from the one you are using now. Send it to a new hosting company and have them install it. Next change the users and passwords for your control panel, all ftp accounts, all email accounts, and all wordpress blogs and all databaseses (remember to change the database in wp-config to the new name). Read about 5 wordpress security tutorials. Then harden the site. Only then should you switch your domain nameservers over. Now go to Google webmaster tools and start disavowing all the spam links.

        What I'm attempting to do is circumvent you having to hire an expensive security expert in case you are not making several hundred in profit every day.
        Signature
        cheap search engine optimization
        {{ DiscussionBoard.errors[9957624].message }}
        • Profile picture of the author kk075
          Originally Posted by rhinocl View Post

          If you have an off site backup, I would suggest sending it to a different hosting company from the one you are using now. Send it to a new hosting company and have them install it. Next change the users and passwords for your control panel, all ftp accounts, all email accounts, and all wordpress blogs and all databaseses (remember to change the database in wp-config to the new name). Read about 5 wordpress security tutorials. Then harden the site. Only then should you switch your domain nameservers over. Now go to Google webmaster tools and start disavowing all the spam links.

          What I'm attempting to do is circumvent you having to hire an expensive security expert in case you are not making several hundred in profit every day.
          Thanks. Robin walked me through most of it and all accounts are changed. I've disavowed as well, removed the malware and installed security as well. So I think I'm on the right track anyway.

          The crappy part is that i built this site about six months ago to generate local leads for SEO, copywriting and online marketing, but then I got so busy that I'm just selling the leads to other locals. So I'm definitely not making anywhere near $100 a day from it....sometimes I won't even hit $100 a week. It ranks well for the little amount of work I put into it though and that's all I really wanted to preserve.
          Signature

          Learn to sell like a pro through Web Synergy's marketing blog.

          {{ DiscussionBoard.errors[9957670].message }}

Trending Topics