Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Subscribe to HRA Now!

 



Are you a Google Analytics enthusiast?

Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE! 

 



 

 www.CustomReportSharing.com 

From the folks who brought you High Rankings!



Photo
- - - - -

Ranking Dropped After Hackers Visited My Server


  • Please log in to reply
9 replies to this topic

#1 paintyourlife

paintyourlife

    HR 2

  • Members
  • PipPip
  • 25 posts

Posted 23 December 2009 - 04:56 AM

Hi everyone,

I recently had some hackers who managed to break into my server, and added some code to my existing pages.

I've also lost most of the Google ranking I had for 4 of my websites:
{actual urls removed]

*The rankings in Bing and Yahoo are still good.

I suspect that maybe I didn't undo all the stuff that those hackers did with my files.

Is there any way to scan my pages for things that Google may not like? (like text in the color of the background)

I need some tool that does on-site check of all pages and outputs all the bad things it has found.

Thanks for any help,

Assaf

#2 1dmf

1dmf

    Keep Asking, Keep Questioning, Keep Learning

  • Active Members
  • PipPipPipPipPipPipPip
  • 2,167 posts
  • Location:Worthing - England

Posted 23 December 2009 - 06:21 AM

do you not have the source files or backups of your files, which you can simply FTP to the server again, that way ensuring you have clean versions of the files?

#3 Randy

Randy

    Convert Me!

  • Moderator
  • 17,540 posts

Posted 23 December 2009 - 09:00 AM

There are too many things that they could have done to attempt to detect all of them with a tool, unfortunately.

A couple of things you can do to speed up the process if you don't have clean backups you can simply upload.

1. Review the Text Cache of your pages Google has saved. You can do this by finding the pages of your site(s) that Google have indexed, perhaps by using a site: type of search, then clicking on the Cached link below each listing. In the cache page select the Text only link. Look for any content or outgoing links that shouldn't be there.

2. Run something like Xenu Linksleuth against your site, having it look for off-site links. The idea here being that most hackers aren't really trying to destroy your site so much as they're trying to get free links to their sites. So if you can find the code snippets that are being used to add their links you can then search your files for those specific strings of text being used to aid in the cleanup efforts.

#4 paintyourlife

paintyourlife

    HR 2

  • Members
  • PipPip
  • 25 posts

Posted 24 December 2009 - 03:43 AM

Hi guys,

Thanks for your tips.

I believe the major problem is that although those files on my server were cleaned about 2 months ago, Google still doesn't fully recognize that.

I have attached 2 screen shots of my Google webmaster tools to better explain.

In the past, folders with the names '1', '2' etc were put by those hackers inside this domain folder, with a lot of internal linking and external linking (see attachments).

Although those folders and those links don't exist anymore, Google still shows them on the webmaster tools, and writes at the bottom: "Updated December 22".

How can I make Google realize that those folders, files and links have been deleted long ago?

Thanks,

Assaf

#5 1dmf

1dmf

    Keep Asking, Keep Questioning, Keep Learning

  • Active Members
  • PipPipPipPipPipPipPip
  • 2,167 posts
  • Location:Worthing - England

Posted 24 December 2009 - 04:37 AM

You cannot make Google do much at the end of the day.

I tend to resubmit my sitemap when ever I make changes to my site and G! usually comes along within a week or two and re-assess the site.

#6 Randy

Randy

    Convert Me!

  • Moderator
  • 17,540 posts

Posted 24 December 2009 - 09:24 AM

Have you filed a reinclusion request for the domain(s) in question? Make sure you let them know it was a hack by someone else, and the details of both the hack and clean up efforts.

#7 paintyourlife

paintyourlife

    HR 2

  • Members
  • PipPip
  • 25 posts

Posted 25 December 2009 - 02:48 AM

QUOTE(Randy @ Dec 24 2009, 04:24 PM) View Post
Have you filed a reinclusion request for the domain(s) in question? Make sure you let them know it was a hack by someone else, and the details of both the hack and clean up efforts.


Excuse my ignorance but how do I file a reinclusion request?

Also, does anyone know about an affordable tool that scans your websites for vulnerabilities?
(like HackerSafe.com)

Thanks, Assaf

#8 Randy

Randy

    Convert Me!

  • Moderator
  • 17,540 posts

Posted 25 December 2009 - 11:55 AM

Lots of information on the subject on this help page, including a link at the bottom to file a reinclusion request. That link will take you directly to the reinclusion request page after you log in.

As far as tools to scan or watch for vulnerabilities, there are so many ways hackers can get in (ranging from SSH because of a server vulnerability to simple FTP because someone's PC isn't secure to scripted file uploads) and so many things they can do when they get there (add files, remove files, change files, change database entries, link to some site that induces a virus download, etc, etc) that there's really no single tool that's going to find them all. And most tools that have a chance are going to need to actually sit on the server.

If you want me to go into some things you can do I'd be happy to. But it's a pretty large subject and there may not be a lot you can do without having root access at the server level.

#9 paintyourlife

paintyourlife

    HR 2

  • Members
  • PipPip
  • 25 posts

Posted 27 December 2009 - 10:56 AM

Hi Randy,

Thanks for the explanation. I have submitted those 4 domains for re-inclusion. I hope it will do the job.

I will try to solve those security issues now...

Happy new year,

Assaf

#10 smed

smed

    HR 1

  • Members
  • Pip
  • 7 posts

Posted 14 January 2010 - 10:57 AM

Hi Assaf,

I had the same thing happen to me recently. One of my sites caught a variant of the Gumblar virus. It adds some obfuscated code to the end of index files, asp, and js files. Royal PITA for sure!

As was mentioned - best thing to do is upload a backup. AND CHANGE YOUR FTP PASSWORD immediately. Otherwise the hackers will likely be back.

I found a couple sites that scan for bad code. One is a forum where people seem to be very in the know on malware and viruses www.badwarebusters.org

The other runs a scan www.unmaskparasites.com

As was mentioned, you should go into your google webmaster tools, under "labs" and see what the status is with google on the "malware" link and request reconsideration if the site is clean. several folks on the badwarebusters site have been through that process from what i saw. fortunately, i caught the malicious code before google had respidered my site...

good luck!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

We are now a read-only forum.
 
No new posts or registrations allowed.