Tuesday, March 12, 2013 at 10:00 AM
Webmaster Level: AllWe certainly hope you never have to use our new Help for hacked sites informational series. It's a dozen articles and over an hour of videos dedicated to helping webmasters in the unfortunate event that their site is compromised.
Overview: How and why sites are hacked
If you have further interest in why cybercriminals hack sites for spammy purposes, see Tiffany Oberoi’s explanation in Step 5: Assess the damage (hacked with spam).
Tiffany Oberoi, a Webspam engineer, shares more information about sites hacked with spam
And if you’re curious about malware, Lucas Ballard from our Safe Browsing team, explains more about the topic in Step 5: Assess the damage (hacked with malware).
Lucas Ballard, a Safe Browsing engineer, and I pretend to have a totally natural conversation about malware
While we attempt to outline the necessary steps in recovery, each task remains fairly difficult for site owners unless they have advanced knowledge of system administrator commands and experience with source code. For helping fellow webmasters through the difficult recovery time, we'd like to thank the steady members in Webmaster Forum. Specifically, in the subforum Malware and hacked sites, we'd be remiss not to mention the amazing contributions of Redleg and Denis Sinegubko.
How to avoid ever needing Help for hacked sites
Just as you focus on making a site that's good for users and search-engine friendly, keeping your site secure -- for you and your visitors -- is also paramount. When site owners fail to keep their site secure, hackers may exploit the vulnerability. If a hacker exploits a vulnerability, then you might need Help for hacked sites. So, to potentially avoid this scenario:
- Be vigilant about keeping software updated
- Understand the security practices of all applications, plugins, third-party software, etc., before you install them on your server. A security vulnerability in one software application can affect the safety of your entire site
- Remove unnecessary or unused software
- Enforce creation of strong passwords
- Keep all devices used to log in to your servers secure (updated operating system and browser)
- Make regular, automated backups of your site
11 comments:
From my experience the worse things are out-of-date Wordpress plugins which use file uploading scripts, and Trojans on PCs which simply steal FTP passwords. Cleaned a couple of sites up, one was a server roll back and the other I managed a manual clean (on a Drupal install). That was called Gumblar at the time. Certainly a headache!
It's not only out-of-date stuff, sometimes it's important to question the value of adding more third party code period.
Most people don't give a moments thought to security implications when installing plugins but reducing the number of third party plugins you use can drastically reduce your risk.
Webmasters should always use only the plugins they need or have determined that the reward outweighs the risk.
I've found a massive spam abuse situation taking pace our here by a company out here in California.. How do I report it?
http://productforums.google.com/forum/#!category-topic/webmasters/crawling-indexing--ranking/goPsvRZfxkM
Its truly great that such an initiative is being taken up by Google. But lately one of our client wordpress blog hosted on the subfolder was hacked by a link spam injection and a number of malicious links were added to the site and as a result the site was manually removed from the Google index.
We tried to do our very best to make the blog free from all the links and after communicating with Google via WMT our site was again added back to the index.
As a result the blog in the subfolder started doing well but somehow the main domain did not recover from its original search engine presence.
Eventually we moved the blog from wordpress to Blogger and are hoping the site and the blog to perform better.
The link spam injection attack is the most dangerous thing that can happen to your site. Especially after the Penguin update.
Hope Google does something about it too.
We have been spammed with thousands of medical keywords.. How would this effect our website?
and how can we report these sites?
Hello Google Search Quality Team
Please help these webmasters and their sites
Here are some examples:
SPAM example #1
SPAM example #2
If you need more information I will be happy to help.
Thank you!
Yours sincerely Ivan
In my experience, the majority of WordPress sites don't get regularly backed up or updated because there is significant pain related to doing so. This leaves them incredibly vulnerable.
Our WordPress backup, update, and monitoring service is designed to solve this problem. We automatically back up daily, weekly, and monthly, and update your site as soon as updates are released. Please contact me if you want us to set this up on your WordPress site.
So one tool that I can recommend for detection of hacked sites is a program by AVG called AVGthreatlabs. They have a little known site owner program that allows you to sign up for free alerts should a threat or a hack be detected on one of your URLs. www.avgthreatlabs.com/site-owner
nic tool, nic way for resolve these problems!
@victor willemse as you asked how would your spammed site will be affected as when google will scan your site it'll find spams and it'll find out that your site might be under attack and can remove from there search result page (or atleast mark it as unsafe) and not to get banned from results you should take proper steps to get read of spams and make your site more secure. :)
Post a Comment