How I Won the Fight Against Blackhat-SEO Hackers!

July 18, 2011

in Search Engine Optimisation

Post image for How I Won the Fight Against Blackhat-SEO Hackers!

Hey guys!

One of my sites got hacked last week and here’s a quick case study on how I found it and how I fixed the mess it left! I give this to you to prep you for the future! Hopefully it never happens, but if it does quick action will save your/your clients results!

How I found it:

  • Got a Google alert for a page I hadn’t created so jumped straight to that to suss out
    • Very handy service. If you haven’t signed up for it yet, do it now! Here: Google Alerts
  • Found all the malicious blackhat rubbish all over said pages
  • Then found a directory I hadn’t created nor had any memory of ever existing, did a Google “site:” search and found there were ~300 pages of keyword stuffing, image stuffing and links going to other sites. Porn, casinos, games, football – the usual stuff.

How I fixed it:

  • Immediately changed all my passwords. Both for the CMS system, emails and FTP etc.
  • Setup a rule in .htaccess that sends a “410 Gone” status code for any page in said directory to this error page that I created telling both search engines and users that these pages have been removed or are “Gone”
  • Setup my robots.txt to deny said directory from all search engines
  • Submitted a removal request to Google (to remove entire said directory) in webmaster tools after reading their removal requirements.
    • Site Configuration > Crawler Access > Remove URL > New Removal Request
  • Within 24hrs all the malicious pages were unindexed and my site was practically unaffected both in rankings and traffic

It took me about 30minutes to do everything (including setting up the custom error page) but now I know what I’m doing, could easily do it in 5. Take that hacker(s)!

I still have this problem; more than ten THOUSAND crawl errors 🙁
This is what happens when your site gets hacked

Not so much of a problem once Google realises 100% what has happened and the methods I’ve used to fix it. As mentioned earlier, this hasn’t effected any of the rankings or traffic of the website and as I followed Google’s recommended procedure/removal requirements, I’m confident this number will reduce down to nothing once the site gets completely crawled again. Glad I found it at 300 pages instead of 10 thousand!

As always, let me know if you have any questions and I encourage you to share any similar stories or thoughts in the comments below!

{ 6 comments… read them below or add one }

Matthew Galway July 18, 2011 at 3:32 pm

Great info. I love the step by step approach to you use to solve the problem. Let us know if anything changes in your crawl errors.

Reply

Stefan Chan July 18, 2011 at 4:07 pm

Very nice insight, any idea how the hackers actually targeted your website? I should definitely set-up alerts for mine too and any other future projects.

Reply

Matthew July 18, 2011 at 4:29 pm

Thanks!
I’ve had similar experiences (spam/hacking) with other websites where as soon as they start to get some traffic or PageRank, they become targets for hackers. The reason for this is that they obviously want their links to be picked up and indexed to help improve the rankings of the sites the script links to. As far as how it was done; I’m not sure whether it was done automatically, manually, comment injection etc but have taken it as a “wake-up-call” to increase security on all of my sites.

Yes – Google Alerts is great when used correctly!

Hope that helps!

Reply

Huntz July 18, 2011 at 5:17 pm

Was it a once off SQL injection?
What platform was your website running off?

Reply

Matthew July 18, 2011 at 7:48 pm

Not an SQL injection as it didn’t effect the database at all. Was on a Wordpress site.

Reply

Jesse C July 18, 2011 at 9:10 pm

You were working more on mac instead of on pc so I guess it wasn’t the problem of virus or stuff like that. Have you upgraded to the newest version of Wordpress? It might be just some bugs in the CMS.

Reply

Leave a Comment

Previous post:

Next post: