How I Won the Fight Against Blackhat-SEO Hackers!

July 18, 2011

in Search Engine Optimisation

Post image for How I Won the Fight Against Blackhat-SEO Hackers!

Hey guys!

One of my sites got hacked last week and here’s a quick case study on how I found it and how I fixed the mess it left! I give this to you to prep you for the future! Hopefully it never happens, but if it does quick action will save your/your clients results!

How I found it:

  • Got a Google alert for a page I hadn’t created so jumped straight to that to suss out
    • Very handy service. If you haven’t signed up for it yet, do it now! Here: Google Alerts
  • Found all the malicious blackhat rubbish all over said pages
  • Then found a directory I hadn’t created nor had any memory of ever existing, did a Google “site:” search and found there were ~300 pages of keyword stuffing, image stuffing and links going to other sites. Porn, casinos, games, football – the usual stuff.

How I fixed it:

  • Immediately changed all my passwords. Both for the CMS system, emails and FTP etc.
  • Setup a rule in .htaccess that sends a “410 Gone” status code for any page in said directory to this error page that I created telling both search engines and users that these pages have been removed or are “Gone”
  • Setup my robots.txt to deny said directory from all search engines
  • Submitted a removal request to Google (to remove entire said directory) in webmaster tools after reading their removal requirements.
    • Site Configuration > Crawler Access > Remove URL > New Removal Request
  • Within 24hrs all the malicious pages were unindexed and my site was practically unaffected both in rankings and traffic

It took me about 30minutes to do everything (including setting up the custom error page) but now I know what I’m doing, could easily do it in 5. Take that hacker(s)!

I still have this problem; more than ten THOUSAND crawl errors 🙁
This is what happens when your site gets hacked

Not so much of a problem once Google realises 100% what has happened and the methods I’ve used to fix it. As mentioned earlier, this hasn’t effected any of the rankings or traffic of the website and as I followed Google’s recommended procedure/removal requirements, I’m confident this number will reduce down to nothing once the site gets completely crawled again. Glad I found it at 300 pages instead of 10 thousand!

As always, let me know if you have any questions and I encourage you to share any similar stories or thoughts in the comments below!

Previous post:

Next post: