1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked domain, can it be saved by hosting it elsewhere?

Discussion in 'Black Hat SEO' started by YouMadBro, Sep 25, 2013.

  1. YouMadBro

    YouMadBro Registered Member

    Joined:
    Aug 26, 2013
    Messages:
    68
    Likes Received:
    35
    Hey guys,

    I was talking last night with a friend of my cousin and she told me she used to have a website that got hacked with spam. She is your usual Wordpress user with no sense of securing a site whatsoever. I asked her for her domain to see what happened.

    The site is no longer hosted, she cancelled her Godaddy hosting and moved on. The site is still indexed by Google though, and shows many indexed pages with the snippet of "Find Cash Advanced" bla bla bla spam. She told me she didn't notice the hack until someone told her how the site was appearing in Google, she freaked out and left the site and removed the hosting. She didn't track traffic nor did she have WMT to see if she got a penalty of some sorts. This happened about 4 months ago.

    I had a look at the backlink profile and voila, there's some 10,000 links pointed at her domain (in 1 year). What was very interesting is that the sites pointing at her are "pop and mom" sites that were also hacked, which leads me to think her site was part of a spamming network used in the payday loan industry. Some of the sites pointing to her domain have been fixed whereas other sites still have the spam but remain active sites (owners don't know their sites are hacked). In fact, at a first glance, her profile backlink looks pristine, but then when I search for the linking sites the cash advance spam appears in their Google snippets too.

    My question is, could a domain like hers be saved? As said, she doesn't host the domain no longer so perhaps it would be a matter of grabbing some new webhost and hosting the site there? Do you think by re-activating the domain under a new host this would lead to the spamming bot returning to the site and trying to hack it again?

    My idea is to find her a secure hosting, secure the WP site and give her a few security pointers.

    Thanks for any answers.
     
  2. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    You need to clean the infection. You can put it on the same host as before, it's unlikely the host is the issue. She probably used a vulnerable version of wordpress or had a weak password, or used an infected plugin or theme.

    Have her add GWMT and see if it pops up with penalty issue, if it does submit a re-consideration request and let Google know your site was hacked and used as part of a pay day loans link spam network against your will. Kindly ask them to look into your link profile and de-value any payday related link, let them know because they are all hacked links you have no way to remove these links nor did you place them.
     
    • Thanks Thanks x 1
    Last edited: Sep 25, 2013
  3. YouMadBro

    YouMadBro Registered Member

    Joined:
    Aug 26, 2013
    Messages:
    68
    Likes Received:
    35
    Thanks man. Since it is just the domain, basically I was thinking of having her on another host like Hostgator since she is just a typical blogger. I have a copy of her exported XML WP file, so basically all the actual written content is available. I assume the hack was any of the following:


    • The hosting server was hacked. She used Godaddy and apparently lots of sites were hacked from that server, but I cannot confirm although Godaddy is notorious for getting hacked
    • Her theme was hacked, but she used a pretty standard theme, so unlikely it was the theme
    • A hacked plugin. That could be, but she told me she only installed some silly plugins like the goat thing that says hello in WP
    • Her WP was bruteforced with the bot that is going around bruteforcing sites. Very likely scenario but cannot confirm

    In any case I have the domain and her written content. So basically host her site in a secure hosting environment and submit to WMT. If I submitted to WMT, do you think a manual penalty would crop up? I thought the manual penalties were for paid links and not having a hacked site.

    The site is still indexed in Google, most indexed pages have the Cash Advanced snippet although other pages are clean.