1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked! - Pharmaceutical crap showing up in serps

Discussion in 'BlackHat Lounge' started by ladyboyboom69, Jun 15, 2017.

  1. ladyboyboom69

    ladyboyboom69 Regular Member

    Joined:
    Feb 15, 2016
    Messages:
    309
    Likes Received:
    104
    Occupation:
    Tony Stark
    Location:
    Your closet
    Hey fellow BHW members,
    a client that I have not worked with in a while contacted me to help him with some items.
    His site was hacked and all his serps are showing pharmaceutical and viagra/cialis crap.
    I have a few questions for anyone with knowledge on this subject:

    1. What is the first step to cleaning this site ( site is php non wp )
    2. Should I resubmit to google search console?
    3. Recrawl site?

    thank you for your input I really appreciate it!
     
  2. faithjhung

    faithjhung Jr. VIP Jr. VIP

    Joined:
    Jun 5, 2009
    Messages:
    1,820
    Likes Received:
    1,067
    Location:
    New York
    Disavow those links. It would take a few months to recover.
     
    • Thanks Thanks x 1
  3. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,415
    Likes Received:
    8,116
    Find out what went wrong first - look through the php files and find out where the security flaw was, or pay someone to audit the site.

    If it's built on a framework or cms update it, if it's home made then consider moving to WP.

    Change all your passwords (ftp, etc).

    Delete all those spam pages.

    Inform google via wmt that those pages are crap.

    Monitor closely.
     
    • Thanks Thanks x 1
  4. Neon

    Neon BANNED BANNED Jr. VIP

    Joined:
    Nov 3, 2013
    Messages:
    3,107
    Likes Received:
    7,706
    Gender:
    Male
    Do this, but also buy a wheelchair for your website. It needs time to fully recover.
     
    • Thanks Thanks x 1
  5. ladyboyboom69

    ladyboyboom69 Regular Member

    Joined:
    Feb 15, 2016
    Messages:
    309
    Likes Received:
    104
    Occupation:
    Tony Stark
    Location:
    Your closet
    Thank you davids355 my programmer is looking into it I just gave them the FTP and cpanel information. I find it a bit odd that it happened like this. Could this also be a negative SEO attack by my clients competitors? is there any way to tell or look for footprints?
     
  6. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,415
    Likes Received:
    8,116
    I guess its possible, but who cares - if your site is fully patched etc then its not something you'd have to worry about either way.
     
  7. ladyboyboom69

    ladyboyboom69 Regular Member

    Joined:
    Feb 15, 2016
    Messages:
    309
    Likes Received:
    104
    Occupation:
    Tony Stark
    Location:
    Your closet
    thats what I was afraid of lol
     
  8. Besianns

    Besianns Junior Member

    Joined:
    Sep 9, 2013
    Messages:
    101
    Likes Received:
    25
    I had the same problem with Wordpress. The malicious code was inserted via sql injection from the akismet plugin. I had to delete the plugin, and remove some malicious code from the database. Then I made a backup of the database and deleted all files on the hosting. After that I made a clean wordpress install and restored the database. It took about 1 month or more to recover on the serp.
     
    • Thanks Thanks x 1