1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Site Was Doing Well...Until a Hacker Planted Something...

Discussion in 'White Hat SEO' started by honeyandthemoon, Dec 16, 2010.

  1. honeyandthemoon

    honeyandthemoon Regular Member

    Joined:
    Dec 2, 2009
    Messages:
    280
    Likes Received:
    530
    Occupation:
    Designer!
    Location:
    Manchester, UK
    Hi guys

    One of the sites that my company runs and that I look after and optimize was recently (over the weekend) implanted with some kind of script that generates pages to do with search results and when someone clicks on the generated link it was shown coming from a referrer from a very dodgy Russian site. It's now been removed but the site, which was in the top 10 for our targeted keywords, has dropped like a stone. I use Ranktracker to track the keywords and they were now all showing at not in the top 100, and I assume this is because Google saw the traffic coming from a completely different angle / saw the traffic as spammy and knocked us down. This is very frustrating as the site was doing very well.

    The site doesn't appear to have been deindexed by Google as upon doing the 'site:' search, it is still there and all the pages are. So my question is, as I'd ideally like the site to get back up there as soon as possible, should I resubmit the site to Google? Should I go into the webmaster tools and ask for reconsideration?

    I'd really like some advice on this as I haven't experienced this before and although the site hasn't been deindexed, is it a good idea to resubmit it?

    Any advice would be appreciated.

    Thanks guys :)
     
  2. dannyhw

    dannyhw Senior Member

    Joined:
    Jul 16, 2008
    Messages:
    980
    Likes Received:
    462
    Occupation:
    Software Engineer
    Location:
    New York City Burbs
    Were all those pages that were generated getting indexed? If so that will destroy your internal PR flow and you could definitely drop out of the listings but once they're gone it should even out.
     
    • Thanks Thanks x 1
  3. honeyandthemoon

    honeyandthemoon Regular Member

    Joined:
    Dec 2, 2009
    Messages:
    280
    Likes Received:
    530
    Occupation:
    Designer!
    Location:
    Manchester, UK
    Hi

    Yes, the pages were being indexed. They are now gone as of yesterday morning and Google appears to have spidered around 8 hours ago (apparently), plus I resubmitted the sitemap last night after removing the script.

    So you think if I just leave it then it will even itself out?

    Thanks :)
     
  4. mccullum

    mccullum Power Member

    Joined:
    Aug 21, 2009
    Messages:
    509
    Likes Received:
    92
    wait and see if improvements come up during the weekend.Or at least by early next week.
     
    • Thanks Thanks x 1
  5. honeyandthemoon

    honeyandthemoon Regular Member

    Joined:
    Dec 2, 2009
    Messages:
    280
    Likes Received:
    530
    Occupation:
    Designer!
    Location:
    Manchester, UK
    Thanks mccullum for the advice. I'll post back with my findings.

    Should I perhaps social bookmark the pages? I haven't before for them and it might help.

    Thanks :)
     
  6. dannyhw

    dannyhw Senior Member

    Joined:
    Jul 16, 2008
    Messages:
    980
    Likes Received:
    462
    Occupation:
    Software Engineer
    Location:
    New York City Burbs
    I really wouldn't worry too much. It's annoying and it'll take time to even out, but it's pretty much what should have been expected. Did you definitely take care of the security hole? This is usually the result of a bot that finds vulnerable sites and installs scripts automatically so you could get hit again if you don't know how they got in.
     
    • Thanks Thanks x 1
  7. honeyandthemoon

    honeyandthemoon Regular Member

    Joined:
    Dec 2, 2009
    Messages:
    280
    Likes Received:
    530
    Occupation:
    Designer!
    Location:
    Manchester, UK
    I'm pretty sure I know. I've read about a virus that gets onto your computer via PDF's or flash banners which then looks at your FTP details. The whole description sounded exactly like this, so this must be the problem, plus shortly before it all happened, I had to completely reset my computer because something was messing the system up.

    The password's been changed to something much more secure also, just to be sure. I'm not sure what else I can do really.

    Thanks :)
     
  8. dannyhw

    dannyhw Senior Member

    Joined:
    Jul 16, 2008
    Messages:
    980
    Likes Received:
    462
    Occupation:
    Software Engineer
    Location:
    New York City Burbs
    Yeah there have been people who got it through a virus, it's usually something on the server though. Is it just a static HTML site or are you running scripts? It's really just all about keeping everything updated.

    It's happened to me and actually been a hole that wasn't patched on the host, nothing to do with me.