1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Social Engineering and Google Too Bad for Whitehatters

Discussion in 'White Hat SEO' started by markantos, Jun 5, 2016.

  1. markantos

    markantos Junior Member

    Joined:
    Sep 4, 2015
    Messages:
    135
    Likes Received:
    25
    This week I got an email from Google with the following header

    Social engineering content detected on

    After more than 10 years in SEO I have never received any webmaster notification...But I did..

    You know how your heart starts beating when you receive those silly messages from Google especially for someone who's never received one.

    You start doubting yourself and your team...Have I done poor link building is any of my competitors fighting for this space?

    mmhhhh

    So I searched for this issue. Because I have never heard of it before.

    My site was going to be blacklisted because I was doing some social engineering.

    So I followed the instructions I got from a previous thread and checked for hacking attempts. There were none. All the malware tools were saying the site was clean.

    ohhh boy.

    So I requested a review with the results attached.. It was rejected immediately and now the site was all RED when you came to visit.

    So I looked at the pages again at the console and lo and behold, the file name was not on my site. It was on my server alright, but not on my domain.

    My site was being blacklisted simply because it was hosted with a company which shall remain nameless that has refused to enable mod_userdir protection.

    Simple issue to be solved with one click. Now I'm losing a pretty new site that had started ranking because of a hosting company.

    Of course I moved the site.

    But you've been warned. Google is not looking at our emails as the weird ones on BHW tell us. They are actually banning you because of this so called social engineering. It's hurting whitehatters more than blackhatters.

    That is the end of my story.
     
  2. Mobrich24

    Mobrich24 Junior Member

    Joined:
    Jun 3, 2016
    Messages:
    134
    Likes Received:
    24
    Occupation:
    Capo
    Location:
    Poker Room
    lesson learned. Use quality hosting for your money site sunny
     
  3. markantos

    markantos Junior Member

    Joined:
    Sep 4, 2015
    Messages:
    135
    Likes Received:
    25
    As you read, I did not mention the name of the "quality hosting"...You have no idea who they are.
     
  4. Mobrich24

    Mobrich24 Junior Member

    Joined:
    Jun 3, 2016
    Messages:
    134
    Likes Received:
    24
    Occupation:
    Capo
    Location:
    Poker Room
    Why wouldn't you name them? If they screwed up its for the world to know so nobody is affected
     
  5. markantos

    markantos Junior Member

    Joined:
    Sep 4, 2015
    Messages:
    135
    Likes Received:
    25
    It's actually hostgator....lol. I know..

    Mods you can remove that post but I was asked a direct question and I answered honestly and have the papers to back it up.

    Lesson learned.
     
  6. Mobrich24

    Mobrich24 Junior Member

    Joined:
    Jun 3, 2016
    Messages:
    134
    Likes Received:
    24
    Occupation:
    Capo
    Location:
    Poker Room
    I just signed up with host gator. Do they do that on all websites or was it a one time mistake?
     
  7. TayaX

    TayaX Jr. VIP Jr. VIP

    Joined:
    Dec 13, 2010
    Messages:
    3,457
    Likes Received:
    1,931
    Occupation:
    Skype : TayaxBHW
    Location:
    France
    Home Page:
    I'm not sure how mod_userdir is related to social engineering? or did I miss a point ?
     
  8. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    6,589
    Likes Received:
    11,729
    Gender:
    Male
    Occupation:
    Private Investigator
    Location:
    Riverside, California
    Home Page:
    All right, I just spent the last 2 hours live chatting with HostGator about this issue for one of my client's sites on HG. That site received the same social engineering content warning as yours did, and it was due to a URL on the site (/~webadmin/moncompte/index/facturefree/home/mobile/impaye/a6e510472e9f0277c1debdf19a852b56/) that redirected to a suspended account page (this page only appeared through that URL). However they implied that URL previously redirected to a malicious site due to someone using the domain that way (the old web designer has not relinquished the domain name; I only have enough access to change the DNS)

    This is basically what they told me.

    I sent in an appeal to Google, so we'll see if they reverse it. If for some reason they don't, I'll either move the client's site to a different host or investigate the issue further myself.
     
    Last edited: Jun 10, 2016
  9. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    6,589
    Likes Received:
    11,729
    Gender:
    Male
    Occupation:
    Private Investigator
    Location:
    Riverside, California
    Home Page:
    Okay OP, I managed to resolve the issue. This is all you and anyone else who has this problems needs to do:
    • View the reason (usually in the form of a URL) that Google claimed your website had social engineering content on it.
    • VIsit the URL(s) and take note of whether or not the page exists or if it's 302 redirected to a page ending in suspendedpage.cgi (this means that HostGator resolved the issue for you already).
    • Contact your web host (in our case, HostGator) and have them help you out with the issue so that you can get more information on it. You might have to nudge them for an hour, but eventually you'll have a regular and senior agent provide you information on what exactly happened.
    • Before you send in an appeal to Google, use the Fetch as Google tool (fetch and render) on the URLs Google finds suspicious and ensure that what the Google bot is seeing is the same thing you'e seeing.
    • Once that's done, send in your appeal through Search Console and explain that you the page has already been removed successfully and you've secured your website from future attacks (don't lie and beef up your web security).
    • Wait up to 72 hours for Google to approve/deny your appeal. If the suspicious pages have been removed, they'll approve the the appeal.
    In your case, you mentioned a file being the case of the issue, so you'll need to contact your web host and, if you're nice about, they'll comb through all of your files for you and let you know if they find anything.

    Regarding mod_userdir, I asked the senior agent about this and they said they have "security measures in place to prevent any issues like that". While they didn't mention it specifically, the HostGator help page suggests that they actually do have this enabled. http://support.hostgator.com/articles/specialized-help/technical/apache-htaccess/mod_userdir
     
    • Thanks Thanks x 1
    Last edited: Jun 12, 2016