Site Blacklisted
-
Good morning.
Just done my WMT ritual morning check and one of my sites has been blacklisted for malware.
It's a wordpress site - I've run various scans, e.g. http://sitecheck.sucuri.net/scanner/ and also installed wordfence and scanned with that and wordfence produced some offending files which I have now deleted.
I've also installed website defender in the hope that it wont happen again. I'm pretty good with staying on top of updates and rarely let a few days pass without upgrading new version of wordpress or plugins etc. I've also checked my users to make sure no new admins or anything and also changes passwords.
I've asked for a review from Google and just wondered how long these reviews take?
Also, has anybody got any advice, is there anything else I should be doing?
Thanks
-
That is good to hear, Jo.
Thanks for letting us know. feedback is good.
Be vigilant, because the hackers never stop.
My dedicated server constantly has hackers trying to break in, mostly chinese and russians. Complex passwords and countermeasures keep us safe, but it only takes one weak link somewhere to break it all down.
-
Thanks all for your help, I was de-blacklisted this afternoon - phew.
-
The webserver log is what you need.
You may be able to see that in Cpanel, depending on how it is configured.
The log may also be in the document root, updated daily and compressed.
If you haven't looked at logs before, it can be difficult to determine what is really going on in there.
-
I didn't check the dates
The site is less than a month old though.
When you say logs, I'm not entirely sure what I'm looking for. I use cpanel so have access to various logs, but I have to admit, I haven't spent any time in there and now I'm conscious that this is something I need to educate myself on quick.
Any suggested resources for which logs to use for what?
-
Jo,
before you removed the bad files, did you check the dates?
If you have logs, you could go back to see when those files were first accessed.
Then go backwards looking for activity that doesn't look normal.
That could tell you where the problem is.
-
Thanks, I'm not so sure! I'm a freelancer and I wok on my own so I have nobody to really bounce ideas off, so this community is great for that. Glad to know I'm doing it right
I'm not a bit lover of plugins and I try to keep to a minimum, but I've removed anything unessential - even my beloved Flare sharing buttons, for now anyway.
I'll let you know when Google come back to me
-
I just want to reiterate what Andy said about sitespeed as well, try to have as little plugins as possible.
When you visit a WP site and its super slow, its usually because they have gallery plugins and all sorts running which sucks the life out of the sitespeed.
Anyway, good luck seems as though you know what your doing anyway.
-
Thanks all for your responses, much appreciated.
I installed the timthumb vulnerability scanner and it says no instances were found.
I'm going to go through and ditch the unnecessary plugins...I use woocommerce and they have recent upgrade but its not compatible with my theme so I can't update it, which is a giant pain. I hope its not that.
Thanks for your help.
-
Agree
-
I think you have already done quite a bit.
I suppose just be a little more selective which plugins you install, some have holes in and once the word is out about particular holes in certain plugins these people will come looking for blogs with it installed.
-
Hello Jo.
Do you know exactly how they got in?
If not, here is one possibility:
Check to see if you have a copy of timthumb.php
If you do, and it is an old version, it has a vulnerability you must fix, otherwise it will happen again.
Here is information about that, including a scanner that should find and fix that problem.
<cite>wordpress.org/extend/plugins/timthumb-vulnerability-scanner/</cite>
-
in my experience, and i've a fair bit with WP, the majority of malware comes from plugins which get updated and become infected themselves. Wordfence certainly can help with this problem, but a regular securi scan will too.
My advice is deactivate and uninstall any plugins you don't really need or use - this will make the site faster and more secure.
Once the malware has gone you can do as you have and ask for relisting or wait it out, google will come back and check. Manual reviews will take a few days to come back I believe, though it depends on the nature of the malware - if its believed to be complex it will be manual if its just one file being "naughty" a robot may scan your site to take a look that it's gone and it could be up in 24-48 hours.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Why is this site ranking higher?
We've put a fair bit of effort into delivering value here: https://lewescountycars.co.uk/ But a search for "Lewes taxis" or "taxis Lewes" puts this site above us: https://www.lewestowntaxis.co.uk/ As you can you see, this is a tiny site that we outperform in most ways.... what can we do to rank above it that we haven't already done? Thanks in advance - Gerard.
Technical SEO | | Paul7301 -
Will Links to one Sub-Domain on a Site hurt a different Sub-Domain on the same site by affecting the Quality of the Root Domain?
Hi, I work for a SaaS company which uses two different subdomains on our site. A public for our main site (which we want to rank in SERPs for), and a secure subdomain, which is the portal for our customers to access our services (which we don't want to rank for) . Recently I realized that by using our product, our customers are creating large amounts of low quality links to our secure subdomain and I'm concerned that this might affect our public subdomain by bringing down the overall Authority of our root domain. Is this a legitimate concern? Has anyone ever worked through a similar situation? any help is appreciated!
Technical SEO | | ifbyphone0 -
How Often is Site Crawled
Good morning- I saw some errors in my first crawl and immediately removed the pages from my website. I then re-created my XML sitemap and uploaded to Google. The question I have is will the site be crawled to recognize the changes in the next day or so? The pages were just placed on the site as test pages and never removed. The initial crawl that notified me it was done found the errors and were removed. Thanks for your help. Peter
Technical SEO | | VT_Pete0 -
Redirects in site map
I have a site with the ace/sef ( creates friendly URLS) in a large data base site. It creates a site map dynamically. Yet I realize one issue which I am trying to think through. I recently changed my urls to include an ID number example: homepage/houses/1134-big-blue-house The prior url was: homepage/houses/big-blue-house the original url above redirects to the new one with the ID like I want. However the site map has both URLS in it which go to same page I am not sure but it seems rather stupid to have the new URL and OLD redirected URL in the site map. Yet beside stupid I am wondering if this is duplicate content and will cause a penalty from the google bot. What is your opinion ?
Technical SEO | | aimiyo0 -
What can we do to improve our site
Hi. I am hoping that some of you can help me with the in2town site www.in2town.co.uk The site is a news/lifestyle magazine site. The site is a cross between, huffington post, digital spy, female first and the sun newspaper. Basically the site is a news site as well as covering showbiz news, travel news, health news and advice etc What i would like is for people to look at the site and let me know what they feel i should do to improve the site to make it better for our readers and to gain more readership. I would also like to hear from people on how they find moving around the site as well as the speed of the site. At the moment the site is with an american hosting company and i am in the process of talking to UK hosting companies to move the site. The site is currently on a dedicated server. It would mean a lot if people could give me their advice on how to improve the site and make it a beter experience for our readers while at the same time being able to generate income with the site. Just a quick note, all content is original and we have a number of people who write for the site. many thanks
Technical SEO | | ClaireH-1848860 -
What is wrong with my site?
I have been working hard for over two months on my sites in seomoz and have seen some nice results in some (www.etraxc.com/ and www-my-etraxc.com for instance. Still I am really frustrated by www.classroomconnection.us/. I cant even get on the first page with the search term "classroom connection." i would love some help on this one. On a related note, does it help to have links to YouTube videos about the content? If so, how do I ensure that this piece is working well for me? Thanks a ton!
Technical SEO | | bobbabuoy0 -
Track PDF files downloaded from my site
I came across this code for tracking PDF files [1. map.pdf ( name of PDF file ) and files is the folder name. Am i right ? 2. What shall i be able to track using the code given above ? a ) No. of clicks on links or how many persons downloaded the PDF files ? 3. Where in Google this report will be visible ? Thanks a lot.](http://www.example.com/files/map.pdf)
Technical SEO | | seoug_20050