Website hacked
-
Hi I've been asked to help a colleague with his website. It seems to be hacked. He recently received an e-mail from Google saying his adwords account was suspended 'due to high probability his site may be hosting or distributing malicious software' I just checked his source and there seems to loads of weird on code on his pages, this would not have been but on by any members of the website owners.
Please image attached when we try to access his website via google search
I just contacted the hosting provider - does anyone have experience with this and how to prevent such hacking in the future. The site is build using HTML with no CMS.
-
Hi Socialdude,
Did you get this sorted out, or would you like some more advice still?
-
Hi Socialdude,
A look at that code suggests that the most likely point of access has to be a file that is more than just regular HTML somewhere on your site. This means that somewhere, there must be at least one php file.
My first guess would be that there is a page with a PHP driven contact form which has been used to inject code into the site and propogate the malicious javascript into the other pages.
If you have a clean backup copy of all pages in the site (either with your friend or their developer), then the quickest fix is to upload your backup version.
If you don't have a backup, then you could try checking the Wayback Machine and see if there is a clean copy archived there which you can grab and upload to replace the hacked site.
If neither of those is an option, then the first thing to do is to find any pages in the site with the .php extension.
Rename the files by changing the file extension from .php to .txt. (If you are unsure of how to change the file extension, you can just open the files, save a copy with a .txt extension and then delete the .php version from the server)
You can now look at the file(s) that were PHP, see what has been added to the code and clean it up. You will then need to individually edit the HTML files and remove all of the bad javascript code. Now that you have everything cleaned up, create a complete backup of the site just in case you need it again in the future. Upload your clean copy and you should be good to go.
I would also go to Google Webmaster Tools & use "fetch as googlebot" to fetch and add the index page so that Google knows you are now OK to crawl again.
Hope that helps,
Sha
-
One way this can happen and your code you posted looks like a case I have seen happenn to a friend, is SQL injection. Where someone posts script into your database though inputs in your form. then when you request the data from the database it is executed.
Most newer technologies have fixed this hole, but older technologies are prone to it.
-
Cheers for your reply, as far as I know the site was built by an experienced developer but I couldn't really comment as I'm not sure. I must say the site is pretty old and it's not html validated.
We are currently looking to get the site build on a CMS either worpdress or modx.
Based on what you mentioned above I will just wait and see what the hosting company have to say with regards to this issue.
-
Web security is a very complex field which has literally hundreds of layers. You said the site was built using HTML. Is this an experienced developer with formal web development training who uses valid HTML code and has years of experience? Or is this a do-it-yourself kind of project?
It's kind of like saying someone broke into your house. They could come through the front door, the back door, the side door, any window or slide down the chimney. They could have a key made or pick the lock or smash the lock. Security is a very comprehensive field which involves the web server itself, the website, the admin panel and more. There is not a Q&A response anyone can offer to address the many factors involved.
You can pay for McAfee or a similar service to perform daily malware scans of your site and alert you to security issues. You can also move to a CMS and ensure you keep the latest updates and read their security guidelines.
-
I'm not to sure to be honest I'm not a web designer / developer and don't have experience with databases.
-
is it on the pages where you naviagte to them though the file system?
does the website use a database?
-
I found this in the source code and it's placed on all pages and looks like the below there are about 10 paragraphs on each page: I just hope the hosting provider can help us out.
-
I have never had this happen, but i would guess that the code is probably added thought a rewite rule. See if the code is actualy on the pages via the fiels system. if not i would be looking for rewrite rules in the server settings.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Page Speed/Website Optimization Question
We recently relaunched our website and after running multiple page speed tests (GT Metrix, Google, etc.) our results aren't great. We would love any suggestions on how to improve our site as we are not experts in what exactly these results mean - https://gtmetrix.com/reports/loyalty360.org/DKRN0hKg. Thanks!
Technical SEO | | carlystemmer0 -
I have a GoDaddy website and have multiple homepages
I have GoDaddy website builder and a new website http://ecuadorvisapros.com and I notices through your crawl test that there are 3 home pages http://ecuadorvisapros with a 302 temporary redirect, http://www.ecuadorvisapros.com/ with no redirect and http://www.ecuadorvisapros/home.html. GoDaddy says there is only one home page. Is this going to kill my chances of having a successful website and can this be fixed? Or can it. I actually went with the SEO version thinking it would be better, but it wants to auto change my settings that I worked so hard at with your sites help. Please keep it simple, I am a novice although I have had websites in the past I know more about the what's than the how's of websites. Thanks,
Technical SEO | | ScottR.0 -
My beta site (beta.website.com) has been inadvertently indexed. Its cached pages are taking traffic away from our real website (website.com). Should I just "NO INDEX" the entire beta site and if so, what's the best way to do this? Please advise.
My beta site (beta.website.com) has been inadvertently indexed. Its cached pages are taking traffic away from our real website (website.com). Should I just "NO INDEX" the entire beta site and if so, what's the best way to do this? Are there any other precautions I should be taking? Please advise.
Technical SEO | | BVREID0 -
Website redirects
We consolidated websites. All the international sites have been brought under the roof of our mothership site based in the US: www.crisisprevention.com ... We mapped out all of the URLs and where they should be redirected. However, if someone types in, say, www.crisisprevention.co.uk it redirects to the mothership site, BUT the old URL hangs around no matter what page you navigate to. I feel like it has duplicate content ramifications or worse. I would like opinions on this, so I can take my findings to IT and figure out a solution. Here’s another example: http://www.positive-options.co.uk and another http://www.positive-options.com
Technical SEO | | spackle0 -
Hacked Server IP Range Penality?
I use a justhost.com reseller account to host about 15-20 of my own websites. None of the sites are related, nor do I interlink or do anything blackhat with any of them. All of the sites have unique content. Some of it isn't great, but I didn't use a writing service on any of then, it was all written by myself. Recently I found a list of my sites (as well as about 200 others hosted by justhost) on a hacker website that listed the cpanel usernames. I alerted the host and the issue is being fixed. I am changing all of my usernames and passwords for all of the sites. Anyway, I recently took a look at some analytics and rankings and noticed that I lost a lot of my rankings on a handful of those sites recently. I know there was the big de-indexing of junk blogs recently, but I don't think that is the case. I can still find all of my sites in Google, they are just out of the first 50 results, when a majority of them were ranked from 5-20 in the SERPs. Here are three of the sites and their phrases: http://nintendoconsoles.com/ "nintendo consoles" - This domain I bought from someone so there could be some sort of sandbox period for it. http://webhostingfordrupal.com/ "web hosting for drupal" - This was a new register. http://seotirical.com "seotirical" - we don't show up, but all of the tweets and links to us do. - This was a new register. I realize these sites aren't perfect, and might not have been ready for the first page. The Nintendo site is about 3 months old, but the Drupal site has been around for 8+ months. I might try adding a fresh piece of content tonight to see if that helps, but I thought it was curious that it happened across the board with about 5-6 sites on my one reseller account. I don't even know if the top portion of this post has anything to do with the problems, but I thought I'd see if anyone has insight. Cheers,
Technical SEO | | vforvinnie
Vinnie0 -
Google is Showing Website as "Untitled"
My freelance designer made some changes to my website and all of a sudden my homepage was showing the title I have in Dmoz. We thought maybe the NOODP tag was not correct, so we edited that a little and now the site is showing as "Untitled". The website is http://www.chemistrystore.com/. Of course he didn't save an old copy that we can revert to. That is a practice that will end. I have no idea why the title and description that we have set for the homepage is not showing in google when it previously was. Another weird thing that I noticed is that when I do ( site:chemistrystore.com ) in Google I get the https version of the site showing with the correct title and description. When I do ( site:www.chemistrystore.com ) in Google I don't have the hompage showing up from what I can tell, but there are 4,000+ pages to the site. My guess is that if it is showing up, it is showing up as "Untitled". My question is.... How can we get Google to start displaying the proper title and description again?
Technical SEO | | slangdon0 -
Absolute of Relative Internal Website Links
Hi, I am not sure what is considered best practice when linking between pages on the same site - absolute or relative: Link Or Link I notice a lot of CMS systems (WordPress) use the absolute method - is there a reason? Any help much appreciated. Barney.
Technical SEO | | barnst0 -
Issue of my website Google Penalty or Recent Algorithm Changes only!
I recently faced issue of Google recent algo update on my main website. I found my ranks were all of 5th to 7th page even with website name without .com at end we have 5th page shown our biz website. It was a news portal and behind in subdomain i was running my web hosting website. 1. I removed all news content from my website since i thought the news agency send me content send same content to others may cause in the issue so i removed the NEWS AREA 2. I am turn off all of my old subscriptions or membership of blog networks etc. to make sure i get proper good backlinks with good research etc. Is there anybody who can suggest me what shall i take more action ? Mean any kind of further good suggestion i will highly appreciate if anyone can help me with any suggestions of SEO. I know there are many people who knows lots about it thus i thought to ask to community.. I am also unsure its a Google panelty or a Google recent update negative changes to my website ? However i have already filled reconsideration request as an possible alternative by explaining google that we are no more NEWS CONTENT Website. Will wait for responses...
Technical SEO | | anand20100