My sites google listing was recently hacked

[pyramids]

My sites google listing was recently hacked (for years we were on the first page under our key words). I lost my google page ranking and I basically was removed from google - can't even be found using my domain name. How and why? How, I can only guess - someone copied my home page and put in on a xxx site, so now the search engine sees my info as xxx and removes me. As to the why, my site is presently under attack, someone is using a DOS attack by repeatly call pages that don't exist, they are using a variety of unrelated IP addresses. This is being done every few seconds.

 

As I have sought for help I was told to do some of the following items, although they won't do anything to stop a DOS or "COPY of Site" attack.

 

If anyone has any ideas as to how to stop any of this or how to prevent this in the future, let me know.

 

I hope this does not happen to your site - our business has been hit very hard.

 

In response what I have done is to run google ads since I have gotten 85% of all orders from google. So this has cost me thousands! I would have gladly paid the spammer off....

 

 

Some site tools that I have been using to help solve this:

 

Use this site to see if someone has copied your site thereby disallowing your site to be properly indexed:

http://www.copyscape.com/

 

Use this page to check your site for possible spam

http://tool.motoricerca.info/spam-detector/

 

Use this page to validate your site for errors that may effect your search ratings:

http://validator.w3.org/

[GemRock]

what you say in your post is not (at least) entirely true or not the case. someone could copy your site but no one could copy your domain, and SEs index sites based on domain, not contents. if your know your site has been copied, then you should report it to google or to other SEs. first thing you should look at is your webmaster tools (google) and find if there is clue that would suggest something wrong about your site. if so, then you correct the errors or do whatever google tells you to do there and re-submit your site for 're-consideration', which is the official advice from google.

 

RE DOS attack: theres different ways of dealing with this problem., such as htaccess redirects all 404 requests to a custom 404 page and in that page redirect it to sites that are purposely set up to tackle this sort of things. there is also scripts that record IPs and then ban them automatically.

 

Ken

[pyramids]

what you say in your post is not (at least) entirely true or not the case. someone could copy your site but no one could copy your domain, and SEs index sites based on domain, not contents. if your know your site has been copied, then you should report it to google or to other SEs. first thing you should look at is your webmaster tools (google) and find if there is clue that would suggest something wrong about your site. if so, then you correct the errors or do whatever google tells you to do there and re-submit your site for 're-consideration', which is the official advice from google.

 

RE DOS attack: theres different ways of dealing with this problem., such as htaccess redirects all 404 requests to a custom 404 page and in that page redirect it to sites that are purposely set up to tackle this sort of things. there is also scripts that record IPs and then ban them automatically.

 

Ken

Ken, thanks for the info.

 

To clairify, if my post says someone copied my domain, I mean (this is just a guess as to if this is the cause, but the copy part is verified by checking copyscape.com) someone copied text from from my site and posted it to various sites, then they link it to xxx sites. Again, this is happening right now, the guessing part is that this is the cause of why my domain name was removed from google. There may be another reason, if I find out otherwise I will post it here.

 

On the DOS I have contacted the server manager and hopfully they will ban at the server level.

 

Your suggestion about google tools, is a good place to start, I have already been there and that is where I confirmed ALL linkgage was gone, I then uploaded a new sitemap, I also have contacted google to recraw the site (although they said it wasn't needed).

 

I am no expert when it comes to getting listed in google, we have enjoyed top listings for years. I have done nothing to the site to cause this. I hope we can get listed ASAP.

 

I will report back any new findings.

 

Regards,

jeff

[pyramids]

More info:

 

I found this error - google 4xx error at my google stats and on investigating it found info at this link:

 

http://www.homewarrantyreviews.com/google-...ching-4xx-error

 

Basically is says: If you encounter this error (google 4xx), please make sure your web hosting company has not blocked Googlebots.

 

I have contacted the server management and will report back.

[wetzel]

Ken, thanks for the info.

 

To clairify, if my post says someone copied my domain, I mean (this is just a guess as to if this is the cause, but the copy part is verified by checking copyscape.com) someone copied text from from my site and posted it to various sites, then they link it to xxx sites. Again, this is happening right now, the guessing part is that this is the cause of why my domain name was removed from google. There may be another reason, if I find out otherwise I will post it here.

 

On the DOS I have contacted the server manager and hopfully they will ban at the server level.

 

Your suggestion about google tools, is a good place to start, I have already been there and that is where I confirmed ALL linkgage was gone, I then uploaded a new sitemap, I also have contacted google to recraw the site (although they said it wasn't needed).

 

I am no expert when it comes to getting listed in google, we have enjoyed top listings for years. I have done nothing to the site to cause this. I hope we can get listed ASAP.

 

I will report back any new findings.

 

Regards,

jeff

 

 

Have you checked to make sure you haven't had any new javascript injected into your scripts? Two months ago, a hacker somehow gained access and inserted javascript into about thirty of our scripts as well as some other junk and some image archives. It somehow allowed them to use our site as a porn cache. This was invisible to a normal user except for slower page loading. Now a good number of the keywords we have associated with us at Google are of the porn genre. All of the changes had a timestamp within fifteen minutes of each other, so I was able to meticulously comb all of the crap out. We are launching a big SEO effort soon, and I am hoping this won't cause us too many problems with Google. I did report the issue for 'reconsideration' at webmaster tools, to kind of preempt them from thinking we are a porn site, but I don't know if it worked.

 

I would just double check you haven't got pages, even long dormant ones in far off subdirectories, with injected code.

 

Also, if you have visitor stats installed, you can see what people are visiting. That's how I found the problem. I'm still getting hits from frustrated porno hounds in Korea.

[pyramids]

Yes it is possible, I have had dozens of IP addresses spend hours on my wholesale.php page, I have since removed it.

 

 

Note on the 4xx error, I have 3 websits on the same server and the other 2 are listed fine.

[GemRock]

when google says 'your server' does not block google it actually means your site in particular the htaccess and the robots.txt. you could go to one of the sites that can 'simulate' bots including google so as to find out what 'google' sees your site.

 

Ken

[wetzel]

Yes it is possible, I have had dozens of IP addresses spend hours on my wholesale.php page, I have since removed it.

 

 

Note on the 4xx error, I have 3 websits on the same server and the other 2 are listed fine.

 

If it is a similar hack to mine, and you have been script injected, you really need to have someone with knowledge of PHP to root it out. If you're lucky and the timestamp can serve as a guide, they can go through and find the Javascript and remove it as well as any other files they may have placed. I think there is a package that injects the changes into compromised sites in one fell swoop. In our case, there were discrete Javascript code blocks, which were huge, which we could delete, and there were specific new directories with the timestamp which we could also delete. What you are describing is so similar to what occurred with us in how it affected the keyword profile of our site that I think you really need to look at the individual scripts and investigate it (or go back to an archived version of your site). There were lots of scripts affected as well as new files and directories.

 

Secondly you will need change every password and you might consider changing hosts. It's possible you have key stroke logger malware on one of your computers also, which may be how they gained access, or you might be on a compromised shared server. Honestly I am not an expert. I'm just sharing our experience.

 

If you actually find out who is doing this, I will join you to fly to wherever they live and strangle them.

[pyramids]

John thanks for the info.

 

Here is where we are at:

 

Our site about an hour ago slowed to a crawl and I notified the server mgr (waiting for response)

 

I was able to upload a new sitemap to google, for some reason it had errors (maybe google changed something)

 

I had the server mgr put into the server root?

Allow from googlebot.com and allow from 209.85.171.99 (in the firewall.)

 

I did check our files (I am running sitemonitor) and found no new files or changes.

 

In a day or so I am hoping to get relisted into google

 

So even though I may get relisted, I still don't know what caused it exactly.

 

Regards,

Jeff

[pyramids]

This is not easy to write, but it is possible a did a royal screw up!!

 

I may have corrupted or altered the htaccess file so that google saw the site as not functioning properly and that may be the cause of the 4xx errors.

 

If that is the case, then I hope everyone reading this will do a better job at watching their sitemaps at google than I did. I have been looking at them monthly, but must have skipped a month (got too busy) and did not catch this.

 

If I find out otherwise I will post the new info.

 

Final note:

 

1: be careful editing your htaccess file

 

2: watch your google sitemaps

[germ]

One of these days they'll invent a computer that does what you WANT it to do, not what you TELL it to do...

 

*COUGH* * COUGH *

;)

 

If they do, I'll be first in line....

:lol: