|Site dropping in search results||Adlew||12/19/10 4:06 PM|
I have read the FAQs and checked for similar issues: YES
My site's URL (web address) is: www.mcgregor.org.za
Description (including timeline of any changes made): Hacked Feb 2010, All new site March? 2010, Many more changes Dec 2010
My site has for a long time been at Google number 1 for search term McGregor, at least with in the country. It is starting to fall and I have recently discovered that some directories that base their content on Google no longer record it at all.
The site was hacked a year ago, but the spam script content was removed quickly and the site has now been completely replaced. However, their are still Viagra etc search results that bring up the site, despite my having 404'ed the bad page, submitted them to Google etc.
The real drop seems to have started after I submitted reports to Google about the problem - am I now being penalised?
|Re: Site dropping in search results||ShopSafe||12/19/10 4:33 PM|
Hello Adam, :)
You still have a working page in the index named: http://www.mcgregor.org.za/?q=us-viagra.php
I could not get it to redirect but tha does not mean that is does not redirect.
Did you deliberately name this file us-viagra or is it left over from the hack?
|Re: Site dropping in search results||Adlew||12/19/10 5:02 PM|
Thanks for your quick reply.
There shouldn't be any viagra content left, I thought all had been removed. Where do you find it?
I don't understand how the spammers work, but there were a number of other sites also hacked and they passed masses of traffic between them. I think some of this still exists, and I suspect that my site also appears on hackers' lists as I have had to block some new IPs for old terms that have appeared on the server logs. Could this be creating new result on Google?
|Re: Site dropping in search results||ShopSafe||12/19/10 5:21 PM|
The page itself looks like your home page but you can be almost certain it will be redirecting to show alternative content to Googlebot.
You can find them like this:
Once you have the urls you may be able to confirm the URL's redirection by "fetching as Googlebot" in webmaster tools.
You may find the steps to a cure on a Joomla forum, hacks like these usually conform to a pattern.
|Re: Site dropping in search results||ShopSafe||12/19/10 5:36 PM|
or ask an additional question in the Malware Forum ---->
|Re: Site dropping in search results||Adlew||12/19/10 5:44 PM|
I'm confused.... the site has just recently been replaced. The hacked one was built on Mambo and was replaced with a new one is Joomla 1.5 around April. I have continued developing on WAMPServer and, once again, erased both site and DB just a week or 2 ago to install the one you see now. Has the site been hacked again within the last few days?
|Re: Site dropping in search results||ShopSafe||12/19/10 6:22 PM|
It is hacked now - you might be able to ascertain the date from the edited page files but it is not important.
Do not sweat it, I think I have been hacked more times than you and I sleep with one eye open. The main thing is to get expert help, either through the Google malware forum or the Joomla forum.
Consider changing your passwords as a first step, including your local machine.
|Re: Site dropping in search results||Adlew||12/19/10 6:34 PM|
Thanks for you help - I've asked the question on the Malware forum.
I thought the answer to hacking was going to be regular back-ups, but that only works with kids wanting to do damage. With the pros, the trick has got to be realising that the site is even hacked so as to avoid backing up and restoring the hacks as well.......
Now I think of it, my site's host, Hetzner, were hacked a few weeks ago. I did change passwords then, but maybe too late!
|Re: Site dropping in search results||ShopSafe||12/19/10 8:38 PM|
Agree - until you get this under control consider the occasional site: search.
There may be a keylogger on your own machine. I doubt it but regard anything as possible.
|Re: Site dropping in search results||Adlew||12/20/10 3:43 AM|
I also have a version of the site on a different domain, mcgregorvillage.co.za . I am intending to move it soon as the DNA are tightening up on commercial use of .orgs (even if we never planned to go that way)!
I had the new version of the site up and running on the mcgregorvillage.co.za domain before making a copy and putting it up onto mcgregor.org.za . This transfer only happened a week or so ago, yet there is no sign (that I can see) of hacks on the former site.
I think what I'll do is make a copy of the .org and install it to the .co to see if the spam goes with it. Is it possible that a script has been installed outside of the site, maybe below its root?
|Re: Site dropping in search results||ShopSafe||12/20/10 3:55 AM|
It looks like a lot of people are finding it in configuration.php
|Re: Site dropping in search results||JohnMu||12/22/10 2:56 AM|
Looking at your site, I don't see anything particular. The hacked URLs ("?q=some-keywords.php") that have come up here are pretty old, so I don't think that's anything that is affecting your site's standing in search results. Given that they return normal content, they will likely remain indexed (one thing you could do is to use a rel=canonical link element on your homepage to encourage them to drop out), but they wouldn't be harming your site by remaining indexed.
I noticed that you recently removed the big (but in a small font size) "menu" from the footer of your homepage. I think removing that was a good idea, and will likely help your site a bit. In general, having a full "sitemap" in the footer rarely helps, and might be mistaken for an attempt at keyword stuffing. Using a normal HTML-sitemap page is probably a better idea -- or just linking normally between the pages in a way that gives context to each page as you're doing now. So given that change, I'd let it settle down a bit now, and just generally continue working on your site :).
Hope it helps!
|Re: Site dropping in search results||Adlew||12/22/10 7:10 AM|
Many thanks for that - put my mind at rest!
I did find eval(base64_decode('ZWNoby..... in a template which was decoded on Malware forum as being adult spam but, given that the template was unused, I don't think it should have been a problem.
This whole exercise has focused me onto Joomla security. I've pretty well concluded that, even with the Joomla core kept updated, there's so much vulnerability in the add-ons (OK, I'm a cheapskate and use the free ones!) that the site will always be vulnerable. Add to that that hacked sites are not so easy to spot now and that I am not a competent enough programmer to be sure of a fix....... Well, the answer seems to be to make all site changes on a localserver and upload a fresh copy weekly.
Interesting what you say about the sitemap in the footer. I'd always thought it would be a good idea from a SEO point of view to have a copy of all site links on every page, and that sitemap pages were of limited use. The small font was just to make it fit! I was going to put it back up, but it will definitely stay off now!
Given the nature of my front page, it does tend to be rather light on content. I've now modded the property module to show the property description in the image alt text. I hope this is OK to do.....
Thanks again, and thanks also to ShopSafe for all his advice,