The Summary of Discussion 2: A New Owner Has Been Added on GSC
Today, i just received an e-mail from google saying that a new owner has been added to my site on google search console (GSC). I was shocked, and saw that he somehow added his verification code to my hosting.
After going through the console, i saw that he added a new sitemap with 500+ urls with links like: domain .com//?nfc=male-enhancement-for-ed_Testosterone.html
What is the best way to clean this up and figure out how he got access to all those things? I Mean, do you think my hosting got hacked? (since they were able to verify the website).
[filtered from 24 💬🗨]
Happened to me via a weak FTP password.
First they got in to the server, then verified they were owners of the site using a new GSC account.
My site was on WordPress and they then changed key WP files (functions.php and various others), added 100,000 fake pages via a sitemap.
Then they had a rewritten 404.php file that tested to see if the visitor were a search engine spider, in which case the 404 returned a 200 code and a fake web page, or just a 404 page if the user was a regular site visitor. Clever bastards.
I changed the FTP password (and all WP passwords) removed the second GSC verification file, completely deleted WordPress, manually added a clean WP version back in, did a cleanup with WordFence then used robots.txt to disallow the 100,000 pages which Google did at a rate of 100 per day – so it took 3 months to clean the SERPs.
were your rankings hit?
Luis » Jim
what can you do to avoid this? Just a long password for host login?
Yeah, huge long password and Secure Shell File Transfer Protocol (SFTP) if you can
I can't even add plugins to the site for some reason. The ‘add plugin' feature is missing.
Get into Secure Shell (SSH)
I had the same with File Transfer Protocol (FTP) uploaded site. I dont use console. They managed to index 3000 spam pages an I struggle to get 1000 indexed.
I had the same issue. Got several of my sites hacked.
Now you have to get rid of the 404 URL's in googles index. Even if the urls are removed, it'll still appear in index.
Do site:site.com and you'll see what I mean.
I've only had this with mediocre hosting. Chances are they got in through a vulnerable plugin.
The exact same thing happened to me two weeks ago. Some Japanese hacker added 48.000 spam pages to my website, and added themselves to my GSC as admin. I've deleted their code and pages but the pages still remain indexed…
How did you find the code? I am struggling to find it. I restored it to a few days back but the urls are still there. Wordfence unable to find anything significant
Nrop » Dave
Wordfence helped me find it. The code was actually in some .png files the hacker added. They added several folders with these .png files also added some .png files next to the existing ones. For example, there was an image with WP installation titled left-arrow.png and the hacker added left-arrows.png…
The Summary of Discussion 1: How to Delete Hacked Urls From Google SERPs?
Few days back my website was hacked.
And, after checking site:examlpe .com(example website), I could see some extra urls that were not created by me. They contained gibberish languages.
So I checked them and cleaned my website thoroughly. Embeded firewall, changed credentials, updated WordPress and all plugins and many more.
Removed all the injected issues on my website.
Now, all the unwanted urls are showing 404 in indexing check.
So all I want to ask that how will I able to remove those urls that I have already deleted. Or they will be removed automatically? They are still showing and going 404.
please, check the attached image.
few ways. you can list those urls, and put it in your robot txt as no index.
or you can just submit sitemap, google will recrawl them, and it will disappear in time.
takes time tho.
Go to your Google Search Console and use the Removal Tool and remove all of the bogus URLs.
Thedy » Daniy
make sure to check your sitemap. You may need to clean it up also otherwise those URLs will come back in time.
Also audit your plugins – this kind of hack usually happens through unmaintained plugins.
Semi related, set your 404 to go a landing page or your homepage. That way in the off chance someone comes to your site through one of those they see something rather than just a 404.
Do you have the wp file manager plugin installed by any chance. The same thing happened to me recently and it was through that plugin. I've since installed malcare ($100/yr) and that's sorted it
404 is correct. That's what it's supposed to show. It means that they're gone, which is what you want.
But make sure there aren't any references to those gone pages from a sitemap or secretly linked from anywhere else on your site.
Do a full site crawl and identify if any of those pages are linked from anywhere.
Show a 410 status code and Google will remove them within a fortnight.
Those urls will be removed automatically when google will crawl your site and come to know that they are removed from your site.
You don't need to be worried if you have removed them.
I have recorded a video on how to clean up hacked pages from Google search results here:
The Free Version of my Plugin, Monster SEO can handle most of these tasks. It helps to create 410 errors and sitemaps specifically for these pages that you need to delete.
This may satisfy you: Some Advice if your Server Get Hacked