Archives for April 2012

Example email to a hacked site

Beyond clear-cut blackhat webspam, the second-biggest category of spam that Google deals with is hacked sites. The most common reaction we hear from webmasters is “The problem is with the Google search. There is nothing wrong with our website.” That’s a real quote from an email one site owner recently sent us. Sadly, it turns out that the site is almost always really hacked.

The single best piece of advice I can give to prevent website hacking is “keep your web server software up-to-date and fully patched.” That prevention is much better than the hassle of cleaning up a hack. Here’s an example email I just sent to a site owner with the identifying details removed:

Hi xxxxxxx, I’m the head of Google’s webspam team. Unfortunately, example.com really has been hacked by people trying to sell pills. I’m attaching an image to show the page that we’re seeing.

We don’t have the resources to give full 1:1 help to every hacked website (thousands of websites get hacked every day–we’d spend all day trying to help websites clean up instead of doing our regular work), so you’ll have to consult with the tech person for your website. However, we do provide advice and resources to help clean up hacked websites, for example
http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163634
https://sites.google.com/site/webmasterhelpforum/en/faq-malware-and-hacked-sites
http://googlewebmastercentral.blogspot.com/2008/04/my-sites-been-hacked-now-what.html
http://googlewebmastercentral.blogspot.com/2007/09/quick-security-checklist-for-webmasters.html
http://googlewebmastercentral.blogspot.com/2009/02/best-practices-against-hacking.html

We also provide additional assistance for hacked sites in our webmaster support forum at https://groups.google.com/a/googleproductforums.com/forum/#!forum/webmasters . I hope that helps.

Regards,
Matt Cutts

P.S. If you visit a page like http://www.example.com/deep-url-path/ and don’t see the pill links, that means the hackers are being extra-sneaky and only showing the spammy pill links to Google. We provide a free tool for that situation as well. It’s called “Fetch as Googlebot” and it lets you send Google to your website and will show you exactly what we see. I would recommend this blog post http://googlewebmastercentral.blogspot.com/2009/11/generic-cialis-on-my-website-i-think-my.html describing how to use that tool, because your situation looks quite similar.

Anyway, just a reminder for site owners to keep their web server software up-to-date, because hacked sites are a real pain. Most Google searchers and even website owners don’t think about hacked sites much, but on our side have to spend a fair amount of effort writing classifiers to catch this illegal activity, helping the victims of hacked sites, adapting when the hackers change their techniques, etc.

css.php