WordPress.org

Ready to get started?Download WordPress

Forums

After hack-cleanup: lots of spammy links from my site on google. How to remove? (16 posts)

  1. knutbli
    Member
    Posted 5 years ago #

    I recently got hacked, and some files were added that produces spam.
    I've removed the files + updated wp + changed passwords, and I hope I have cleaned it all up, but...
    When I search on google for a specific keyword I found in the hacked files, there are a huge number of links that all have the same form:
    my domain-name + the hacked file + a questionmark + some spammy product names.
    I don't want my site to be associated with this, and I wonder if there is any way that I can get the google-listings cleaned up?

    Thanks,

    Knut

  2. whooami
    Member
    Posted 5 years ago #

    you can tell googlebot that those links are 'gone' and they will eventually be removed from it's index. It takes some htaccess magic and some good regex skills.

    a 'gone' means you send a 410.

  3. knutbli
    Member
    Posted 5 years ago #

    Thank you for answering!
    410s and htaccess magic and regex are not among my top skills... or to be more precise, I don't understand much of what this means at all...
    Could you please explain/describe how I can do this or where I can learn more?

    Knut

  4. whooami
    Member
    Posted 5 years ago #

    well, all those terms are googlable.

    The specifics are dependent on the site and the urls that are indexed.

  5. knutbli
    Member
    Posted 5 years ago #

    Ok, I've searched and have quite a lot to read now...
    One thing I found was the webmasters tools on Google. Do you think it is possible to remove this by simply sending a request to
    https://www.google.com/webmasters/tools/removals
    ?

    Knut

  6. whooami
    Member
    Posted 5 years ago #

    you can do that sure. I believe that requires you to enter all the urls though.

    In this thread:

    http://wordpress.org/support/topic/211645?replies=2#post-880182

    I answer the same question, and provide an example using my own site.

    Im going to be honest here, and say that I am purposely withholding information. Not because I want to be a pain in the butt, but because like an SEO expert gets paid to get links into google, I actually charge to get links removed. It's part of what I do when I clean up exploited sites.

    I do this sort of thing for part of my living.

    If someone else comes along and hooks you up totally, more power to them and you.

  7. knutbli
    Member
    Posted 5 years ago #

    The links are like this:
    /wp-content/wp-cache.php?blogginstyle=1&page=4695
    ...and from what I see, there are an incredible high number of pagenumbers. Will it not be good enough to just report the page wp-cache.php to google?

    You seem to know a lot about these things, and I'm very thankful for your help. From the URL above, is it possible to see if the "pages" are fetched from my own database?

  8. whooami
    Member
    Posted 5 years ago #

    Will it not be good enough to just report the page wp-cache.php to google?

    i honestly dont know, I think Ive only had to remove one url of my own from google, so it was pretty straightforward in that instance.

    It never hurts to try.

    The other question .. I dont understand.

    // me leaves to go to the bank.

  9. knutbli
    Member
    Posted 5 years ago #

    Sorry, did not see the last part about withholding info before I asked the last question. Answer if you like, but I will be extra thankful if you do...

  10. knutbli
    Member
    Posted 5 years ago #

    The other question: This hack has really made me a bit paranoid, and I've just searched through the database to see if the hackers have left something there too. I just was curious if there is possible to read something out of the things behind the ? in the URL, and tell if all the spam-pages are stored inside my own WP-database or if everything seem to be outside of my own site?

  11. macsoft3
    Member
    Posted 5 years ago #

    Is your administrative username viewable anywhere at your website?

  12. knutbli
    Member
    Posted 5 years ago #

    Not now, but at the time of the hack, yes.

  13. macsoft3
    Member
    Posted 5 years ago #

    Ahhh...

  14. knutbli
    Member
    Posted 5 years ago #

    ...and that means?

  15. macsoft3
    Member
    Posted 5 years ago #

    Just meaning that's what I guessed...

    Admin account cracking will be tough to do without knowing a username.

  16. knutbli
    Member
    Posted 5 years ago #

    Thanks to all of you! I have now gone from someone with no idea of what this meant to someone who can actually do some htaccess magic and send a 410!

Topic Closed

This topic has been closed to new replies.

About this Topic