Internal site search cleanup

  • Resolved ms100

    (@ms100)


    11 months, 2 weeks ago

    Hi support,

    If I am correct, the Advanced setting: “Internal site search cleanup” recently became available for free. So thanks for making that available, together with a great guiding video on Youtube.

    Unfortunately I found out our site has already been affected by several spam attacks like this one for example:
    ourdomain.com/?s=一流的Salesforce Health-Cloud-Accredited-Professional:Salesforce Health Cloud Accredited Professional 最新題庫資源 – 確保通過的Newdumpspdf Health-Cloud-Accredited-Professional 熱門證照 😟 複製網址▛ http://www.newdumpspdf.co ▟打開並搜索▷ Health-Cloud-Accredited-Professional ◁免費下載Health-Cloud-Accredited-Professional考試資料

    Thanks to the noindex, nofollow tag added by Yoast, we have no issues with spammed pages being indexed by Google.

    When activating the Advanced settings: “Filter search terms”, “Filter searches with emojis and other special characters” and “Filter searches with common spam patters”, Yoast 301 redirects the spammed search result pages (like the example I mentioned) to the homepage. So that is also nice.

    But these stored spammed search result pages have to be somewhere in our database. I can not find them. I hope you can give me a hint, where to search for them, so I can clean them up completely.

    Hopefully you can send me in the right direction. It would be very much appreciated.

    Thanks in advance.

    Edited: I removed the “m” in .com, so the spammers don’t get a backlink from wordpress

    • This topic was modified 11 months, 2 weeks ago by ms100.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Maybellyne

    (@maybellyne)

    11 months, 2 weeks ago

    Hello @ms100

    Thanks for using the Yoast SEO plugin and for the kind words.

    The spammy links are not in your database. When your WordPress site has an internal site search feature, you can get to it via example.com/?s=example or example.com/search/example/. You can put anything you want in those URLs. And in many cases, the words you search for will be output on the site’s search results page. That means anyone can write an advert for illicit goods or services, like https://example.com/?s=buy my fake rolex watch from www.anotherfake.com, and ‘create’ a page on your website that features their ‘advert’. Scripts and software could also be written to generate requests to URLs like this at scale across many websites.

    Since Yoast SEO automatically applies a noindex directive to your search results page, that keeps these URLs out of Google. Even if you see this kind of data in Google Search Console, it’s not affecting your SEO.

    You can also read more at https://yoast.com/internal-site-search-spam/

    Do let me know if you have follow up questions

    Thread Starter ms100

    (@ms100)

    11 months, 2 weeks ago

    Thanks for the reply @maybellyne

    and ‘create’ a page on your website that features their ‘advert’

    So when using these Yoast Advanced settings, the ‘created’ page is not really created (anymore)?

    It’s just spammy /?s= backlinks pointing to our domain, that get 301 redirected to our homepage.

    I thougt WordPress had stored these spammed search pages somewhere, and I was scared it was a kind of a SQL injection attack.

    (Because the search resultpage gets redirected to the homepage, Google does not see the nofollow, noindex tag anymore, I think. But Google is smart enough to not count these spammy backlinks as real backlinks I think, because they do no show up in Search Console.)

    Thread Starter ms100

    (@ms100)

    11 months, 1 week ago

    When I saw these links, I was a little bit in shock as you probably can imagine. But a few days later now, I am confident enough to mark the topic as resolved. Thanks again @maybellyne

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Internal site search cleanup’ is closed to new replies.