Hacked Website, Now What?

mj22

War Mongering.
BuSo Pro
Joined
Jun 20, 2018
Messages
340
Likes
150
Degree
1
Hey Guys, I figured id reach out and ask for some advice about a project im going to be working on soon.

An old client/close friend reached out to me recently for help on a 12 y/o website that tanked in a local market for their keywords. After looking at it i noticed that there was no ssl certificate and after going through everything i seen that the faq page was redirecting to a russian porn site. Also, when i do a site:targetdomain.com search, all the indexed page's titles have stuff like:

Prescription FREE oxy - buy now!
cialis pills - no prescription needed!
buy viagra - uk - fast shipping
ect. ect.

Clearly this thing has been hacked, i am surprised it isnt banned. When i checked the ranking history on semrush, it shows end of april, beginning of may 2020, the site nose dived hard core and then flat-lined across the board for all of its rankings. I am assuming this is when the site was hacked.

My Plan for this project is to build a new updated version of the site (keeping site structure and urls the same), update all the content by having it rewritten while maintaining flow & relevancy value for each page, set up ssl and hosting on a new server.

I guess my thoughts on this, are to show as much distance as possible from the old site as i can while maintaining relevancy and the authority the site has had built to it over time. I have done site rebuilds before, but i have never dealt with doing one for a hacked site. And i dont know if this is a master jedi sort of hack or what lol. I am also not sure with it having a 2 year history of being hacked/penalized, how that will impact the site's rankings once everything gets recrawled and indexed. Like is this domain going to still be flagged ect?

If you guys have any experience with this and feedback about how to get about this, it would be much appreciated.

Thanks in advance.
 

Ryuzaki

お前はもう死んでいる
Moderator
BuSo Pro
Digital Strategist
Joined
Sep 3, 2014
Messages
5,774
Likes
11,514
Degree
9
Those kind of hacks are usually the type where they embed code in several different random deep files. If you remove the code from one or two files, thinking you found it all, it reappears because you missed something.

The code serves to auto-generate a zillion pages like you're seeing, and the struggle after getting it cleaned up is to get Google to drop it from the index. Sometimes you get lucky and they crammed all the content in some random subfolder, so you can just set all content within the subfolder to show Google a 410 error.

Generally you'll see about 50% of the pages out of the index (monitoring Google Search Console's Coverage Report) gone in the first month, then another 50% of what's left in the next month, and so forth. It gets slower and slower but by month 6 or so, you'll have probably 95% of it gone and can forget about it that point.

Since your plan is to rebuild the project, I would do that with a fresh install. You could probably move the content and images over with an XML import, but I wouldn't copy the file system over or you risk bringing the hacked files over too.

Your plan pretty much eradicates any worry. All of the spam pages will 404 and over time they'll recover (next Panda update after your clean up, given the indexation gets cleaned up enough before then).
 

mj22

War Mongering.
BuSo Pro
Joined
Jun 20, 2018
Messages
340
Likes
150
Degree
1
I have an update coming soon on this one. It was shelved due to having other larger "fish to fry" else where at the time. I have been able to circle back and get after it. I am almost out of the meat grinder and will have some time to share the results from the work I did soon.

Thank you @Ryuzaki for the info/reply, and the kitchen sink post. Helped a lot.


Whoops, I forgot to add this image to the post. sorry for the double post.

mOr27CH.png
 

mj22

War Mongering.
BuSo Pro
Joined
Jun 20, 2018
Messages
340
Likes
150
Degree
1
Operation Phoenix.


Chapter 1 - THE RESURRECTION.(Morgan Freeman voice, lol)


- Coming Soon. (when I get time, haha)

---------------------------------

Sneak Peek/The Teaser

8wW0JVv.png

XUYCcj7.jpg



I hope everyone has a great holiday break and a good time with their loved ones. On to 2023. I'll see you on the flip-side.
 
Last edited:

mj22

War Mongering.
BuSo Pro
Joined
Jun 20, 2018
Messages
340
Likes
150
Degree
1
Alright guys, I finally have some time update this thing. If you see me go silent on here, it's because i am busy as hell and don't have time to be farting around on the forum. I hope everyone had a great holiday break and happy new year.

I pretty much did what i posted above in the opening post. Nothing magical.

DvtXVLt.png

Here are the metrics, age is 13 y/o.​

I kept the site structure the same, i had the pain in the ass developer i was working with at the time make some small changes that i thought didn't make any sense as to the way it was before. (dumb shit in the nav menu & footer that didn't need to be there).

With the content for the pages. I really wanted to have each page completely rewritten but that wasn't in the budget for this at the time. What i did was go in and clean everything up, keyword densities were crazy high, ect. I also changed the page titles, h1, h2, h3 up a bit. While doing this i made sure to keep everything relevant for the keywords we want to rank for. I was basically trying to make everything as unique looking as i could (with the budget i had to work with) vs the old version of the site while doing this.

I did axe a few pages and create new urls for them. While going through each page's link profile i seen some that had a bunch of shady looking/bad neighborhood links and were crazy anchor heavy. After talking with the client and him mentioning those pages actually tanked prior to the hack, i decided to just get rid of them. In this situation, i felt it was better to just cut the fat off vs have to try to clean up someone else's mess and have to deal with those pages potentially holding the site back in any way.

After i did the above, I used a condensed version of Ryuzaki's kitchen sink post to double check the technical and on-page seo side of things. To be honest, i totally over looked page/site speed and the mobile end of things. Like i said, i have been crazy busy, and being able to use that as a "Pre-Flight" checklist to catch that was a big help. Thanks again, i appreciate it man.

Once i got everything dialed in the best i could, I pushed the site live on the new hosting and let er buck....

Approx 3 weeks later i started seeing some of the pages start to get recached while doing a site:targetdomain.com search. Within a few days after that i noticed on ahrefs those pages slowly starting to pull up on radar(top 100) for some of the lower end keywords we want to rank for. That brings this project up to the date of when i posted the first screen shot here on Nov 16 2022.

(side note: So, last year i dealt with a site that had panda issues going on and it took about 5 months or so to get it corrected and pulled back up. With this project, to my surprise, this thing has literally been pulling up for its keywords with in a couple days after the pages have been recached. This is the first time i have seen this. looks to me like things are recovering in real time. Is this an isolated incident? or is this the new norm? I don't know. )

-----------------------------​

Moving on.... After continuing to see these pages slowly get recached and start to rank, I reached out to the client and told him what was going on. He said he wanted to try hit it and asked me if i could put together something that would help speed things up a bit.

I ran the below:

5 x DR70+ guest posts to the root url.

100 x Forum/discussion/crowdo links (or whatever the kids are calling them these days) spread across the remaining 45 pages that needed to be recached, dripped out over 30 days.

*Now before some of you have a damn stroke over me posting this, I DO NOT recommend running 100 spam links at your sites like this. If this was a completely healthy site i would not have done it. This site had been hacked and sat dormant, penalized for 2+ years. I was potentially beating a dead horse here anyway. (or at least until the next update/refresh)

With the DR70's I was wanting to get some high trust and high authority activity to the root url, a good shock to the system. With how the site is set up I was hoping it would also help sniff out the other pages to get them recached.

With the 100 forum links, i was looking for something cheap, low end, and of low consequence and these seemed like the right tool for the job. I wanted to get some activity to those pages in an effort to get google to recrawl and recache them quicker than just letting it naturally happen, if that was all they did, id be happy with that. If/when they start dropping off over time, i wasnt worried about it due to the fact that once the site comes back I will have more than enough velocity and authority going to those pages to counter majority of the negative effects that would come from that. (unless there is mass drop off, we shouldnt feel it much, if at all)

For the anchors, i dialed the exact match up to PRECISELY 47.69999999%, JK, LOLZ. I didnt do that, i just ran generic, branded, and natural anchors.

The above brings things up to date to the post on Dec 23 2022. Up to this point, i did not have access to GSC as the client hadnt set it up yet.

--------------------------

Today's Update/Progress

tzbMvtp.png

(I made sure to check the organic pages box this time )

c0vV5bY.png

I have pretty much just let the site sit and "cook" until now. I have 5 of our DA50's going to one of the pages i axed (that came back) to see how that internal page reacts in the serp. The target page has 2 of those low end forum shit links to it, outside of that it is a clean slate.

Here is where that page is currently

0b50HxU.png

So far 59 out of the 60 pages have been corrected, we are pretty much done with having pages in the serp that say shit like "Protect your boner! - Buy Viagra today!". Just one page left like that, i think maybe that page is eating viagra because it's being stubborn and just wont go down haha.

I will be back with an update once these DA50's finish rolling out. Until next time...