• About Us
  • Contributors
  • Guides
  • Speaking Engagements
  • Write for The SEM Post
  • Submit a tip or contact us!
  • Newsletters

The SEM Post

Latest News About SEO, SEM, PPC & Search Engines

  • Google
  • SEO
  • Mobile
  • Local
  • Bing
  • Pay Per Click
  • Facebook
  • Twitter
  • State of the Industry
You are here: Home / Google / The Google “Penalty” That is Actually From a Hacked Site

The Google “Penalty” That is Actually From a Hacked Site

January 19, 2016 at 6:50 am PST By Jennifer Slegg

  • Facebook
  • Twitter
  • Google+
  • Pinterest
  • LinkedIn
  • Email
  • WhatsApp
  • Evernote
  • SMS

google penalty hackedRecently, there has been an increase in the number of webmasters who are reporting that they have lost all Google referral traffic.  Normally, when one sees organic referrals from Google drop to zero, the natural assumption is that the site has a site-wide manual action applied.  Yet when looking in Google Search Console, there is nothing listed under manual actions.

Investigating Deeper

The plot thickens when looking deeper into Search Console – indexed pages seem normal.  There are no abnormal crawl errors or any other things that look odd or suspicious in the account.  In fact, everything points to “business as usual”.

When viewing the website, everything looks normal and even looking at the source code usually doesn’t reveal anything is awry, if anyone bothers to look that closely.  There are no signs of blocking Googlebot via robots.txt or with a noindex tag.  Google cache looks normal.

Even checking rankings in the live Google search results doesn’t reveal any problems.  The pages are still ranking normally, even in incognito mode. A site: query looks normal as well.

What is Really Going On

But if someone clicks through from an actual search result (which many people don’t), suddenly it all becomes apparent.  When clicking on a search result, the searcher is not sent to the page on the website they expect.

I have seen two types of redirects happening.  I have seen affiliate sites used as the destination, in a market somewhat along the same lines as the hacked site.  The other is being immediately redirected to a spam site tries to auto-install malware to the unsuspecting visitor.

It isn’t only Google that is being targeted.  I have seen it happen from multiple other search engines, too.  So if you have been deindexed and having problems finding a Google referral, check Bing or Yahoo.

Other Ways to Discover the Hack

The good news is that Google seems to be picking this up some of the time and showing alerts in Google Search Console.  And it sometimes pops up with a “This site may be hacked” alert in the search results.

But when Google sends an email to the users, they include a direct URL – meaning without a Google referral – so even if one clicks through from the email in search of the malicious code that Google claims is there, the webmaster won’t see any evidence of malicious code.  In fact, the only way to tell that something malicious is going on is by clicking from a Google referral or examining the .htaccess file – a file many webmasters are too scared to touch lest they mess it up.

Additionally, Google Safe Browsing Site Status often doesn’t pick up on it, at least not initially, also leading to the confusion that there isn’t any problems with hacking.

If you run AdWords campaigns, it is actually often the AdWords warning about malicious redirects that alerts webmasters to the problem first, prior to it showing up in Google Search Console.

Also complicating things is that sometimes along with the redirects, they are also adding new pages of spam content.  But again, if you type the URL directly, or sometimes only if you visit it while logged into WordPress, it will show a 404.  It is only visible when referring from a Google referral or to those not logged into WordPress.

Fixing the Malicious Redirect

The vast majority of the time, it is in the .htaccess file.  Clean up the file, and the redirects will stop.  It doesn’t seem there is a common denominator of entry point, but rather simply any exploit that allows access to the .htaccess cause cause it.

That said, if you don’t fix the exploit, it will likely happen again, or you will end up with a bunch of pages for Viagra and Uggs next time it happens.  So if you use WordPress, this means updating your WordPress, all plugins, your themes, etc.  And if you have something that hasn’t been updated for a while, it is worth doing a quick search and make sure that there isn’t an issue with a theme or plugin that the author has since abandoned.

Also check with your host.  If you give them the date you see on the server that the .htaccess was last updated, they might be able to tell you the point of entry that led to the site being compromised.

Yay for No Manual Action, But Boo for Being Hacked

In the grand scheme of things, I suspect many webmasters would prefer to clean up from a hacked site than deal with recovering from a manual action!

So if you see a sudden drop in your Google referrals, yes, it could mean you were hit with a manual action…. and more often than not, it probably is just that.  But if you aren’t seeing anything manual action related in your search account, your next step should be checking to see if your site has been hit by a sneaky hacker who is taking steps to ensure their hack sticks around as long as possible.  After all, how often does a webmaster visit their site without either using a bookmark or typing it in?

  • Facebook
  • Twitter
  • Google+
  • Pinterest
  • LinkedIn
  • Email
  • WhatsApp
  • Evernote
  • SMS
The following two tabs change content below.
  • Bio
  • Latest Posts
My Twitter profileMy Facebook profileMy Google+ profileMy LinkedIn profile

Jennifer Slegg

Founder & Editor at The SEM Post
Jennifer Slegg is a longtime speaker and expert in search engine marketing, working in the industry for almost 20 years. When she isn't sitting at her desk writing and working, she can be found grabbing a latte at her local Starbucks or planning her next trip to Disneyland. She regularly speaks at Pubcon, SMX, State of Search, Brighton SEO and more, and has been presenting at conferences for over a decade.
My Twitter profileMy Facebook profileMy Google+ profileMy LinkedIn profile

Latest posts by Jennifer Slegg (see all)

  • Google: Dividing One Page Into Multiple Pages Often Dilutes Value for SEO - April 24, 2018
  • Google: Do Not Link Hreflang to Redirecting URLs - April 17, 2018
  • Google Adds Manual Action for Google Job Postings Schema - April 17, 2018
  • Google: Order of H Tags & Search Rankings in Google - April 13, 2018
  • Google Adds “Mentioned on Wikipedia” Carousels in Search Results - April 11, 2018

Filed Under: Google, Security, SEO

Sign up for our newsletter


Founder & Editor

Jennifer Slegg (1968)

Sign up for our daily news recap & weekly newsletter.


Follow us online

  • Facebook
  • Google+
  • Linkedin
  • Pinterest
  • Twitter

Latest News

Google: Dividing One Page Into Multiple Pages Often Dilutes Value for SEO

Google has long advocated that having strong high quality pages is much better for Google search … [Read More...]

Recent Posts

  • Google: Dividing One Page Into Multiple Pages Often Dilutes Value for SEO
  • Google: Do Not Link Hreflang to Redirecting URLs
  • Google Adds Manual Action for Google Job Postings Schema
  • Google: Order of H Tags & Search Rankings in Google
  • Google Adds “Mentioned on Wikipedia” Carousels in Search Results
  • Google: Adding Content to Image Heavy Pages
  • Google: Avoid Non-Head HTML Tags in Head Section of Pages
  • Google Testing Double Product Listing Ads Carousels in Search Results
  • Google Testing Infinite Scroll in Mobile Search Results
  • Google: No Need to Include All Variations of Keywords

Categories

  • Affiliate Marketing
  • Amazon
  • Apple
  • Bing
  • Branding
  • Browsers
  • Chrome
  • Content Marketing
  • Design
  • Domains
  • DuckDuckGo
  • Email
  • Facebook
  • Firefox
  • Foursquare
  • Google
    • Analytics
    • Google RankBrain
    • Quality Rater's Guidelines
  • History of Search
  • Industry Spotlight
  • Instagram
  • Internet Explorer
  • Links
  • Local
  • Mobile
  • Native Advertising
  • Other Search Engines
  • Pay Per Click
  • Pinterest
  • Publishers
  • Security
  • SEO
  • Snapchat
  • Social Media
  • State of the Industry
  • The SEM Post
  • Tools
  • Twitter
  • Uncategorized
  • User Experience
  • Video Marketing
  • Week in Review
  • Whitepapers
  • Wordpress
  • Yahoo
  • Yelp
  • YouTube
April 2018
MTWTFSS
« Mar  
 1
2345678
9101112131415
16171819202122
23242526272829
30 

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Copyright © 2018 · News Pro Theme On Genesis Framework · WordPress · Log in