Welcome to the Q&A Forum

I think developers think too much about how their code impacts search results.  It's the visual content that is most important to google. As long as it can crawl it, you're generally in good shape with the code.

if you have a pharma hack should use Sucuri even if you have had your site cleaned up by Google Webmaster tools I would run it through the free site check at the link below. Then look at all the advantages to just $89 the year plus if you get hacked ever again during that year who is fixed 100% free. They're fast very good and will have your site running normally again. run your website through this free scanner and read below http://sitecheck.sucuri.net/scanner/ rather or not you are running a CMS like WordPress does not make much of a difference however in this tutorial or discussion regarding tarmac is focused on WordPress however all of these things would be happening to any website. http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html & http://blog.sucuri.net/tag/pharma I even have a live one right here for you I would not give you the actual URL but this is the cleanup URL http://sitecheck.sucuri.net/results/worldluxurynetwork.com Understanding and cleaning the Pharma hack on WordPress july 13, 2010 by david dede 52 comments In the last few weeks, the most common questions we’re receiving are related to the “Pharma” (or Blackhat SEO Spam) Hack on WordPress sites. This attack is very interesting because it is not visible to the normal user and the spam (generally about Viagra, Nexium, Cialis, etc) only shows up if the user agent is from Google’s crawler (googlebot). Also, the infection is a bit tricky to remove and if not done properly will keep reappearing. Because of this behavior, many sites have been compromised for months with those spam keywords and no one is noticing. A quick way to check if your site is compromised is by searching on Google for**“inurl:yoursite.com cheap viagra or cheap cialis”** or using our security scanner. For example, this is the result of our scanner against wpremix.com (which was infected at the time we were writing this post): [image: Picture+14.png] Pharma Hack – details The Pharma Hack has various moving parts: 1 – Backdoor that allows the attackers to insert files and modify the database. 2 – Backdoor inside one (or more) plugins to insert the spam. 3 – Backdoor inside the database used by the plugins. If you fix one of the three, but forget about the rest, you’ll most likely be reinfected and the spam will continue to be indexed. As always, we recommend that you update your WordPress instance to the latest version. This goes for all of your plugins, themes, etc. WordPress is typically very secure, it’s when you’re running old versions, and/or out of date plugins/themes that run into trouble. Keep your stuff up to date, and it will minimize the risk of infection significantly. 1 – Backdoor that gives remote access to the users This is the first step in the infection. Generally attackers do large scale scans and try to inject the backdoors into compromised sites. They do this by searching for vulnerable WordPress installations (older versions), vulnerable plugins, hosting companies with known security weaknesses, etc. When the backdoor is added, it is not immediately executed. Sometimes it stays for months without ever getting called. The common places for these backdoors are: wp-content/uploads/.*php (random PHP name file) wp-includes/images/smilies/icon_smile_old.php.xl wp-includes/wp-db-class.php wp-includes/images/wp-img.php Characteristically in the past, these files have had an “eval(base64_decode”, ultimately that’s what most people recommend searching for. However, on the pharma attack, the backdoor starts with: < ? php $XZKsyG=’as’;$RqoaUO=’e';$ygDOEJ=$XZKsyG.’s’.$RqoaUO.’r’.’t';$joEDdb =’b’.$XZKsyG.$RqoaUO.(64).’_’.’d’.$RqoaUO.’c’.’o’.’d’.$RqoaUO;@$ygDOEJ(@$j oEDdb(‘ZXZhbChiYXNlNjRfZGVjb2RlKCJhV1lvYVhOelpY… (long long string).. So, it still calls “eval(base64_decode”, but using variables making it harder to detect. In fact, none of the WordPress security plugins are able to find it. Our suggestion is to search for “php $[a-zA-Z]*=’as’;” also. After decoded, this is the content of the backdoor: http://sucuri.net/?page=tools&title=blacklist&detail=3ec33c4ab82d2db3e26871d5a11fb759 If you do an inspection of the code, you will see that it scans for wp-config.php, gets the database information, acts as a remote shell and retrieves a lot of information about the system. That’s the first thing you have to remove before you do anything else. 2 – Backdoor inside one of the plugins This is the second part of the attack. After successfully creating a backdoor into the system, a file will be created inside one of the existing plugins. Example: akismet/wp-akismet.php akismet/db-akismet.php wp-pagenavi/db-pagenavi.php wp-pagenavi/class-pagenavi.php podpress/ext-podpress.php tweetmeme/ext-tweetmeme.php excerpt-editor/db-editor.php akismet/.akismet.cache.php akismet/.akismet.bak.php tweetmeme/.tweetmem.old.php Note that they will infect one or more of your enabled plugins and use names like wp-[plugin].php, db-[plugin].php, ext-[plugin].php, or something similar. We do not recommend you rely only those samples for your search, but try looking for any plugin file with the “wp_class_support” string on it. $ grep -r “wp_class_support” ./wp-content/plugins If you are infected, you will see things like (full content of the file here ./wp-content/plugins/akismet/db-akismet.php:if(!defined(‘wp_class_support’)) { ./wp-content/plugins/akismet/db-akismet.php: define(‘wp_class_support’,true); Make sure to remove those files. To be 100% sure your plugins are clean, I would recommend removing all of them and adding from scratch (not possible for all sites, but this is probably the most secure way of doing it). 3 – Backdoor inside the database This is the last step, and equally important. This is where the spam itself is hidden. They have been using the wp_options table with these names in the “option_name”: wp-options -> class_generic_support wp-options -> widget_generic_support wp-options -> wp_check_hash wp-options -> rss_7988287cd8f4f531c6b94fbdbc4e1caf wp-options -> rss_d77ee8bfba87fa91cd91469a5ba5abea wp-options -> rss_552afe0001e673901a9f2caebdd3141d Some people have been seeing “fwp” and “ftp_credentials” being used as well, so check there too. These SQL queries should clean your database: delete from wp_options where option_name = ‘class_generic_support’; delete from wp_options where option_name = ‘widget_generic_support’; delete from wp_options where option_name = ‘fwp’; delete from wp_options where option_name = ‘wp_check_hash’; delete from wp_options where option_name = ‘ftp_credentials’; delete from wp_options where option_name = ‘rss_7988287cd8f4f531c6b94fbdbc4e1caf’; delete from wp_options where option_name = ‘rss_d77ee8bfba87fa91cd91469a5ba5abea’; delete from wp_options where option_name = ‘rss_552afe0001e673901a9f2caebdd3141d’; Conclusion Tricky stuff! The attackers are getting better and we have to learn how to protect our sites and our servers. If you need any help cleaning up the mess or you need a partner to help with your security needs, Sucuri is here to assist. Protect your interwebs! http://sucuri.net/ Malware Removal We love destroying malware, and we’ve been at it for a while! Our removal process uses our proprietary engine. It has been collecting malware definitions since 2004. Its history can be traced to early open source projects we released before becoming close source in 2008, and later formed into a company, Sucuri, in 2010. You can find information on the early incarnation of the engine by looking at Owl, version .1, and the Web Information Gathering System (WIGS). What does the Cleanup Process Consist Of? The cleanup process has been refined over the past few years. It’s very effective, but continues to evolve. The process is both manual and automated. The automated elements are quite restricted. Every cleanup is handled by a malware analyst whose responsibility it is to look through the results, identify anomalies and clean manually as required. The beauty of it is that the cleanup is included in every package for the no additional fees. Yes – cleanup is included in every plan! What do you Clean? As malware evolves, so will our service. Under the current cleanups we include remediation for the following: Obfuscated JavaScipt Injections Hidden & Malicious iFrames Embedded Trojans Phishing Attempts Cross Site Scripting (XSS) Malicious Redirects Backdoors (e.g., C99, R57, Webshells) Stupid, Pointless, Annoying Messages (SPAM) Defacement Anomalies SQL Injection IP Cloaking Social Engineering Attempts Drive-by-Downloads How do you Clean? In most instances our cleanups are conducted remotely, using preferably SFTP, but also HTTP and FTP. Because of the challenges with HTTP, specifically time-outs and other connection issues, we may request secure shell (SSH) access. Once we have access to your server we load tools that allow us to authenticate with the mothership. This connection allows us to traverse your server files and databases. How am I Notified? The internal ticket system uses the same notification options set in the alerting section. When a ticket is updated you are notified via email, you must log in to the system and update the ticket. It’s Not Automated? Unfortunately, no, not at this time. Here’s why: We require access to your server in order to perform the remediation process. We do not offer services as a ‘Password Manager’ so we do not create or reset existing passwords. After every cleanup the first change we ask you to make is to update every password you have (i.,e., administrator page, database, FTP, SFTP, SSH, etc.. ) We prefer to have a trained malware analyst working with each client. Sincerely, Thomas Picture+14.png

Carla, We have been using Sucuri for about 2 years now. I haven't tried it on a Magento site but imagine it would work just as well. I have had to submit probably 6 support tickets for malware removal in that time for various client sites and each time they have cleared it up within the hour. It is pretty great for peace of mind. The first time it happened we spent 3 days trying to figure out what was up and so Sucuri was just a no brainer at that point. All the best to you.

Thanks this is really helpful. What tweaked me on this was the weekly SEO Moz crawls of my campaigns that were reporting back "missing meta description" with a giant red "error" button.

I finally got the site ranked!. Thanks everyone

If stripping the sidebar would boost rankings then every smart person would be running a nudist site. Rankings aren't that simple.  That sidebar is a great place to offer visitors additional pages to visit and a great place to earn income from ads. I am not taking any of my sidebars off and my sidebars have more links that most people say are allowed.

According to Google - "We only show sitelinks for results when we think they'll be useful to the user. If the structure of your site doesn't allow our algorithms to find good sitelinks, or we don't think that the sitelinks for your site are relevant for the user's query, we won't show them." Hope this helps. Mike

Irving, Would all of our rankings be down because we have a majority of backlinks having exactly the same anchor text? Thanks

Can anybody provide insight from the timing in my search history graph?

Thank you, yes I would prefer to un hide it rather than remove it. I may have to rewrite the content and repost it back on the page. thank you that has helped me make a start on the home.

EGOL, Everett, Thank you both for your very useful suggestions.  Sounds like we should do something similar to our PDF documents to represent them as the actual/canonical content on the page.   And we'll look at our CMS to see how we might implement the unlinked page name in the breadcrumb.   We have done some work already in adding structured data with schemas (including aggregate ratings), so that is hopefully yielding some results already. However, after an encouraging traffic spike that seemed to indicate that we were on the right track, we saw a very worrisome dip last month.... which then led to a lot of worried hand wringing about Panda. So these suggestions are very helpful ; thanks again and we'll try them out!

PS: I found this today, which seems to be a pretty good rundown of the pros and cons of various pagination strategies: http://www.ayima.com/seo-knowledge/conquering-pagination-guide.html . Keep in mind that it doesn't take into account how limited Joomla is in this area.

Hello Tim, Assuming you are already using Search Engine Friendly (SEF) URLs, try this: http://www.pathfindertech.net/joomla-1-5-and-link-rel-canonical-seo/ I had a look at the http://callprobest.com site mentioned as an example in that post, including the www. version, and it seems to be functioning correctly. They use the same version of Joomla you're using. You may also need to use this SEF extension too if you haven't already: http://extensions.joomla.org/extensions/site-management/sef/10134 Good luck!

Yes it does.Thanks Chris!

Hi, Keri Margret I am agree with you that Harald's reply doesn't make too much sense or it doesnt give clear ideas about the main question "why my all images are not indexed in Google Webmaster Tools?" I have the same question as your. I have Submitted 21,442 Images for www.vistastores.com but only 11,762 are indexed!!! You can see it on below image. So Harald can you plz give exact &  clear answer to us K0NDuw5s.jpg

Not really. I have seen that when I optimize or change elements of a page that are big SEO elements (Title,Htag,Content) Google usually goes through a fluctuation but then returns or improves upon my position. That is of course unless you "de-optimized" your pages for that term. Like pulling it out of strong SEO positions. I would start to think about making changes if no improvements come after about 3-4 weeks depending on your crawl rate. You might also want to check on some of the link building you have done to the page. Some of those links you built may be devaluing your page. Make sure you have a healthy backlink profile going to that page.

I don't want to misrepresent what Mr. Cutts had to say on this subject as I don't yet understand all the nuances of the topic. Here is the link to Matt's comments: http://www.youtube.com/watch?feature=player_embedded&v=_MswMYk05tk Thanks for patiently entertaining my questioning.

Hi Keith, I think it really depends how much you want to invest in technology and how much controll you have over the dealer websites. Wish I had a better answer for you or more data to go on. There's been a test or two over the years that Google follows links through iFrames, but so little research has been done in this area it's almost impossible to give solid advice. Typically SEOs avoid any sort of iframe because it's really not the best way to code content on your own site, but this seems to be a different situation. If controlling the content is important, in my opinion I don't see a huge problem using frames, but it's something you'd want to keep your eye on. My gut tells me everything should be fine, but if Google suddenly sees 100's of new frames all pointing to the same content, this might start to look a little strange. I agree that the cross domain rel=canonical would be a nightmare in regards to keeping things consistent, and likely hard to implement. Another option would be to use something like XML feeds, but my guess is this might be more technical investment than is warranted.

Could you take a closer look. I've been looking closely and the site seems to be weak for many terms

Perfect sense thank you! I'll now research how to actually do this re-direct.