URL Spoof Issue in Search Results
-
Hello!
We could use some assistance diagnosing an issue. In order to avoid asking a convoluted question, I will try to break it down below:
1. A random foreign site is hacked and a subdirectory is added that is completely irrelevant to the root.
a). i.e. http://www.um.org/prom_dresses/
2. http://www.um.org/prom_dresses/ is just a phishing prom dress page
3. When you search "prom dress shop", the website that used to rank first (for good reason) was www.promdressshop.com.
4. www.promdressshop.com's home page has now been replaced by: um.org/prom_dresses/ – who is using prom dress shop's title tag and meta description.
How is it possible that this hacked page (on um.org) is not only ranking above us, but is also starting to replace www.promdressshop.com's pages in search results. We do not believe www.promdressshop.com has been hacked but are open to any ideas.
Please let me know if you would like any additional info. Thanks in advance!
-
Did you check page source codes of promdressshop.com ? When i check (ctrl+u) I see there is a large code structure. Usually this is not normal. This encrypted code and It may be embedded malicious code.
And search engines can be described this code as harmful.
-
Ok, so, my view on this.
In response to livecam's comment, __VIEWSTATE (the code he was refering too) is a base64 encoded form field used in ASP.net to hold data. Its probably not malicous in this instance. see this: http://stackoverflow.com/questions/1350216/what-does-the-viewstate-hold
For me, when i search "prom dress shop" in an incognito chrome window, i dont see either entry on the front page of google, though i expect this is because im searching from the UK.
Reviewing the pages specifically, i can make a couple of suggestions.
- Check your web.conf file, your main domain may have been hacked and this adjusted to send only search engine to um.org (to hide the hack)
- it may be that um.org has used Black Hat SEO technique's to massivly raise its profile, this will be short term as google will slap them with loads of penalties pretty quickly.
- Check your web server specifically for viruses etc. Being an ASP.net site, you'll be hosted on a windows server, running IIS. It will be just as prone to viruses as your windows PC at home (without the proper protection).
If you would like a hand to check your site code specifically, drop me a PM and we can see what we can do. Otherwise, if you have in house developers, they should be able to take a look.
-
Thank you for the response! We have considered some of these angles but it has been tough to pinpoint the issue. It looks like our spam report took care of it for now but we will keep you guys updated. This is also happening to some competitors so we are all leaning toward this being a serious case of black hat SEO.
Thanks again!
-
Thank you for your response! We have combed through the code and server activity and there has been nothing changed recently (that we have noticed thus far). However, we will definitely keep you updated.
Thanks!
-
03117
-
0468
-
03186
-
02183
-
09984
-
0371
-
0492
-
02394