Lately it has been a crisis management period at WebPro with 2 of our major sites being hacked. I guess we have to accept and live with the evils in the world along with the blessings bestowed upon us. This also truly applies to the virtual web world.
I would like to share the nature of the attack on these websites to help you be prepared with what should be the course of action in case (God forbid) your website faces the same misfortune.
Both the websites nearly faced the same brunt (Lets call them site A and site B) but the problem was detected by us at different stages.
The hacking attack involved the altering of the HTML code of the home page and number of links added which created backlinks from all unwanted spammy horrendous sites for site A and for site B the same task was achieved by the hacker by uploading 2 files one HTML file and one PHP file on the server without any alteration on any of the web pages.
We have a practice of keeping a track of each and every site regularly . Hence, Site A alteration in the code was detected immediately and the necessary action was taken. The indexing and the rankings got affected but got immediately restored before the indexing, caching and webmaster tools (WMT) report was affected for that site.
For site B two files were uploaded as mentioned above. One was an HTML file which had a list of 500+ links with a very weird file name and the other was a .PHP file which had the script to create the horrendous and spammy backlinks. This was detected by us only when we saw the links showing in the WMT and the analytics not showing any targeted traffic as all the site was not ranking for any of the keywords. All this happened in a matter of 4-5 days.
The action taken was as follows:
• Both the files .htm and .php were deleted
• The FTP username and password was changed
• The request for removal from search and cache of Google for each of the 500 – 600 URLs was given individually in WMT
Luckily the domain was not banned by Google as I said it was detected early and the voluntary removal of such content gave an indication of not having this intentionally on the domain for cheap PageRank improvement purposes.
The URLs were removed by Google in a matter of 2 days. But it took 10 – 12 days to get back the rankings and I am actually surprised at the fact that the rankings in fact are better and the keywords which had page 2 and 3 rankings are now on page 1.
The WMT tools data has not been fully updated yet but I guess it’s a matter of time.
Though the SEO is not responsible for the loss of SERPs in such a case but I think SEOs should be equipped with this knowledge also to help the client in every possible way to come out of such a crisis keeping the client’s interest in mind. After all the best way to avoid evil is to know it.
Whether the help is rendered on a chargeable basis or offered free depends entirely on the company policies. But, I think it should surely be one of the points mentioned in the SEO contract.
Last but not the least, it was truly a good learning experience – not that I am hoping for more.