Tale Of A Compromised Server

I received an email the other day from someone who needed help. Now, this happens on a daily basis in regards to sites we see that aren’t ranking well (“they could sure use our help”) but every now and then I see something I just have to get my hands into.

The issue started when the gentleman received an email from Google. The email informed him that he had malware on his site and that he was potentially infecting his visitors. This not-coincidentally matched pretty well to the timing of his site losing all it’s PageRank and rankings. He wasn’t sure what to do and then I got an email.

The gentleman forwarded me the email (I’ll be honest – I didn’t even know Google sent those). It included the page in question and a method for requesting reconsideration (basically, go into webmaster tools an request re-inclusion).

So why do I mention all this? Well, I’ve personally never seen it and I assume many of you are in a similar situation. I’m helping this gentleman free of charge in exchange to the right to document it (without names) here on our blog.

As of today I have scanned through the site, removed all the offending code (it was on a LOT more than one page), uploaded the clean files and submitted the re-inclusion request. I’ll be monitoring the site carefully and documenting the changes.

As it stands today, the site has all it’s pages still in the index (site:www.domain.com) and a search for a phrase from a page that wasn’t affected produces the domain as a result. A search for a phrase from the affected pages does include the affected page however it appears VERY low in the results of hat once was a strong site.

I’ll post updates in the blog as the development progresses. I’m personally very interested in tracking the timelines involved with this type of re-inclusion request.

Comments are closed.