What do you do when your Google listings turn into Viagra spam?
It’s a Webmaster’s or IT Manager's worst nightmare come true.
You wake up to your phone ringing off the hook. Your client or company yelling at you to "Get the Viagra ads off the website!"
Overnight your site got hacked. The description in your Google listings now say you are selling “Viagra from a Licensed Canadian Pharmacist”.
This hack only effects your search engine listings – not the website. Anyone looking at your Google listings can see you’ve obviously been hacked and don’t want to click on a Viagra ad – paralyzing Internet communication.
“Google Conditional Pharma Hack” is the latest hack hitting websites hard.
What makes this hack unusually insidious is that although everyone can see the Viagra spam in the site’s Google listings – everyone can see it except the Webmaster or IT Department whose job it is to fix it because this hack simply cannot be seen by humans without special tools – and humans can't fix what they can't see!
The word “Viagra” or "Cialis" may not even appear anywhere in the source code of the hacked site humans can see. The hacked coding can only be seen through the eyes of the GoogleBot, Google’s robot spider that crawls your site to rank and index it.
One place you can see the Viagra Pharma hack through the GoogleBot’s eyes is in Google Console.
In the current Google Console go to the left main menu and click “Inspect Url”. Note the overhead fields says “Inspect any URL on http://yourdomain.com” and fill in the field with the specific URL you want to inspect and hit return. Under “URL is Available on Google” click “View Tested Page” to see the code as GoogleBot sees it.
But unless the Webmaster or IT Manager knows this trick… Good Luck!
They can look forever for the hacked Viagra or Cialis spam coding and will never ever find it – the whole time everyone yelling at them to “Get the Viagra ads off the site!”
Five steps you must take when your Google listings turn into Viagra spam with a Google Viagra Pharma Hack
Speed of recovery is key as the loss of anyone’s website is an emergency. Knowing the steps to recover from this hack and the time involved to execute each step is crucial to keep your website’s downtime to a minimum.
When this hack recently hit the website of the city government in the hill’s above Google’s Silicon Valley headquarters where many top Google executive’s live it paralyzed city government Internet communications for two weeks when the city’s Google listings turned into Viagra ads people don’t click on.
Nathan Johns, Search Quality Analyst at Google says hacks are no fun. “Hacks vary in all shapes and sizes. Sometimes they cloak to Googlebot, sometimes they don't.” But they all follow a basic theme. “Your site gets hacked, the hacker cloaks content to a search engine (in this case Google) and shows different content to the user, generally making money through affiliate ads or clicks. Many parts of this formula can be executed differently, but that's the general idea.”
Unfortunately, it’s a sad fact of life most websites don’t discover their true vulnerability until after they’ve actually already been hacked. Then it’s a matter of fast recovery.
Be prepared to explain to nontechnical people “Well if this is a 'Google Conditional Hack' that only effects Google listings, is Google going to fix it?” No, the hack is on the site – not Google. It's that only the GoogleBot can see the hacked Viagra spam coding.
Google provides invaluable tools and advice to help recover at Google Console and in the Google Webmaster Help Forums where you can get answers to tough questions within a couple hours. Google: Google Webmaster Help Forums
1. Quarantine Your Site and Secure the Host
This is the single most important and responsible first thing to do so no one else gets hurts. If hackers could change your site, they could also be changing information on your site – or worse, installing malware on your visitors.
Google's John Mueller says, “The easiest way to do this – while still allowing you to diagnose this issue – is to just point your DNS entry to a different server (which could show an "under maintenance" banner, for instance). If you need to provide some information, you could put a collection of FAQs on that banner page.” Keep them simple HTML pages.
Contact your web hoster. If hackers hit your site, they could potential hit others on the host. Change the passwords for all users and all accounts. Make sure the computer you do this on is hack free and not capturing new passwords.
Don't be confused if Google Console reports “No Malware Detected” with this hack. Unless actual trojan horses or spyware are detected being downloaded, this hack will not normally trigger “Malware Detected” displayed under “Diagnostics” in Google Webmaster Tools.
John Mueller of Google assures, “I just wanted to confirm that using the URL removal tool generally does not have lasting, negative effects when you cancel a removal. It may take a day or so for things to come back, but apart from that it would be fine.”
After the site is no longer live and spiders can't crawl it, click “New URL Removal Request” and complete the request on the “Crawler Access” page. This will get the hacked Viagra ad out of the public's eye within 12-24 hours. Understand it will then take another 24-36 hours to get the cleaned URL back up on Google once this removal request is reversed.
3. Assess the Damage
One version of this hack that makes this extremely time consuming to assess the scope of the damage is you only have the small keyhole of the “Fetch as GoogleBot” tool to even be able to see the hacked coding. Then scripts appear to be activated upon viewing which cause it to morph onto other pages causing them to appear hacked at one time – then OK – then hacked with Viagra spam again.
“The hack is flighty, slippery, hard to pin down!” Says Google Webmaster Help Forum Webado after studying it closely. Read the postings and establish a dialog with Google there to help make sense out of an incredibly sophisticated hack that's even hitting cyber security sites hard.
4. Clean up the Hack
Review your content, remove any suspicious code or pages that were added. Backups of your content is invaluable at this point in terms of speed of recovery. “Consider deleting your content entirely and replacing it with your last known good backup (once you've checked to make sure it's clean and free of hacked content)” Google says.
Use the “Fetch as GoogleBot” tool to be certain the site is now clean.
5. Reverse the URL Removal Request
Go back to the “Remove URL” tab of Google Webmaster Tools and reverse the removal request to reinstate the listing in Google's Index – which will normally take 24-36 hours.
Probably these Viagra spammers end up in one of those Buddhist Hell Realms where everyone's genitals are too big or too small and they remain eternally unsatisfied. Meanwhile, the rest of us who have to deal with the consequences of their immaturity need to know how to recover quickly when a Google Conditional Hack turns your Google listings into Viagra spam no one clicks on – paralyzing Internet communication.