What do you do when your Google listings turn into Viagra spam?
It’s a Webmaster’s or IT Manager's worst nightmare come true.
You wake up to your phone ringing off the hook. Your client or company yelling at you to "Get the Viagra ads off the website!"
Overnight your site got hacked. The description in your Google listings now say you are selling “Viagra from a Licensed Canadian Pharmacist”.
This hack only effects your search engine listings – not the website. Anyone looking at your Google listings can see you’ve obviously been hacked and don’t want to click on a Viagra ad – paralyzing Internet communication.
“Google Conditional Hack” is the latest hack hitting websites hard.
What makes this hack unusually insidious is that although everyone can see the Viagra spam in the site’s Google listings – everyone can see it except the Webmaster or IT Department whose job it is to fix it because this hack simply cannot be seen by humans without special tools – and humans can't fix what they can't see!
The word “Viagra” may not even appear anywhere in the source code of the hacked site humans can see. The hacked coding can only be seen through the eyes of the GoogleBot, Google’s robot spider that crawls your site to rank and index it.
The only place you can see the result of the hack through the GoogleBot’s eyes is in Google Webmaster Tools. Establishing an account is a relatively simple procedure taking less than five minutes by copying and pasting code Google supplies onto your website. Google: Google Webmaster Tools
Go to the bottom of the main menu and click "Labs" then select "Fetch as Googlebot" – a recent addition to Google's website to help webmasters combat this problem. This is the only place you can see through the GoogleBot’s eyes to make the hacked code visible for humans to remove it.
But unless the Webmaster or IT Manager knows this trick… Good Luck!
They can look forever for the hacked Viagra spam coding and will never ever find it – the whole time everyone yelling at them to “Get the Viagra ads off the site!”
Five steps you must take when your Google listings turn into Viagra spam with a Google Conditional Hack
Speed of recovery is key as the loss of anyone’s website is an emergency. Knowing the steps to recover from this hack and the time involved to execute each step is crucial to keep your website’s downtime to a minimum.
When this hack recently hit the website of the city government in the hill’s above Google’s Silicon Valley headquarters where many top Google executive’s live it paralyzed city government Internet communications for two weeks when the city’s Google listings turned into Viagra ads people don’t click on.
Google has added new features to Google’s Webmaster Tools to help Webmasters combat this problem that’s rising sharply. These include the “Fetch as GoogleBot” tool, the URL removal tool which is now reversible so you can remove and reinstate a URL that has been corrupted, and the “Cache Removal” tool for the homepage which is the most common page to be hacked.
Nathan Johns, Search Quality Analyst at Google says hacks are no fun. “Hacks vary in all shapes and sizes. Sometimes they cloak to Googlebot, sometimes they don't.” But they all follow a basic theme. “Your site gets hacked, the hacker cloaks content to a search engine (in this case Google) and shows different content to the user, generally making money through affiliate ads or clicks. Many parts of this formula can be executed differently, but that's the general idea.”
Unfortunately, it’s a sad fact of life most websites don’t discover their true vulnerability until after they’ve actually already been hacked. Then it’s a matter of fast recovery.
Be prepared to explain to nontechnical people “Well if this is a 'Google Conditional Hack' that only effects Google listings, is Google going to fix it?” No, the hack is on the site – not Google. It's that only the GoogleBot can see the hacked Viagra spam coding.
Google provides invaluable tools and advice to help recover at Google Webmaster Tools and in the Google Webmaster Help Forums where you can get answers to tough questions within a couple hours. Google: Google Webmaster Help Forums
1. Quarantine Your Site and Secure the Host
This is the single most important and responsible first thing to do so no one else gets hurts. If hackers could change your site, they could also be changing information on your site – or worse, installing malware on your visitors.
Google's John Mueller says, “The easiest way to do this – while still allowing you to diagnose this issue – is to just point your DNS entry to a different server (which could show an "under maintenance" banner, for instance). If you need to provide some information, you could put a collection of FAQs on that banner page.” Keep them simple HTML pages.
Contact your web hoster. If hackers hit your site, they could potential hit others on the host. Change the passwords for all users and all accounts. Make sure the computer you do this on is hack free and not capturing new passwords.
Don't be confused if Google Webmaster Tools reports “No Malware Detected” with this hack. Unless actual trojan horses or spyware are detected being downloaded, this hack will not normally trigger “Malware Detected” displayed under “Diagnostics” in Google Webmaster Tools.
2. Remove the Hacked Pages from Google's Index
Under “Optimization” in Google Webmaster Tools, select “Remove URL.” Before doing anything be sure to read the link on this page that reads “Removal Requirements.”
You will need to first make sure the page is no longer live on the web, returning either a 404 not found, or 401 status. You must also keep spiders off the page with either a robots.txt file or meta noindex.tag – coding Google will generate and provide you with the links on this same “Crawler Access” page.
Its very important to know this tool is now reversible, so when the site is cleaned up you can return the URL to Google's index. As this is a relatively new feature in Google Webmaster Tools untested by most Webmasters – which formerly wouldn't return the URL within three months – know you can click this with confidence and later bring the URL back within 24-36 hours.
John Mueller of Google assures, “I just wanted to confirm that using the URL removal tool generally does not have lasting, negative effects when you cancel a removal. It may take a day or so for things to come back, but apart from that it would be fine.”
After the site is no longer live and spiders can't crawl it, click “New URL Removal Request” and complete the request on the “Crawler Access” page. This will get the hacked Viagra ad out of the public's eye within 12-24 hours. Understand it will then take another 24-36 hours to get the cleaned URL back up on Google once this removal request is reversed.
3. Assess the Damage
One version of this hack that makes this extremely time consuming to assess the scope of the damage is you only have the small keyhole of the “Fetch as GoogleBot” tool to even be able to see the hacked coding. Then scripts appear to be activated upon viewing which cause it to morph onto other pages causing them to appear hacked at one time – then OK – then hacked with Viagra spam again.
“The hack is flighty, slippery, hard to pin down!” Says Google Webmaster Help Forum Webado after studying it closely. Read the postings and establish a dialog with Google there to help make sense out of an incredibly sophisticated hack that's even hitting cyber security sites hard.
4. Clean up the Hack
Review your content, remove any suspicious code or pages that were added. Backups of your content is invaluable at this point in terms of speed of recovery. “Consider deleting your content entirely and replacing it with your last known good backup (once you've checked to make sure it's clean and free of hacked content)” Google says.
Use the “Fetch as GoogleBot” tool to be certain the site is now clean.
5. Reverse the URL Removal Request
Go back to the “Remove URL” tab of Google Webmaster Tools and reverse the removal request to reinstate the listing in Google's Index – which will normally take 24-36 hours.
Probably these Viagra spammers end up in one of those Buddhist Hell Realms where everyone's genitals are too big or too small and they remain eternally unsatisfied. Meanwhile, the rest of us who have to deal with the consequences of their immaturity need to know how to recover quickly when a Google Conditional Hack turns your Google listings into Viagra spam no one clicks on – paralyzing Internet communication.