jbQ Media

Web Design, SEO Services and Media Production | Yonkers | Westchester | NY

(917) 861-1242
  • Home
  • About
    • Why Us
    • Jon Burr | Site Designer
    • Our Rates
    • Contact
    • Our Location
    • News via Twitter
  • Our Services
  • Photography
  • Articles
  • Reviews
  • Website Portfolio Gallery
You are here: Home / Services / Consulting / How to Remove Hacked URLs from the Google Index

How to Remove Hacked URLs from the Google Index

May 20, 2015 By Jon Burr

Cleaning up a hacked website

Some forms of hacking create spam URLs appearing to originate from your domain.

You might get an alert from Google Webmaster Tools, or begin to notice a warning on your Search Engine Results Pages (SERP) “this site may be hacked.”

If you search your site in Google using the syntax:

site:yourdomain.com

you’ll get SERPs showing up to a thousand URLS purportedly originating from your site. If you’re seeing URLs you didn’t create, you’ve been hacked. They might be surprisingly filthy and diverse, containing terms like “cialis,” “dr_oz.” or much worse. (Not that these shown below are necessarily bad… they’re just not ones we created!)

Bad Results in a Search Engine Results Page

Time to clean up.

First, you need to restore your site to its last known clean version. It might be possible to determine the date of infection by looking at data in Webmaster Tools or Google Analytics, such as a big spike in traffic, or a spike in the number of URLs indexed for your site, on a certain date.

If you’re keeping regular backups of your site, restoring from a date prior to the infection is a good place to start.

Some hacks can elude the detection of known scanning applications or sites. It can be difficult to identify the source or nature of the infection.

One way to find out if you’ve got a detectable invasion is Google’s safe browsing tool. Other resources include Sucuri (checks for ddos blacklisting, hacking and malware) and IsItHacked.com . A recent cleanup job we confronted passed all these tests, but was infected nonetheless, showing over 500 ugly URLS in the Google index. Php injections are insidious and can be hard to find.

Some forms of attack involve the creation of files in an unguarded directory on your site, or the injection of obfuscated php code into your site core files, or into a vulnerable plugin.

It’s a good idea to seek the service of a reputable cleanup person. We’ve used the service offered by hackrepair.com. The service was reasonably priced, efficient and fast, with great reporting after the fact. And we like the guy, too!

Removing Hacked URLs from the Google Index

One thing the restoration service doesn’t do is remove bad urls from the Google Index. Given that these toxic URLs will still be there after cleaning up your site itself (Google lets go of them eventually without having to remove them, we’re told), your site can still be found for all the hideous terms you’ve been inadvertently indexed for. Actively searching out these urls and removing them can accelerate the removal of a Google “Manual Penalty” – that is, get rid of Google’s alert in the SERPs. It’s good for your site, and helps Google restore your correct status and indexing.

They have to be removed one at a time, manually, however. It’s not possible (at present) to upload a csv list of URLs to remove. It’s also not obvious or easy to develop a list of the toxic URLs to begin with, even as you can see page after page of them in the SERPs.

1.Develop your list of URLs

Chris Ainsworth at Highposition.com tells us how to assemble a list of your site’s URLs.

Use Chrome.

Add the extension ginfinity

Go to Google search page.

Use the settings icon to change Search Settings to “Never Show Instant Results”

Set results per page to 100

Add the Highposition URL scraper bookmarklet to your toolbar – click me, scroll halfway down, and drag the bookmarklet to your toolbar

Perform your search: site:yoursite.com

Click the bookmarklet

Copy the URL only section from the page of url results and paste it into a text editor

Delete the desired urls, and keep the urls you want to remove.

A nice clean list of URLs is a great starting point for your removal requests.

In the last case I dealt with, according to Webmaster tools, there was a spike from around 200 indexed URLs to over 1500. At this writing, so far only about 800 have surfaced into our various harvesting methods, and more are still showing up, even though we got our notice that Google lifted its manual penalty.

Even under the best conditions, it might take a day or more for more URLs to surface into the SERPs – kind of like toxic gases rising from mud at the bottom of a lake. You’ve got to keep after it for awhile. They surface at the rate of 3-50 per day. It could take awhile to get them all.

2. Use a Macro to post the removal requests

As mentioned above, the removal requests need to be entered one at a time, but it’s possible to automate that process with a macro tool like Quick Keys, Keyboard Maestro, or any number of other macro recording tools.

Google Index URL Removal Tool MacroA Macro app that can switch applications, replicate keystrokes and mouse clicks can be programmed to perform the repetitive tasks involved in entering a long list of urls into the Google URL Removal request tool. After developing the macro script (which can take a little while), the entry itself can be done at the rate of about one every 2 seconds.

If you need this done, but don’t care to undertake all of this yourself, this is a service we offer. We can do it for you. We’ll charge 50¢/URL, with a minimum order of 100.

Related Posts:

  • Why SEO is Better than Paid Google Ads Search engine optimization (SEO) and paid Google ads (PPC) are…
  • Creating a Glossary for a WordPress Site with ChatGPT AI We created a custom glossary for a WordPress music arranging…
  • Converting WordPress Widgets for use in the Block Editor Learn how to convert old html widgets to a Block…
  • How to Change the Styling of a Column in the WordPress Block… To add or change the background color of a column…

Filed Under: Consulting, Security, SEO, Useful Tools Tagged With: hacked, Spam, url injection

Site Search

Our Services

  • WordPress
  • SEO
  • Strategy
  • Consulting
  • Website Design
  • Useful Tools
  • Tutorials
  • Editorial

Contact us now! :)

Why delay? Initial consultation is on the house!

call (917) 861-1242

    Your First Name (required)

    Your Last Name (required)

    Your Email (required)

    (please double-check it!)

    Subject

    Contact from jbQ Media Website

    Your Message

    *required


    Subscribe me your mailing list

    Human?*

    • Production
    • WordPress Sites
    • Strategy
    • SEO
    • Websites
    • Editorial
    • Contact
    • Terms of Service
    • Cookie policy

    © 2014 jbQ Media

    Google+
    Manage Cookie Consent
    We use cookies to optimize our website and our service.
    Functional cookies Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    Manage options Manage services Manage vendors Read more about these purposes
    View preferences
    {title} {title} {title}