hacked site cleanup

[mat777]

I had a wordpress blog within a domain and I had an SQL injection type attack that created 100's of pages containing spam links.

I deleted it all and sent in a reconsideration request to google afterwards, my rankings come up a lot better afterwards.

I still have these pages and links to these pages showing up in webmasters. I want to set up my .htaccess to tell google spiders that these pages arent mine/block them/remove them from all sight - basically so my webmasters info looks normal and doesnt have bizarre anchors showing up in my most linked content etc,

I know how to redirect but i dont want to redirect. All these links of strange anchor text like child printable drawings etc, i dont want these strange inbound links. I want to set it up as page permanently deleted or something.

Please can you advise how to mop this up, I dont want to redirect the links anywhere, I just want to basically block them. I suppose I could also include a list of theses yaw352.html pages in robots.txt too. Perhaps that would help. Thanks for any advice.

 

[Hav3n]

give it a bit... those pages (if deleted) will go away from webmasters.

I wouldn't 301 them or do anything with them besides delete them and put up a GOOD SITEMAP of your real site.

 

[mat777]

Thanks for the advice. It has already been a couple months and I did already submit a sitemap again. The pages themselves have dissapeared form webmasters, the problem im having is that 1000's of links from this spam network are pointing to these deleted pages. Makes my webmasters area look a mess. Maybe there is nothing I can do.

I did already highlight this to google so I dont think its causing me problems in ranking, just looks messy. I have a list of the pages that were created, should I add these to dissalow in robots.txt?

 

[coffeebean]

Try returning 410 Gone status for those pages.

HTTP Error 410: Gone [dive into mark]

I had the same issue once and it was tricky to set up the rules in htaccess due to all the spam URLs created by the hack. I ended up going the opposite route and creating rules to only allow URLs my site created ( fortunately there weren't a lot) and returning 410 for everything else. Spiders still crawl links to the spam/hack URLs but my rankings for the site recovered and held steady.

 

[mat777]

thanks my good man, thats exactly the sort of thing I had in mind. I've just added over 150 extra lines to htaccess,
eg.
Redirect gone /yaw-0250.htm

hopefully that should do the trick.

 

[ShalaMedia]

had an issue with a site and used this (View HTTP Request and Response Header) to see any hidden / malicious code. Getting hacked is not cool but learn from it

 

[C.Rebecca]

You have to delete those links manually using Google removal tool. With this all the links from your website and index will be removed.
https://www.google.com/webmasters/tools/removals?pli=1

Furthermore... you may stop crawlers of other SEs by adding these URLs in robots.txt

Also make sure... you have removed the urls from your sitemap

 

[juntao65]

Not to thread jack and this is related, what's a good way to avoid this from happening again in a wordpress blog?

 

[-Matt-]

Not to thread jack and this is related, what's a good way to avoid this from happening again in a wordpress blog?

Do your best to keep WP updated, as well as all your plugins. Toss plugins that aren't being kept up with by the developers.

There are some tips for "hardening" wordpress in the codex as well:
Hardening WordPress « WordPress Codex

You can also use the "SQL Inject Me" addon for FireFox to test your own site.
https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/