server/site/malware/tech help needed

[mdubya]

Hired an SEO/SEM company to build a new site for our small company and to do our SEO/SEM work for us. We rely on SEM and Email marketing for new business.

When they launched the new site, our traffic numbers plummeted. Google flagged our site. Years of SEO work down the tubes.

Of course we weren't happy and let them know. We gave them a few months to fix things. They didn't.

We fired them. Shortly after, we have been hit with Google warnings of a Malware infected site, first with Google putting up warnings to any traffic, and next with Google alerting our hosting company, resulting in our site being disabled.

It is possible that our previous SEO Co. sabotaged our site?

Clues? Advice?

For now, we are following Google's instructions. It has ruined our day and interrupted a big promotion.

 

[0x00]

Did they flag you for spam or infecting your site visitors because it got compromised?

 

[Rich]

It is possible that our previous SEO Co. sabotaged our site?

Clues? Advice?

For now, we are following Google's instructions. It has ruined our day and interrupted a big promotion.

Possibly, but not necessarily them. My site was hacked a few years ago several times within a month - even after repeatedly changing my password - when at my old hosting service and whoever did it inserted malicious javascript in every single file on my site. Google flagged it, I went through their procedures like you are - scrubbed all of my code and got a new hosting service. In my case, it looked like whoever did it used FrontPage extensions and somehow got in that way.

 

[a Mad Cow]

Hired an SEO/SEM company to build a new site for our small company and to do our SEO/SEM work for us. We rely on SEM and Email marketing for new business.

When they launched the new site, our traffic numbers plummeted. Google flagged our site. Years of SEO work down the tubes.

Of course we weren't happy and let them know. We gave them a few months to fix things. They didn't.

We fired them. Shortly after, we have been hit with Google warnings of a Malware infected site, first with Google putting up warnings to any traffic, and next with Google alerting our hosting company, resulting in our site being disabled.

It is possible that our previous SEO Co. sabotaged our site?

Clues? Advice?

For now, we are following Google's instructions. It has ruined our day and interrupted a big promotion.

The two instances are most likely unrelated. What you most likely encountered was a SQL injection (see last part of post)

That being said, sorry to hear about your SEO. I've been holding rank 1 organic on Google here at our company for 2 years now, with highly competitive keyword, and I fear falling off to #2. I have bad dreams about it!

Can only imagine what you're going through..

Anyways, if you're using mysql make sure you have no open queries for people to inject into. Use realescapestring in PHP to close the security gap or people can easily stuff files into your database by running commands through the URL when you go to access the GET variable. This goes for all queries, SELECT and INSERT/UPDATE alike, so don't think select statements are safe. They can also pull information or update information inside of your database on top of stuffing new things in, like files.

 

[mdubya]

Did they flag you for spam or infecting your site visitors because it got compromised?

The SEO rankings dropped due to Google Panda, according to the SEO Co we had hired. That has been affecting us since Aug 2011. It nearly put us out of business, but we have been scrapping and working the hell out of our email list. That is the only thing that has kept us going.

The recent trouble is the Malicious Content warning and now deactivation by our hosting company.

Here is part of the message:

Your account was reported to us by Google for malicious content and has been deactivated.

We ran a search on your account for the content that was reported and found files that contained malicious code. We created a text file that lists the files that we found the malicious code in and put it in your home directory; The file is called malware.txt. This file is not actually infected, it is an actual list of the problem files on your account based on Google's report. Please keep in mind that we cannot guarantee that this is a complete list of every possible issue that your account has, it is a list of what we found based on Google's report.

 

[mdubya]

I am not sure which software we are using. I am not the tech guy. I am the sales guy. I understand much of this on a layman's level, but I am not a programmer or coder writer.

We are scrubbing the infected code.

 

[mdubya]

Thanks for the replies.

 

[a Mad Cow]

removing the infected areas doesn't do anything, you will just be breached again. Ask your guys about MySQL and make sure there's no open areas for injections.

I highly doubt they were able to access your file system directly.

 

[mdubya]

removing the infected areas doesn't do anything, you will just be breached again. Ask your guys about MySQL and make sure there's no open areas for injections.

I highly doubt they were able to access your file system directly.

Thanks. My biz partner is pretty confident in what the tech guys are doing, but I will ask.