Our webpage shows a bunch of links when viewed as Google Cache Pages.
When we see the view source of the webpage it does not do the same
thing. I am wondering if there is a virus or some sort of applicaiton
that is doing this.
We had this problem on another website and we overwrote the default
page on the web site and it Cache is fixed on one site.
We are really hurting on this problem as our site is pushed back to
bottom on search engines day by day.
dave_programmer wrote:
> Our webpage shows a bunch of links when viewed as Google Cache Pages.
> When we see the view source of the webpage it does not do the same
> thing. I am wondering if there is a virus or some sort of applicaiton
> that is doing this.
> We had this problem on another website and we overwrote the default
> page on the web site and it Cache is fixed on one site.
> We are really hurting on this problem as our site is pushed back to
> bottom on search engines day by day.
Probably a cloaking hack that only displays those links to Google when
they come by to view it. Try switching your useragent to Googlebot in
firefox and see what it looks like.
> Our webpage shows a bunch of links when viewed as Google Cache Pages.
> When we see the view source of the webpage it does not do the same
> thing. I am wondering if there is a virus or some sort of applicaiton
> that is doing this.
> We had this problem on another website and we overwrote the default
> page on the web site and it Cache is fixed on one site.
> We are really hurting on this problem as our site is pushed back to
> bottom on search engines day by day.
> Probably a cloaking hack that only displays those links to Google when
> they come by to view it. Try switching your useragent to Googlebot in
> firefox and see what it looks like.
> > Our webpage shows a bunch of links when viewed as Google Cache Pages.
> > When we see the view source of the webpage it does not do the same
> > thing. I am wondering if there is a virus or some sort of applicaiton
> > that is doing this.
> > We had this problem on another website and we overwrote the default
> > page on the web site and it Cache is fixed on one site.
> > We are really hurting on this problem as our site is pushed back to
> > bottom on search engines day by day.
First thing I'd do is get the host involved immediately as there is a
hole in your security somewhere, and if there are multiple sites on
the server they also may be in jeopardy. They may also be able to
pinpoint the incursion through their own experience.
On your end I'd look at the files and folders on the site through
FTP. Look for new folders or files that you didn't put there. Look
for change dates that don't jive with when you last accessed the
file(s). If it's an apache server look particularly at the .htacess
file and see if there is anything in there that you didn't put there.
After you've cleaned up the hack, and have it secured with the host,
I'd file a reconsideration request detailing the saga, as your
rankings may have been hurt due to the activity on the site.
> Whats the solution for the problem. Its showing up for useragents.
> Where is the code located.
> Thanks,
> Ephraim
> On Mar 12, 10:19 am, JLH wrote:
> > Probably a cloaking hack that only displays those links to Google when
> > they come by to view it. Try switching your useragent to Googlebot in
> > firefox and see what it looks like.
> > > Our webpage shows a bunch of links when viewed as Google Cache Pages.
> > > When we see the view source of the webpage it does not do the same
> > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > that is doing this.
> > > We had this problem on another website and we overwrote the default
> > > page on the web site and it Cache is fixed on one site.
> > > We are really hurting on this problem as our site is pushed back to
> > > bottom on search engines day by day.
> First thing I'd do is get the host involved immediately as there is a
> hole in your security somewhere, and if there are multiple sites on
> the server they also may be in jeopardy. They may also be able to
> pinpoint the incursion through their own experience.
> On your end I'd look at the files and folders on the site through
> FTP. Look for new folders or files that you didn't put there. Look
> for change dates that don't jive with when you last accessed the
> file(s). If it's an apache server look particularly at the .htacess
> file and see if there is anything in there that you didn't put there.
> After you've cleaned up the hack, and have it secured with the host,
> I'd file a reconsideration request detailing the saga, as your
> rankings may have been hurt due to the activity on the site.
> On Mar 12, 12:36 pm, dave_programmer wrote:
> > First of all, Thanks JLH. You are awesome.
> > I still have the problem.
> > Whats the solution for the problem. Its showing up for useragents.
> > Where is the code located.
> > Thanks,
> > Ephraim
> > On Mar 12, 10:19 am, JLH wrote:
> > > Probably a cloaking hack that only displays those links to Google when
> > > they come by to view it. Try switching your useragent to Googlebot in
> > > firefox and see what it looks like.
> > > > Our webpage shows a bunch of links when viewed as Google Cache Pages.
> > > > When we see the view source of the webpage it does not do the same
> > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > that is doing this.
> > > > We had this problem on another website and we overwrote the default
> > > > page on the web site and it Cache is fixed on one site.
> > > > We are really hurting on this problem as our site is pushed back to
> > > > bottom on search engines day by day.
JLH beat me to the punch. Thanks for the quick, thorough response,
John! I'm sorry to hear about your site--but I agree with his
diagnosis. I still wish we had a URL to look at to confirm our
suspicions, though.
To fix the problem, I'd look for any scripts (asp, aspx, etc.) that
you didn't write, delete them, and update any CMS you are running,
since CMS's are the most frequent targets of hacks. Usually security
holes are used to upload scripts that create and hide the text.
Keep us updated on your efforts to fix your site!
-MEB
> I should have mentioned this earlier. We are using the IIS .6.0 on
> Windows 2003 Std. Server.
> Is there anyway i can findout if the data is coming from a particular
> page on the server. That would make things easier.
> thanks,
> On Mar 12, 10:44 am, JLH wrote:
> > Tough to say, all hacks are different.
> > First thing I'd do is get the host involved immediately as there is a
> > hole in your security somewhere, and if there are multiple sites on
> > the server they also may be in jeopardy. They may also be able to
> > pinpoint the incursion through their own experience.
> > On your end I'd look at the files and folders on the site through
> > FTP. Look for new folders or files that you didn't put there. Look
> > for change dates that don't jive with when you last accessed the
> > file(s). If it's an apache server look particularly at the .htacess
> > file and see if there is anything in there that you didn't put there.
> > After you've cleaned up the hack, and have it secured with the host,
> > I'd file a reconsideration request detailing the saga, as your
> > rankings may have been hurt due to the activity on the site.
> > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > First of all, Thanks JLH. You are awesome.
> > > I still have the problem.
> > > Whats the solution for the problem. Its showing up for useragents.
> > > Where is the code located.
> > > Thanks,
> > > Ephraim
> > > On Mar 12, 10:19 am, JLH wrote:
> > > > Probably a cloaking hack that only displays those links to Google when
> > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > firefox and see what it looks like.
> > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > Our webpage shows a bunch of links when viewed as Google Cache Pages.
> > > > > When we see the view source of the webpage it does not do the same
> > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > that is doing this.
> > > > > We had this problem on another website and we overwrote the default
> > > > > page on the web site and it Cache is fixed on one site.
> > > > > We are really hurting on this problem as our site is pushed back to
> > > > > bottom on search engines day by day.
Ahh, IIS. Ick, I've got one of those too. Frontpage extensions is a
weakness, your default page, (possibly default.asp) may have an
include file added to it that does the cloaking. I've never really
thought about an IIS hack, but one way would be to include an include
statement in the default.asp file which calls another .asp file that
looks at the server variables and checks the HTTP_USER_AGENT variable,
including some links only for certain useragents.
If you can download the entire site to local machine and start doing
text searches for HTTP_USER_AGENT or even Googlebot that may locate
the cloaking script, maybe even search for the URLs that the spammy
links. They may have broken up the urls and HTTP_USER_AGENT up into
smaller variables that are later concatenate them to make the complete
string, so this method may not find the files, but it's worth a shot.
If you do find a file, go through it with a fine tooth comb and make
sure it's not calling any other files, then search the server contents
for any other files referencing that. Hackers can embed this stuff
pretty deep and missing one part can really mess up the site.
Even after you figure out where the hack is, the next most important
part is figuring out how it got there in the first place so it doesn't
happen again.
> I should have mentioned this earlier. We are using the IIS .6.0 on
> Windows 2003 Std. Server.
> Is there anyway i can findout if the data is coming from a particular
> page on the server. That would make things easier.
> thanks,
> On Mar 12, 10:44 am, JLH wrote:
> > Tough to say, all hacks are different.
> > First thing I'd do is get the host involved immediately as there is a
> > hole in your security somewhere, and if there are multiple sites on
> > the server they also may be in jeopardy. They may also be able to
> > pinpoint the incursion through their own experience.
> > On your end I'd look at the files and folders on the site through
> > FTP. Look for new folders or files that you didn't put there. Look
> > for change dates that don't jive with when you last accessed the
> > file(s). If it's an apache server look particularly at the .htacess
> > file and see if there is anything in there that you didn't put there.
> > After you've cleaned up the hack, and have it secured with the host,
> > I'd file a reconsideration request detailing the saga, as your
> > rankings may have been hurt due to the activity on the site.
> > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > First of all, Thanks JLH. You are awesome.
> > > I still have the problem.
> > > Whats the solution for the problem. Its showing up for useragents.
> > > Where is the code located.
> > > Thanks,
> > > Ephraim
> > > On Mar 12, 10:19 am, JLH wrote:
> > > > Probably a cloaking hack that only displays those links to Google when
> > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > firefox and see what it looks like.
> > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > Our webpage shows a bunch of links when viewed as Google Cache Pages.
> > > > > When we see the view source of the webpage it does not do the same
> > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > that is doing this.
> > > > > We had this problem on another website and we overwrote the default
> > > > > page on the web site and it Cache is fixed on one site.
> > > > > We are really hurting on this problem as our site is pushed back to
> > > > > bottom on search engines day by day.
You guys are awesome. Thanks for the prompt replies.
Our pages have the code in some user controls (.ascx) . One of the
files had this script in the page. I deleted/cleaned the page and
pasted in to the production environment. We have Front Page Server
Extensions and Web DAV.
I will need to watch these files till we get the new crawl happens to
confirm everything is kewl. We also had been dropped from 3rd rank to
probably 300 or something which is a major loss for our business. Can
u tell us if we can do reinclusion into google cache/search and get
back our customers whom we lost in the past month.
> JLH beat me to the punch. Thanks for the quick, thorough response,
> John! I'm sorry to hear about your site--but I agree with his
> diagnosis. I still wish we had a URL to look at to confirm our
> suspicions, though.
> To fix the problem, I'd look for any scripts (asp, aspx, etc.) that
> you didn't write, delete them, and update any CMS you are running,
> since CMS's are the most frequent targets of hacks. Usually security
> holes are used to upload scripts that create and hide the text.
> Keep us updated on your efforts to fix your site!
> -MEB
> On Mar 12, 10:50 am, dave_programmer wrote:
> > I should have mentioned this earlier. We are using the IIS .6.0 on
> > Windows 2003 Std. Server.
> > Is there anyway i can findout if the data is coming from a particular
> > page on the server. That would make things easier.
> > thanks,
> > On Mar 12, 10:44 am, JLH wrote:
> > > Tough to say, all hacks are different.
> > > First thing I'd do is get the host involved immediately as there is a
> > > hole in your security somewhere, and if there are multiple sites on
> > > the server they also may be in jeopardy. They may also be able to
> > > pinpoint the incursion through their own experience.
> > > On your end I'd look at the files and folders on the site through
> > > FTP. Look for new folders or files that you didn't put there. Look
> > > for change dates that don't jive with when you last accessed the
> > > file(s). If it's an apache server look particularly at the .htacess
> > > file and see if there is anything in there that you didn't put there.
> > > After you've cleaned up the hack, and have it secured with the host,
> > > I'd file a reconsideration request detailing the saga, as your
> > > rankings may have been hurt due to the activity on the site.
> > > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > > First of all, Thanks JLH. You are awesome.
> > > > I still have the problem.
> > > > Whats the solution for the problem. Its showing up for useragents.
> > > > Where is the code located.
> > > > Thanks,
> > > > Ephraim
> > > > On Mar 12, 10:19 am, JLH wrote:
> > > > > Probably a cloaking hack that only displays those links to Google when
> > > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > > firefox and see what it looks like.
> > > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > > Our webpage shows a bunch of links when viewed as Google Cache Pages.
> > > > > > When we see the view source of the webpage it does not do the same
> > > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > > that is doing this.
> > > > > > We had this problem on another website and we overwrote the default
> > > > > > page on the web site and it Cache is fixed on one site.
> > > > > > We are really hurting on this problem as our site is pushed back to
> > > > > > bottom on search engines day by day.
Thanks for the inputs, They were really helpful. In fact i was able to
figure out the file that had links and delete the unwanted links.
Going forward...
We are building a secure wall around our site. We are tightening up
security, firewalls, users, tracking user activity and we also are
hiring a company who is going to monitor our HTTP Activity. So we
should be good. It would had been nice if we figured out how these
people came in the first place.
> Ahh, IIS. Ick, I've got one of those too. Frontpage extensions is a
> weakness, your default page, (possibly default.asp) may have an
> include file added to it that does the cloaking. I've never really
> thought about an IIS hack, but one way would be to include an include
> statement in the default.asp file which calls another .asp file that
> looks at the server variables and checks the HTTP_USER_AGENT variable,
> including some links only for certain useragents.
> If you can download the entire site to local machine and start doing
> text searches for HTTP_USER_AGENT or even Googlebot that may locate
> the cloaking script, maybe even search for the URLs that the spammy
> links. They may have broken up the urls and HTTP_USER_AGENT up into
> smaller variables that are later concatenate them to make the complete
> string, so this method may not find the files, but it's worth a shot.
> If you do find a file, go through it with a fine tooth comb and make
> sure it's not calling any other files, then search the server contents
> for any other files referencing that. Hackers can embed this stuff
> pretty deep and missing one part can really mess up the site.
> Even after you figure out where the hack is, the next most important
> part is figuring out how it got there in the first place so it doesn't
> happen again.
> On Mar 12, 12:50 pm, dave_programmer wrote:
> > I should have mentioned this earlier. We are using the IIS .6.0 on
> > Windows 2003 Std. Server.
> > Is there anyway i can findout if the data is coming from a particular
> > page on the server. That would make things easier.
> > thanks,
> > On Mar 12, 10:44 am, JLH wrote:
> > > Tough to say, all hacks are different.
> > > First thing I'd do is get the host involved immediately as there is a
> > > hole in your security somewhere, and if there are multiple sites on
> > > the server they also may be in jeopardy. They may also be able to
> > > pinpoint the incursion through their own experience.
> > > On your end I'd look at the files and folders on the site through
> > > FTP. Look for new folders or files that you didn't put there. Look
> > > for change dates that don't jive with when you last accessed the
> > > file(s). If it's an apache server look particularly at the .htacess
> > > file and see if there is anything in there that you didn't put there.
> > > After you've cleaned up the hack, and have it secured with the host,
> > > I'd file a reconsideration request detailing the saga, as your
> > > rankings may have been hurt due to the activity on the site.
> > > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > > First of all, Thanks JLH. You are awesome.
> > > > I still have the problem.
> > > > Whats the solution for the problem. Its showing up for useragents.
> > > > Where is the code located.
> > > > Thanks,
> > > > Ephraim
> > > > On Mar 12, 10:19 am, JLH wrote:
> > > > > Probably a cloaking hack that only displays those links to Google when
> > > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > > firefox and see what it looks like.
> > > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > > Our webpage shows a bunch of links when viewed as Google Cache Pages.
> > > > > > When we see the view source of the webpage it does not do the same
> > > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > > that is doing this.
> > > > > > We had this problem on another website and we overwrote the default
> > > > > > page on the web site and it Cache is fixed on one site.
> > > > > > We are really hurting on this problem as our site is pushed back to
> > > > > > bottom on search engines day by day.
I can't speak for Berghausen as I am only a mere mortal, however if
your site's ranking has dropped and that coincides with a hacking, I'd
definitely file a reconsideration request. Generally hackers don't go
through the trouble of hacking a site so they can spam links to
disney.com so you may have been flagged for linking out to some nasty
places and/or cloaking content which is also in the guidelines.
> You guys are awesome. Thanks for the prompt replies.
> Our pages have the code in some user controls (.ascx) . One of the
> files had this script in the page. I deleted/cleaned the page and
> pasted in to the production environment. We have Front Page Server
> Extensions and Web DAV.
> I will need to watch these files till we get the new crawl happens to
> confirm everything is kewl. We also had been dropped from 3rd rank to
> probably 300 or something which is a major loss for our business. Can
> u tell us if we can do reinclusion into google cache/search and get
> back our customers whom we lost in the past month.
> On Mar 12, 11:06 am, Berghausen wrote:
> > Hey Dave-
> > JLH beat me to the punch. Thanks for the quick, thorough response,
> > John! I'm sorry to hear about your site--but I agree with his
> > diagnosis. I still wish we had a URL to look at to confirm our
> > suspicions, though.
> > To fix the problem, I'd look for any scripts (asp, aspx, etc.) that
> > you didn't write, delete them, and update any CMS you are running,
> > since CMS's are the most frequent targets of hacks. Usually security
> > holes are used to upload scripts that create and hide the text.
> > Keep us updated on your efforts to fix your site!
> > -MEB
> > On Mar 12, 10:50 am, dave_programmer wrote:
> > > I should have mentioned this earlier. We are using the IIS .6.0 on
> > > Windows 2003 Std. Server.
> > > Is there anyway i can findout if the data is coming from a particular
> > > page on the server. That would make things easier.
> > > thanks,
> > > On Mar 12, 10:44 am, JLH wrote:
> > > > Tough to say, all hacks are different.
> > > > First thing I'd do is get the host involved immediately as there is a
> > > > hole in your security somewhere, and if there are multiple sites on
> > > > the server they also may be in jeopardy. They may also be able to
> > > > pinpoint the incursion through their own experience.
> > > > On your end I'd look at the files and folders on the site through
> > > > FTP. Look for new folders or files that you didn't put there. Look
> > > > for change dates that don't jive with when you last accessed the
> > > > file(s). If it's an apache server look particularly at the .htacess
> > > > file and see if there is anything in there that you didn't put there.
> > > > After you've cleaned up the hack, and have it secured with the host,
> > > > I'd file a reconsideration request detailing the saga, as your
> > > > rankings may have been hurt due to the activity on the site.
> > > > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > > > First of all, Thanks JLH. You are awesome.
> > > > > I still have the problem.
> > > > > Whats the solution for the problem. Its showing up for useragents.
> > > > > Where is the code located.
> > > > > Thanks,
> > > > > Ephraim
> > > > > On Mar 12, 10:19 am, JLH wrote:
> > > > > > Probably a cloaking hack that only displays those links to Google when
> > > > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > > > firefox and see what it looks like.
> > > > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > > > Our webpage shows a bunch of links when viewed as Google Cache Pages.
> > > > > > > When we see the view source of the webpage it does not do the same
> > > > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > > > that is doing this.
> > > > > > > We had this problem on another website and we overwrote the default
> > > > > > > page on the web site and it Cache is fixed on one site.
> > > > > > > We are really hurting on this problem as our site is pushed back to
> > > > > > > bottom on search engines day by day.
Does you or Berghausen know why my other sites Description is gone
from the googles search engines results page. I have 2 sites on the
same server. 1 site has this link farm problem, the other one is ok
till now. It does not show the sites description from the meta tag.
Any help would be appreciated.
> I can't speak for Berghausen as I am only a mere mortal, however if
> your site's ranking has dropped and that coincides with a hacking, I'd
> definitely file a reconsideration request. Generally hackers don't go
> through the trouble of hacking a site so they can spam links to
> disney.com so you may have been flagged for linking out to some nasty
> places and/or cloaking content which is also in the guidelines.
> > You guys are awesome. Thanks for the prompt replies.
> > Our pages have the code in some user controls (.ascx) . One of the
> > files had this script in the page. I deleted/cleaned the page and
> > pasted in to the production environment. We have Front Page Server
> > Extensions and Web DAV.
> > I will need to watch these files till we get the new crawl happens to
> > confirm everything is kewl. We also had been dropped from 3rd rank to
> > probably 300 or something which is a major loss for our business. Can
> > u tell us if we can do reinclusion into google cache/search and get
> > back our customers whom we lost in the past month.
> > On Mar 12, 11:06 am, Berghausen wrote:
> > > Hey Dave-
> > > JLH beat me to the punch. Thanks for the quick, thorough response,
> > > John! I'm sorry to hear about your site--but I agree with his
> > > diagnosis. I still wish we had a URL to look at to confirm our
> > > suspicions, though.
> > > To fix the problem, I'd look for any scripts (asp, aspx, etc.) that
> > > you didn't write, delete them, and update any CMS you are running,
> > > since CMS's are the most frequent targets of hacks. Usually security
> > > holes are used to upload scripts that create and hide the text.
> > > Keep us updated on your efforts to fix your site!
> > > -MEB
> > > On Mar 12, 10:50 am, dave_programmer wrote:
> > > > I should have mentioned this earlier. We are using the IIS .6.0 on
> > > > Windows 2003 Std. Server.
> > > > Is there anyway i can findout if the data is coming from a particular
> > > > page on the server. That would make things easier.
> > > > thanks,
> > > > On Mar 12, 10:44 am, JLH wrote:
> > > > > Tough to say, all hacks are different.
> > > > > First thing I'd do is get the host involved immediately as there is a
> > > > > hole in your security somewhere, and if there are multiple sites on
> > > > > the server they also may be in jeopardy. They may also be able to
> > > > > pinpoint the incursion through their own experience.
> > > > > On your end I'd look at the files and folders on the site through
> > > > > FTP. Look for new folders or files that you didn't put there. Look
> > > > > for change dates that don't jive with when you last accessed the
> > > > > file(s). If it's an apache server look particularly at the .htacess
> > > > > file and see if there is anything in there that you didn't put there.
> > > > > After you've cleaned up the hack, and have it secured with the host,
> > > > > I'd file a reconsideration request detailing the saga, as your
> > > > > rankings may have been hurt due to the activity on the site.
> > > > > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > > > > First of all, Thanks JLH. You are awesome.
> > > > > > I still have the problem.
> > > > > > Whats the solution for the problem. Its showing up for useragents.
> > > > > > Where is the code located.
> > > > > > Thanks,
> > > > > > Ephraim
> > > > > > On Mar 12, 10:19 am, JLH wrote:
> > > > > > > Probably a cloaking hack that only displays those links to Google when
> > > > > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > > > > firefox and see what it looks like.
> > > > > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > > > > Our webpage shows a bunch of links when viewed as Google Cache Pages.
> > > > > > > > When we see the view source of the webpage it does not do the same
> > > > > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > > > > that is doing this.
> > > > > > > > We had this problem on another website and we overwrote the default
> > > > > > > > page on the web site and it Cache is fixed on one site.
> > > > > > > > We are really hurting on this problem as our site is pushed back to
> > > > > > > > bottom on search engines day by day.
Can't say exactly without seeing it, but A URL without a description
(or snippet which is the short description adds below the page title
in their results) generally means that the URL has been blocked by
robots.txt from being crawled yet there are links to the page out
there somewhere so they show the URL only. If you mean that they've
come up with their own description then that could mean several
things, some of which are outlined here:
> Does you or Berghausen know why my other sites Description is gone
> from the googles search engines results page. I have 2 sites on the
> same server. 1 site has this link farm problem, the other one is ok
> till now. It does not show the sites description from the meta tag.
> Any help would be appreciated.
> On Mar 12, 2:00 pm, JLH wrote:
> > I can't speak for Berghausen as I am only a mere mortal, however if
> > your site's ranking has dropped and that coincides with a hacking, I'd
> > definitely file a reconsideration request. Generally hackers don't go
> > through the trouble of hacking a site so they can spam links to
> > disney.com so you may have been flagged for linking out to some nasty
> > places and/or cloaking content which is also in the guidelines.
> > > You guys are awesome. Thanks for the prompt replies.
> > > Our pages have the code in some user controls (.ascx) . One of the
> > > files had this script in the page. I deleted/cleaned the page and
> > > pasted in to the production environment. We have Front Page Server
> > > Extensions and Web DAV.
> > > I will need to watch these files till we get the new crawl happens to
> > > confirm everything is kewl. We also had been dropped from 3rd rank to
> > > probably 300 or something which is a major loss for our business. Can
> > > u tell us if we can do reinclusion into google cache/search and get
> > > back our customers whom we lost in the past month.
> > > On Mar 12, 11:06 am, Berghausen wrote:
> > > > Hey Dave-
> > > > JLH beat me to the punch. Thanks for the quick, thorough response,
> > > > John! I'm sorry to hear about your site--but I agree with his
> > > > diagnosis. I still wish we had a URL to look at to confirm our
> > > > suspicions, though.
> > > > To fix the problem, I'd look for any scripts (asp, aspx, etc.) that
> > > > you didn't write, delete them, and update any CMS you are running,
> > > > since CMS's are the most frequent targets of hacks. Usually security
> > > > holes are used to upload scripts that create and hide the text.
> > > > Keep us updated on your efforts to fix your site!
> > > > -MEB
> > > > On Mar 12, 10:50 am, dave_programmer wrote:
> > > > > I should have mentioned this earlier. We are using the IIS .6.0 on
> > > > > Windows 2003 Std. Server.
> > > > > Is there anyway i can findout if the data is coming from a particular
> > > > > page on the server. That would make things easier.
> > > > > thanks,
> > > > > On Mar 12, 10:44 am, JLH wrote:
> > > > > > Tough to say, all hacks are different.
> > > > > > First thing I'd do is get the host involved immediately as there is a
> > > > > > hole in your security somewhere, and if there are multiple sites on
> > > > > > the server they also may be in jeopardy. They may also be able to
> > > > > > pinpoint the incursion through their own experience.
> > > > > > On your end I'd look at the files and folders on the site through
> > > > > > FTP. Look for new folders or files that you didn't put there. Look
> > > > > > for change dates that don't jive with when you last accessed the
> > > > > > file(s). If it's an apache server look particularly at the .htacess
> > > > > > file and see if there is anything in there that you didn't put there.
> > > > > > After you've cleaned up the hack, and have it secured with the host,
> > > > > > I'd file a reconsideration request detailing the saga, as your
> > > > > > rankings may have been hurt due to the activity on the site.
> > > > > > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > > > > > First of all, Thanks JLH. You are awesome.
> > > > > > > I still have the problem.
> > > > > > > Whats the solution for the problem. Its showing up for useragents.
> > > > > > > Where is the code located.
> > > > > > > Thanks,
> > > > > > > Ephraim
> > > > > > > On Mar 12, 10:19 am, JLH wrote:
> > > > > > > > Probably a cloaking hack that only displays those links to Google when
> > > > > > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > > > > > firefox and see what it looks like.
> > > > > > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > > > > > Our webpage shows a bunch of links when viewed as Google Cache Pages.
> > > > > > > > > When we see the view source of the webpage it does not do the same
> > > > > > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > > > > > that is doing this.
> > > > > > > > > We had this problem on another website and we overwrote the default
> > > > > > > > > page on the web site and it Cache is fixed on one site.
> > > > > > > > > We are really hurting on this problem as our site is pushed back to
> > > > > > > > > bottom on search engines day by day.
> Can't say exactly without seeing it, but A URL without a description
> (or snippet which is the short description adds below the page title
> in their results) generally means that the URL has been blocked by
> robots.txt from being crawled yet there are links to the page out
> there somewhere so they show the URL only. If you mean that they've
> come up with their own description then that could mean several
> things, some of which are outlined here:
> > Does you or Berghausen know why my other sites Description is gone
> > from the googles search engines results page. I have 2 sites on the
> > same server. 1 site has this link farm problem, the other one is ok
> > till now. It does not show the sites description from the meta tag.
> > Any help would be appreciated.
> > On Mar 12, 2:00 pm, JLH wrote:
> > > I can't speak for Berghausen as I am only a mere mortal, however if
> > > your site's ranking has dropped and that coincides with a hacking, I'd
> > > definitely file a reconsideration request. Generally hackers don't go
> > > through the trouble of hacking a site so they can spam links to
> > > disney.com so you may have been flagged for linking out to some nasty
> > > places and/or cloaking content which is also in the guidelines.
> > > > You guys are awesome. Thanks for the prompt replies.
> > > > Our pages have the code in some user controls (.ascx) . One of the
> > > > files had this script in the page. I deleted/cleaned the page and
> > > > pasted in to the production environment. We have Front Page Server
> > > > Extensions and Web DAV.
> > > > I will need to watch these files till we get the new crawl happens to
> > > > confirm everything is kewl. We also had been dropped from 3rd rank to
> > > > probably 300 or something which is a major loss for our business. Can
> > > > u tell us if we can do reinclusion into googlecache/search and get
> > > > back our customers whom we lost in the past month.
> > > > On Mar 12, 11:06 am, Berghausen wrote:
> > > > > Hey Dave-
> > > > > JLH beat me to the punch. Thanks for the quick, thorough response,
> > > > > John! I'm sorry to hear about your site--but I agree with his
> > > > > diagnosis. I still wish we had a URL to look at to confirm our
> > > > > suspicions, though.
> > > > > To fix the problem, I'd look for any scripts (asp, aspx, etc.) that
> > > > > you didn't write, delete them, and update any CMS you are running,
> > > > > since CMS's are the most frequent targets of hacks. Usually security
> > > > > holes are used to upload scripts that create and hide the text.
> > > > > Keep us updated on your efforts to fix your site!
> > > > > -MEB
> > > > > On Mar 12, 10:50 am, dave_programmer wrote:
> > > > > > I should have mentioned this earlier. We are using the IIS .6.0 on
> > > > > > Windows 2003 Std. Server.
> > > > > > Is there anyway i can findout if the data is coming from a particular
> > > > > > page on the server. That would make things easier.
> > > > > > thanks,
> > > > > > On Mar 12, 10:44 am, JLH wrote:
> > > > > > > Tough to say, all hacks are different.
> > > > > > > First thing I'd do is get the host involved immediately as there is a
> > > > > > > hole in your security somewhere, and if there are multiple sites on
> > > > > > > the server they also may be in jeopardy. They may also be able to
> > > > > > > pinpoint the incursion through their own experience.
> > > > > > > On your end I'd look at the files and folders on the site through
> > > > > > > FTP. Look for new folders or files that you didn't put there. Look
> > > > > > > for change dates that don't jive with when you last accessed the
> > > > > > > file(s). If it's an apache server look particularly at the .htacess
> > > > > > > file and see if there is anything in there that you didn't put there.
> > > > > > > After you've cleaned up the hack, and have it secured with the host,
> > > > > > > I'd file a reconsideration request detailing the saga, as your
> > > > > > > rankings may have been hurt due to the activity on the site.
> > > > > > > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > > > > > > First of all, Thanks JLH. You are awesome.
> > > > > > > > I still have the problem.
> > > > > > > > Whats the solution for the problem. Its showing up for useragents.
> > > > > > > > Where is the code located.
> > > > > > > > Thanks,
> > > > > > > > Ephraim
> > > > > > > > On Mar 12, 10:19 am, JLH wrote:
> > > > > > > > > Probably a cloaking hack that only displays those links to Google when
> > > > > > > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > > > > > > firefox and see what it looks like.
> > > > > > > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > > > > > > Our webpage shows a bunch of links when viewed as GoogleCachePages.
> > > > > > > > > > When we see the view source of the webpage it does not do the same
> > > > > > > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > > > > > > that is doing this.
> > > > > > > > > > We had this problem on another website and we overwrote the default
> > > > > > > > > > page on the web site and itCacheis fixed on one site.
> > > > > > > > > > We are really hurting on this problem as our site is pushed back to
> > > > > > > > > > bottom on search engines day by day.
> can u type "jewelry payless dot com" in google and see the google
> results. This is what i was saying.
> Thanks again.
> On Mar 12, 4:35 pm, JLH wrote:
> > Can't say exactly without seeing it, but A URL without a description
> > (or snippet which is the short description adds below the page title
> > in their results) generally means that the URL has been blocked by
> > robots.txt from being crawled yet there are links to the page out
> > there somewhere so they show the URL only. If you mean that they've
> > come up with their own description then that could mean several
> > things, some of which are outlined here:
> > > Does you or Berghausen know why my other sites Description is gone
> > > from the googles search engines results page. I have 2 sites on the
> > > same server. 1 site has this link farm problem, the other one is ok
> > > till now. It does not show the sites description from the meta tag.
> > > Any help would be appreciated.
> > > On Mar 12, 2:00 pm, JLH wrote:
> > > > I can't speak for Berghausen as I am only a mere mortal, however if
> > > > your site's ranking has dropped and that coincides with a hacking, I'd
> > > > definitely file a reconsideration request. Generally hackers don't go
> > > > through the trouble of hacking a site so they can spam links to
> > > > disney.com so you may have been flagged for linking out to some nasty
> > > > places and/or cloaking content which is also in the guidelines.
> > > > On Mar 12, 3:02 pm, dave_programmer wrote:
> > > > > You guys are awesome. Thanks for the prompt replies.
> > > > > Our pages have the code in some user controls (.ascx) . One of the
> > > > > files had this script in the page. I deleted/cleaned the page and
> > > > > pasted in to the production environment. We have Front Page Server
> > > > > Extensions and Web DAV.
> > > > > I will need to watch these files till we get the new crawl happens to
> > > > > confirm everything is kewl. We also had been dropped from 3rd rank to
> > > > > probably 300 or something which is a major loss for our business. Can
> > > > > u tell us if we can do reinclusion into googlecache/search and get
> > > > > back our customers whom we lost in the past month.
> > > > > On Mar 12, 11:06 am, Berghausen wrote:
> > > > > > Hey Dave-
> > > > > > JLH beat me to the punch. Thanks for the quick, thorough response,
> > > > > > John! I'm sorry to hear about your site--but I agree with his
> > > > > > diagnosis. I still wish we had a URL to look at to confirm our
> > > > > > suspicions, though.
> > > > > > To fix the problem, I'd look for any scripts (asp, aspx, etc.) that
> > > > > > you didn't write, delete them, and update any CMS you are running,
> > > > > > since CMS's are the most frequent targets of hacks. Usually security
> > > > > > holes are used to upload scripts that create and hide the text.
> > > > > > Keep us updated on your efforts to fix your site!
> > > > > > -MEB
> > > > > > On Mar 12, 10:50 am, dave_programmer wrote:
> > > > > > > I should have mentioned this earlier. We are using the IIS .6.0 on
> > > > > > > Windows 2003 Std. Server.
> > > > > > > Is there anyway i can findout if the data is coming from a particular
> > > > > > > page on the server. That would make things easier.
> > > > > > > thanks,
> > > > > > > On Mar 12, 10:44 am, JLH wrote:
> > > > > > > > Tough to say, all hacks are different.
> > > > > > > > First thing I'd do is get the host involved immediately as there is a
> > > > > > > > hole in your security somewhere, and if there are multiple sites on
> > > > > > > > the server they also may be in jeopardy. They may also be able to
> > > > > > > > pinpoint the incursion through their own experience.
> > > > > > > > On your end I'd look at the files and folders on the site through
> > > > > > > > FTP. Look for new folders or files that you didn't put there. Look
> > > > > > > > for change dates that don't jive with when you last accessed the
> > > > > > > > file(s). If it's an apache server look particularly at the .htacess
> > > > > > > > file and see if there is anything in there that you didn't put there.
> > > > > > > > After you've cleaned up the hack, and have it secured with the host,
> > > > > > > > I'd file a reconsideration request detailing the saga, as your
> > > > > > > > rankings may have been hurt due to the activity on the site.
> > > > > > > > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > > > > > > > First of all, Thanks JLH. You are awesome.
> > > > > > > > > I still have the problem.
> > > > > > > > > Whats the solution for the problem. Its showing up for useragents.
> > > > > > > > > Where is the code located.
> > > > > > > > > > Probably a cloaking hack that only displays those links to Google when
> > > > > > > > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > > > > > > > firefox and see what it looks like.
> > > > > > > > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > > > > > > > Our webpage shows a bunch of links when viewed as GoogleCachePages.
> > > > > > > > > > > When we see the view source of the webpage it does not do the same
> > > > > > > > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > > > > > > > that is doing this.
> > > > > > > > > > > We had this problem on another website and we overwrote the default
> > > > > > > > > > > page on the web site and itCacheis fixed on one site.
> > > > > > > > > > > We are really hurting on this problem as our site is pushed back to
> > > > > > > > > > > bottom on search engines day by day.
> can u type "jewelry payless dot com" in google and see the google
> results. This is what i was saying.
> Thanks again.
> On Mar 12, 4:35 pm, JLH wrote:
> > Can't say exactly without seeing it, but A URL without a description
> > (or snippet which is the short description adds below the page title
> > in their results) generally means that the URL has been blocked by
> > robots.txt from being crawled yet there are links to the page out
> > there somewhere so they show the URL only. If you mean that they've
> > come up with their own description then that could mean several
> > things, some of which are outlined here:
> > > Does you or Berghausen know why my other sites Description is gone
> > > from the googles search engines results page. I have 2 sites on the
> > > same server. 1 site has this link farm problem, the other one is ok
> > > till now. It does not show the sites description from the meta tag.
> > > Any help would be appreciated.
> > > On Mar 12, 2:00 pm, JLH wrote:
> > > > I can't speak for Berghausen as I am only a mere mortal, however if
> > > > your site's ranking has dropped and that coincides with a hacking, I'd
> > > > definitely file a reconsideration request. Generally hackers don't go
> > > > through the trouble of hacking a site so they can spam links to
> > > > disney.com so you may have been flagged for linking out to some nasty
> > > > places and/or cloaking content which is also in the guidelines.
> > > > On Mar 12, 3:02 pm, dave_programmer wrote:
> > > > > You guys are awesome. Thanks for the prompt replies.
> > > > > Our pages have the code in some user controls (.ascx) . One of the
> > > > > files had this script in the page. I deleted/cleaned the page and
> > > > > pasted in to the production environment. We have Front Page Server
> > > > > Extensions and Web DAV.
> > > > > I will need to watch these files till we get the new crawl happens to
> > > > > confirm everything is kewl. We also had been dropped from 3rd rank to
> > > > > probably 300 or something which is a major loss for our business. Can
> > > > > u tell us if we can do reinclusion into googlecache/search and get
> > > > > back our customers whom we lost in the past month.
> > > > > On Mar 12, 11:06 am, Berghausen wrote:
> > > > > > Hey Dave-
> > > > > > JLH beat me to the punch. Thanks for the quick, thorough response,
> > > > > > John! I'm sorry to hear about your site--but I agree with his
> > > > > > diagnosis. I still wish we had a URL to look at to confirm our
> > > > > > suspicions, though.
> > > > > > To fix the problem, I'd look for any scripts (asp, aspx, etc.) that
> > > > > > you didn't write, delete them, and update any CMS you are running,
> > > > > > since CMS's are the most frequent targets of hacks. Usually security
> > > > > > holes are used to upload scripts that create and hide the text.
> > > > > > Keep us updated on your efforts to fix your site!
> > > > > > -MEB
> > > > > > On Mar 12, 10:50 am, dave_programmer wrote:
> > > > > > > I should have mentioned this earlier. We are using the IIS .6.0 on
> > > > > > > Windows 2003 Std. Server.
> > > > > > > Is there anyway i can findout if the data is coming from a particular
> > > > > > > page on the server. That would make things easier.
> > > > > > > thanks,
> > > > > > > On Mar 12, 10:44 am, JLH wrote:
> > > > > > > > Tough to say, all hacks are different.
> > > > > > > > First thing I'd do is get the host involved immediately as there is a
> > > > > > > > hole in your security somewhere, and if there are multiple sites on
> > > > > > > > the server they also may be in jeopardy. They may also be able to
> > > > > > > > pinpoint the incursion through their own experience.
> > > > > > > > On your end I'd look at the files and folders on the site through
> > > > > > > > FTP. Look for new folders or files that you didn't put there. Look
> > > > > > > > for change dates that don't jive with when you last accessed the
> > > > > > > > file(s). If it's an apache server look particularly at the .htacess
> > > > > > > > file and see if there is anything in there that you didn't put there.
> > > > > > > > After you've cleaned up the hack, and have it secured with the host,
> > > > > > > > I'd file a reconsideration request detailing the saga, as your
> > > > > > > > rankings may have been hurt due to the activity on the site.
> > > > > > > > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > > > > > > > First of all, Thanks JLH. You are awesome.
> > > > > > > > > I still have the problem.
> > > > > > > > > Whats the solution for the problem. Its showing up for useragents.
> > > > > > > > > Where is the code located.
> > > > > > > > > > Probably a cloaking hack that only displays those links to Google when
> > > > > > > > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > > > > > > > firefox and see what it looks like.
> > > > > > > > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > > > > > > > Our webpage shows a bunch of links when viewed as GoogleCachePages.
> > > > > > > > > > > When we see the view source of the webpage it does not do the same
> > > > > > > > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > > > > > > > that is doing this.
> > > > > > > > > > > We had this problem on another website and we overwrote the default
> > > > > > > > > > > page on the web site and itCacheis fixed on one site.
> > > > > > > > > > > We are really hurting on this problem as our site is pushed back to
> > > > > > > > > > > bottom on search engines day by day.
> To further see it, do a site: command in Google, your homepage is
> missing.
> On Mar 13, 12:55 pm, dave_programmer wrote:
> > can u type "jewelry payless dot com" in google and see the google
> > results. This is what i was saying.
> > Thanks again.
> > On Mar 12, 4:35 pm, JLH wrote:
> > > Can't say exactly without seeing it, but A URL without a description
> > > (or snippet which is the short description adds below the page title
> > > in their results) generally means that the URL has been blocked by
> > > robots.txt from being crawled yet there are links to the page out
> > > there somewhere so they show the URL only. If you mean that they've
> > > come up with their own description then that could mean several
> > > things, some of which are outlined here:
> > > > Does you or Berghausen know why my other sites Description is gone
> > > > from the googles search engines results page. I have 2 sites on the
> > > > same server. 1 site has this link farm problem, the other one is ok
> > > > till now. It does not show the sites description from the meta tag.
> > > > Any help would be appreciated.
> > > > On Mar 12, 2:00 pm, JLH wrote:
> > > > > I can't speak for Berghausen as I am only a mere mortal, however if
> > > > > your site's ranking has dropped and that coincides with a hacking, I'd
> > > > > definitely file a reconsideration request. Generally hackers don't go
> > > > > through the trouble of hacking a site so they can spam links to
> > > > > disney.com so you may have been flagged for linking out to some nasty
> > > > > places and/or cloaking content which is also in the guidelines.
> > > > > On Mar 12, 3:02 pm, dave_programmer wrote:
> > > > > > You guys are awesome. Thanks for the prompt replies.
> > > > > > Our pages have the code in some user controls (.ascx) . One of the
> > > > > > files had this script in the page. I deleted/cleaned the page and
> > > > > > pasted in to the production environment. We have Front Page Server
> > > > > > Extensions and Web DAV.
> > > > > > I will need to watch these files till we get the new crawl happens to
> > > > > > confirm everything is kewl. We also had been dropped from 3rd rank to
> > > > > > probably 300 or something which is a major loss for our business. Can
> > > > > > u tell us if we can do reinclusion into googlecache/search and get
> > > > > > back our customers whom we lost in the past month.
> > > > > > On Mar 12, 11:06 am, Berghausen wrote:
> > > > > > > Hey Dave-
> > > > > > > JLH beat me to the punch. Thanks for the quick, thorough response,
> > > > > > > John! I'm sorry to hear about your site--but I agree with his
> > > > > > > diagnosis. I still wish we had a URL to look at to confirm our
> > > > > > > suspicions, though.
> > > > > > > To fix the problem, I'd look for any scripts (asp, aspx, etc.) that
> > > > > > > you didn't write, delete them, and update any CMS you are running,
> > > > > > > since CMS's are the most frequent targets of hacks. Usually security
> > > > > > > holes are used to upload scripts that create and hide the text.
> > > > > > > Keep us updated on your efforts to fix your site!
> > > > > > > -MEB
> > > > > > > On Mar 12, 10:50 am, dave_programmer wrote:
> > > > > > > > I should have mentioned this earlier. We are using the IIS .6.0 on
> > > > > > > > Windows 2003 Std. Server.
> > > > > > > > Is there anyway i can findout if the data is coming from a particular
> > > > > > > > page on the server. That would make things easier.
> > > > > > > > thanks,
> > > > > > > > On Mar 12, 10:44 am, JLH wrote:
> > > > > > > > > Tough to say, all hacks are different.
> > > > > > > > > First thing I'd do is get the host involved immediately as there is a
> > > > > > > > > hole in your security somewhere, and if there are multiple sites on
> > > > > > > > > the server they also may be in jeopardy. They may also be able to
> > > > > > > > > pinpoint the incursion through their own experience.
> > > > > > > > > On your end I'd look at the files and folders on the site through
> > > > > > > > > FTP. Look for new folders or files that you didn't put there. Look
> > > > > > > > > for change dates that don't jive with when you last accessed the
> > > > > > > > > file(s). If it's an apache server look particularly at the .htacess
> > > > > > > > > file and see if there is anything in there that you didn't put there.
> > > > > > > > > After you've cleaned up the hack, and have it secured with the host,
> > > > > > > > > I'd file a reconsideration request detailing the saga, as your
> > > > > > > > > rankings may have been hurt due to the activity on the site.
> > > > > > > > > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > > > > > > > > First of all, Thanks JLH. You are awesome.
> > > > > > > > > > I still have the problem.
> > > > > > > > > > Whats the solution for the problem. Its showing up for useragents.
> > > > > > > > > > Where is the code located.
> > > > > > > > > > On Mar 12, 10:19 am, JLH wrote:
> > > > > > > > > > > Probably a cloaking hack that only displays those links to Google when
> > > > > > > > > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > > > > > > > > firefox and see what it looks like.
> > > > > > > > > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > > > > > > > > Our webpage shows a bunch of links when viewed as GoogleCachePages.
> > > > > > > > > > > > When we see the view source of the webpage it does not do the same
> > > > > > > > > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > > > > > > > > that is doing this.
> > > > > > > > > > > > We had this problem on another website and we overwrote the default
> > > > > > > > > > > > page on the web site and itCacheis fixed on one site.
> > > > > > > > > > > > We are really hurting on this problem as our site is pushed back to
> > > > > > > > > > > > bottom on search engines day by day.
Too many links on a single page, over 200. Recommended maximum is
about 100.
Your robots.txt is invalid (need to separate each user agent group
from the one befroe by one blank line) plus it's usless since all the
rogue robots you want to keep out will not check nor obey it in any
case.
Probably thsi may have resutled in
You shouldn't try to block Xenu - it's the most useful program and in
any case it doesn't read or obey robots.txt - it's purpose is checking
for broken links first and foremost.
> can u type "jewelry payless dot com" in google and see the google
> results. This is what i was saying.
> Thanks again.
> On Mar 12, 4:35 pm, JLH wrote:
> > Can't say exactly without seeing it, but A URL without a description
> > (or snippet which is the short description adds below the page title
> > in their results) generally means that the URL has been blocked by
> > robots.txt from being crawled yet there are links to the page out
> > there somewhere so they show the URL only. If you mean that they've
> > come up with their own description then that could mean several
> > things, some of which are outlined here:
> > > Does you or Berghausen know why my other sites Description is gone
> > > from the googles search engines results page. I have 2 sites on the
> > > same server. 1 site has this link farm problem, the other one is ok
> > > till now. It does not show the sites description from the meta tag.
> > > Any help would be appreciated.
> > > On Mar 12, 2:00 pm, JLH wrote:
> > > > I can't speak for Berghausen as I am only a mere mortal, however if
> > > > your site's ranking has dropped and that coincides with a hacking, I'd
> > > > definitely file a reconsideration request. Generally hackers don't go
> > > > through the trouble of hacking a site so they can spam links to
> > > > disney.com so you may have been flagged for linking out to some nasty
> > > > places and/or cloaking content which is also in the guidelines.
> > > > On Mar 12, 3:02 pm, dave_programmer wrote:
> > > > > You guys are awesome. Thanks for the prompt replies.
> > > > > Our pages have the code in some user controls (.ascx) . One of the
> > > > > files had this script in the page. I deleted/cleaned the page and
> > > > > pasted in to the production environment. We have Front Page Server
> > > > > Extensions and Web DAV.
> > > > > I will need to watch these files till we get the new crawl happens to
> > > > > confirm everything is kewl. We also had been dropped from 3rd rank to
> > > > > probably 300 or something which is a major loss for our business. Can
> > > > > u tell us if we can do reinclusion into googlecache/search and get
> > > > > back our customers whom we lost in the past month.
> > > > > On Mar 12, 11:06 am, Berghausen wrote:
> > > > > > Hey Dave-
> > > > > > JLH beat me to the punch. Thanks for the quick, thorough response,
> > > > > > John! I'm sorry to hear about your site--but I agree with his
> > > > > > diagnosis. I still wish we had a URL to look at to confirm our
> > > > > > suspicions, though.
> > > > > > To fix the problem, I'd look for any scripts (asp, aspx, etc.) that
> > > > > > you didn't write, delete them, and update any CMS you are running,
> > > > > > since CMS's are the most frequent targets of hacks. Usually security
> > > > > > holes are used to upload scripts that create and hide the text.
> > > > > > Keep us updated on your efforts to fix your site!
> > > > > > -MEB
> > > > > > On Mar 12, 10:50 am, dave_programmer wrote:
> > > > > > > I should have mentioned this earlier. We are using the IIS .6.0 on
> > > > > > > Windows 2003 Std. Server.
> > > > > > > Is there anyway i can findout if the data is coming from a particular
> > > > > > > page on the server. That would make things easier.
> > > > > > > thanks,
> > > > > > > On Mar 12, 10:44 am, JLH wrote:
> > > > > > > > Tough to say, all hacks are different.
> > > > > > > > First thing I'd do is get the host involved immediately as there is a
> > > > > > > > hole in your security somewhere, and if there are multiple sites on
> > > > > > > > the server they also may be in jeopardy. They may also be able to
> > > > > > > > pinpoint the incursion through their own experience.
> > > > > > > > On your end I'd look at the files and folders on the site through
> > > > > > > > FTP. Look for new folders or files that you didn't put there. Look
> > > > > > > > for change dates that don't jive with when you last accessed the
> > > > > > > > file(s). If it's an apache server look particularly at the .htacess
> > > > > > > > file and see if there is anything in there that you didn't put there.
> > > > > > > > After you've cleaned up the hack, and have it secured with the host,
> > > > > > > > I'd file a reconsideration request detailing the saga, as your
> > > > > > > > rankings may have been hurt due to the activity on the site.
> > > > > > > > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > > > > > > > First of all, Thanks JLH. You are awesome.
> > > > > > > > > I still have the problem.
> > > > > > > > > Whats the solution for the problem. Its showing up for useragents.
> > > > > > > > > Where is the code located.
> > > > > > > > > > Probably a cloaking hack that only displays those links to Google when
> > > > > > > > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > > > > > > > firefox and see what it looks like.
> > > > > > > > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > > > > > > > Our webpage shows a bunch of links when viewed as GoogleCachePages.
> > > > > > > > > > > When we see the view source of the webpage it does not do the same
> > > > > > > > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > > > > > > > that is doing this.
> > > > > > > > > > > We had this problem on another website and we overwrote the default
> > > > > > > > > > > page on the web site and itCacheis fixed on one site.
> > > > > > > > > > > We are really hurting on this problem as our site is pushed back to
> > > > > > > > > > > bottom on search engines day by day.
I have the tool (google bot firefox) at work. I looked at it at noon
and figured it out that its still there (nofollow and noindex) I
changed the code to follow and index. Someone seeded the code that
does display the nofollow and noindex on google and bot engines. This
is sick. We are trying to clean and secure our servers.
Your help is always appreciated.
> Too many links on a single page, over 200. Recommended maximum is
> about 100.
> Your robots.txt is invalid (need to separate each user agent group
> from the one befroe by one blank line) plus it's usless since all the
> rogue robots you want to keep out will not check nor obey it in any
> case.
> Probably thsi may have resutled in
> You shouldn't try to block Xenu - it's the most useful program and in
> any case it doesn't read or obey robots.txt - it's purpose is checking
> for broken links first and foremost.
> On Mar 13, 1:55 pm, dave_programmer wrote:
> > can u type "jewelry payless dot com" in google and see the google
> > results. This is what i was saying.
> > Thanks again.
> > On Mar 12, 4:35 pm, JLH wrote:
> > > Can't say exactly without seeing it, but A URL without a description
> > > (or snippet which is the short description adds below the page title
> > > in their results) generally means that the URL has been blocked by
> > > robots.txt from being crawled yet there are links to the page out
> > > there somewhere so they show the URL only. If you mean that they've
> > > come up with their own description then that could mean several
> > > things, some of which are outlined here:
> > > > Does you or Berghausen know why my other sites Description is gone
> > > > from the googles search engines results page. I have 2 sites on the
> > > > same server. 1 site has this link farmproblem, the other one is ok
> > > > till now. It does not show the sites description from the meta tag.
> > > > Any help would be appreciated.
> > > > On Mar 12, 2:00 pm, JLH wrote:
> > > > > I can't speak for Berghausen as I am only a mere mortal, however if
> > > > > your site's ranking has dropped and that coincides with a hacking, I'd
> > > > > definitely file a reconsideration request. Generally hackers don't go
> > > > > through the trouble of hacking a site so they can spam links to
> > > > > disney.com so you may have been flagged for linking out to some nasty
> > > > > places and/or cloaking content which is also in the guidelines.
> > > > > On Mar 12, 3:02 pm, dave_programmer wrote:
> > > > > > You guys are awesome. Thanks for the prompt replies.
> > > > > > Our pages have the code in some user controls (.ascx) . One of the
> > > > > > files had this script in the page. I deleted/cleaned the page and
> > > > > > pasted in to the production environment. We have Front Page Server
> > > > > > Extensions and Web DAV.
> > > > > > I will need to watch these files till we get the new crawl happens to
> > > > > > confirm everything is kewl. We also had been dropped from 3rd rank to
> > > > > > probably 300 or something which is a major loss for our business. Can
> > > > > > u tell us if we can do reinclusion into googlecache/search and get
> > > > > > back our customers whom we lost in the past month.
> > > > > > On Mar 12, 11:06 am, Berghausen wrote:
> > > > > > > Hey Dave-
> > > > > > > JLH beat me to the punch. Thanks for the quick, thorough response,
> > > > > > > John! I'm sorry to hear about your site--but I agree with his
> > > > > > > diagnosis. I still wish we had a URL to look at to confirm our
> > > > > > > suspicions, though.
> > > > > > > To fix theproblem, I'd look for any scripts (asp, aspx, etc.) that
> > > > > > > you didn't write, delete them, and update any CMS you are running,
> > > > > > > since CMS's are the most frequent targets of hacks. Usually security
> > > > > > > holes are used to upload scripts that create and hide the text.
> > > > > > > Keep us updated on your efforts to fix your site!
> > > > > > > -MEB
> > > > > > > On Mar 12, 10:50 am, dave_programmer wrote:
> > > > > > > > I should have mentioned this earlier. We are using the IIS .6.0 on
> > > > > > > > Windows 2003 Std. Server.
> > > > > > > > Is there anyway i can findout if the data is coming from a particular
> > > > > > > > page on the server. That would make things easier.
> > > > > > > > thanks,
> > > > > > > > On Mar 12, 10:44 am, JLH wrote:
> > > > > > > > > Tough to say, all hacks are different.
> > > > > > > > > First thing I'd do is get the host involved immediately as there is a
> > > > > > > > > hole in your security somewhere, and if there are multiple sites on
> > > > > > > > > the server they also may be in jeopardy. They may also be able to
> > > > > > > > > pinpoint the incursion through their own experience.
> > > > > > > > > On your end I'd look at the files and folders on the site through
> > > > > > > > > FTP. Look for new folders or files that you didn't put there. Look
> > > > > > > > > for change dates that don't jive with when you last accessed the
> > > > > > > > > file(s). If it's an apache server look particularly at the .htacess
> > > > > > > > > file and see if there is anything in there that you didn't put there.
> > > > > > > > > After you've cleaned up the hack, and have it secured with the host,
> > > > > > > > > I'd file a reconsideration request detailing the saga, as your
> > > > > > > > > rankings may have been hurt due to the activity on the site.
> > > > > > > > > On Mar 12, 12:36 pm, dave_programmer wrote:
> > > > > > > > > > First of all, Thanks JLH. You are awesome.
> > > > > > > > > > I still have theproblem.
> > > > > > > > > > Whats the solution for theproblem. Its showing up for useragents.
> > > > > > > > > > Where is the code located.
> > > > > > > > > > On Mar 12, 10:19 am, JLH wrote:
> > > > > > > > > > > Probably a cloaking hack that only displays those links to Google when
> > > > > > > > > > > they come by to view it. Try switching your useragent to Googlebot in
> > > > > > > > > > > firefox and see what it looks like.
> > > > > > > > > > > On Mar 12, 11:41 am, dave_programmer wrote:
> > > > > > > > > > > > Our webpage shows a bunch of links when viewed as GoogleCachePages.
> > > > > > > > > > > > When we see the view source of the webpage it does not do the same
> > > > > > > > > > > > thing. I am wondering if there is a virus or some sort of applicaiton
> > > > > > > > > > > > that is doing this.
> > > > > > > > > > > > We had thisproblemon another website and we overwrote the default
> > > > > > > > > > > > page on the web site and itCacheis fixed on one site.
> > > > > > > > > > > > We are really hurting on thisproblemas our site is pushed back to
> > > > > > > > > > > > bottom on search engines day by day.
> I have the tool (google bot firefox) at work. I looked at it at noon
> and figured it out that its still there (nofollow and noindex) I
> changed the code to follow and index. Someone seeded the code that
> does display the nofollow and noindex on google and bot engines. This
> is sick. We are trying to clean and secure our servers.
> Your help is always appreciated.
This one's out in left field, but I have to mention it ...
Check that the links aren't really there and disguised by your CSS.
It's possible you have links that _your_ CSS is hiding - Google's
displays of its cache are known to screw up CSS sometimes and it may
be that this effect is making the links visible.
Good point Phil, but what I was seeing is actually in the source code,
and it changes when loading up the pages under different user-agents.
Apparently it was spammy links before, now each page is getting a
noindex,nofollow meta tag when googlebot visits it, which isn't
generally good for indexing...
> > I have the tool (google bot firefox) at work. I looked at it at noon
> > and figured it out that its still there (nofollow and noindex) I
> > changed the code to follow and index. Someone seeded the code that
> > does display the nofollow and noindex on google and bot engines. This
> > is sick. We are trying to clean and secure our servers.
> > Your help is always appreciated.
> This one's out in left field, but I have to mention it ...
> Check that the links aren't really there and disguised by your CSS.
> It's possible you have links that _your_ CSS is hiding - Google's
> displays of its cache are known to screw up CSS sometimes and it may
> be that this effect is making the links visible.
We are using IIS and ASP.net. its the server side code that is
generating the links (we removed it). Now its the noallow, no index
for robots. Any help is appreciated.
> Good point Phil, but what I was seeing is actually in the source code,
> and it changes when loading up the pages under different user-agents.
> Apparently it was spammy links before, now each page is getting a
> noindex,nofollow meta tag when googlebot visits it, which isn't
> generally good for indexing...
> On Mar 13, 3:56 pm, Phil Payne wrote:
> > On Mar 13, 8:48 pm, dave_programmer wrote:
> > > I have the tool (google bot firefox) at work. I looked at it at noon
> > > and figured it out that its still there (nofollow and noindex) I
> > > changed the code to follow and index. Someone seeded the code that
> > > does display the nofollow and noindex on google and bot engines. This
> > > is sick. We are trying to clean and secure our servers.
> > > Your help is always appreciated.
> > This one's out in left field, but I have to mention it ...
> > Check that the links aren't really there and disguised by your CSS.
> > It's possible you have links that _your_ CSS is hiding - Google's
> > displays of itscacheare known to screw up CSS sometimes and it may
> > be that this effect is making the links visible.- Hide quoted text -
Do you have some sort of included file that is used as the header for
every page, I'd check any scripts, includes or asp code in that. Also
try to create a new page (not linked to anywhere on the site) with
a .asp extension, start blank, check it out with googlebot as the user
agent, then start adding common things that are used in a template (if
you are using one) until you see it pop up, maybe you'll be able to at
least find where it's injected and work back from that file.
> We are using IIS and ASP.net. its the server side code that is
> generating the links (we removed it). Now its the noallow, no index
> for robots. Any help is appreciated.
> thanks,
> On Mar 13, 2:00 pm, JLH wrote:
> > Good point Phil, but what I was seeing is actually in the source code,
> > and it changes when loading up the pages under different user-agents.
> > Apparently it was spammy links before, now each page is getting a
> > noindex,nofollow meta tag when googlebot visits it, which isn't
> > generally good for indexing...
> > On Mar 13, 3:56 pm, Phil Payne wrote:
> > > On Mar 13, 8:48 pm, dave_programmer wrote:
> > > > I have the tool (google bot firefox) at work. I looked at it at noon
> > > > and figured it out that its still there (nofollow and noindex) I
> > > > changed the code to follow and index. Someone seeded the code that
> > > > does display the nofollow and noindex on google and bot engines. This
> > > > is sick. We are trying to clean and secure our servers.
> > > > Your help is always appreciated.
> > > This one's out in left field, but I have to mention it ...
> > > Check that the links aren't really there and disguised by your CSS.
> > > It's possible you have links that _your_ CSS is hiding - Google's
> > > displays of itscacheare known to screw up CSS sometimes and it may
> > > be that this effect is making the links visible.- Hide quoted text -
