Hacked & Spammed - What would you do?

[wikibum]

I have a client site with many users. One of the users account got hacked and 10+ spammy posts were posted under their name. It was only 1 month later that we discovered the spammy posts. Not only where the posts created, but spammy links were also built pointing at them!

For example: clientsite.com/xanax was created and started getting links with anchor text "xanax" from a mix of spammy sites OR other hacked sites.

We already deleted the spammy posts that were created. So all the spammy links are going to the 404 page. The 404 page is custom built and it actually has a link to the homepage. It's not just blank page that says 404.

So the mixed spammy + hacked sites are not pointing to the 404 page and I am thinking that is hurting the website rankings, especially since the rankings dropped a few weeks after those links were posted. There was no announced update during that period.

I already prepared a disavow file but I haven't submitted it.

I am sure Google will figure out and clean out the spammy urls/domains, but I am not so sure about the hacked sites with spam posts pointing back to us. So these links might keep poitning to the 404 page with anchors like xanax and viagra. Hence, why I thought about disavowing.

What would you do?
1) Submit a disavow file
2) Don't submit a disavow file and wait
3) Don't submit a disavow file and ramp up link building to dilute the crap ones

 

[SmokeTree]

This sounds like a case where the WordPress database was compromised. This normally happens because of an issue with a badly coded or compromised plugin. Unless passwords are stupid simple and can be easily brute-forced (abc123), the accounts are almost never the culprit and it's almost never an issue of an individual account getting hacked vs other much more frequent attack vectors. Just removing the posts won't help. Try to run a plugin like "Malcure" on the site and make sure the definitions are updated and it's scanning the DB. If the DB is compromised, a lot of the time you'll see it in <script > tag embeds in the post and many times there will be a function with a unique enough name to create a regex to remove it. Just saying, this will keep coming back, figure out how it got there to begin with, I can almost guarantee it wasn't a user account. Most of the cleanup work is best done on the command line with wp-cli. I used to do cleanup work for hacked sites but not so much these days as aside from very few IM clients, I'm happily in the Cannabis and IoT industry.

 

[Ryuzaki]

As long as you customized your 404 template and the HTTP header is sending a 404 response, that's all you really have to do. You can have a super elaborate 404 page and it can still be an official 404 page.

Disavowing wouldn't hurt. You might disavow some spam that's helping (but then again it's a 404 page so it's not), but who wants to gamble on keeping spam links around. Google is going to ignore most of them anyways and they "claim" that the spam won't hurt you.

 

[wikibum]

Disavowing wouldn't hurt. You might disavow some spam that's helping (but then again it's a 404 page so it's not), but who wants to gamble on keeping spam links around. Google is going to ignore most of them anyways and they "claim" that the spam won't hurt you.

I read this yesterday: https://www.gsqi.com/marketing-blog/google-disavow-file-case-study/

Seems like the disavow is really useless (for the most part). There is no solid answer as to if it is worth using or not. I think most site owners using it wrong in that they put in every single URL they don't like in it.

None the less, I am going to submit a disavow file with those spammy links only. There are other spammy links going to other pages (like the homepage and others), but I am not going to bother with those.