Located in Boston MA 02216.

Sneaky SEO malware causes 404 on your website

I came across a simple but interesting malware recently that I had only heard about in passing before. This malware would modify your website so that to you it appears that everything is fine, but to search engines your website looks broken! This damages your SEO ranking and puts you below your competition. Your website can drop in rank incredibly quickly once it starts generating 404's, in some cases it can be in a matter of minutes if you have a high traffic website! To get rid of this devious malware is simple, I'll show you how.

Google thinks you're 404

The beauty of this is that it can go undetected for a long time, when you go to your website directly you see your homepage and such as intended, so as far as you know everything is fine. But visitors to your site that come via a search engine (as most do) will get a 404, yet when they refresh the page it loads! This damages your search engine ranking considerably.

How does it work?

The version of this type of malware that I encountered would modify the .htaccess file of your website with code similar to the following:

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)
RewriteRule ^(.*)$ invalid-page.php?$1 [L]

So this little bit of code tells visits from search engines to go to invalid-page.php (which does not exist)! This is just the format that is for .htaccess files, if you have another server type this may not be where the problem lies.

How can I fix it?

In this case, you can just delete the .htaccess file from the root directory of your website if it doesn't contain anything you need for your site. Or if you want to remove those rules directly you can do that too. It might be buried in with other rewrite conditions, in which case the first line would be needed but the other lines would not.

Ideally you should restore the file from backup. Of course if you do have this malware on your site you might have others, so if you suspect that then you should definitely restore from a known good backup and not just try to remove the malware yourself.

Contact RDAIT for assistance!

If you'd like to hear how RDAIT can help you with your technology problems, give us a call today!

Comments are closed.