[I would like to know how anyone who experienced the following problem dealt with it. In my Webmaster Tools (WMT) account, I found the following message for some of my sites: We’ve detected that some of your site’s pages may be using techniques that are outside Google`s Webmaster Guidelines.
Specifically, your site may have what we consider to be doorway pages- groups of “cookie-cutter” or low-quality pages. Such pages are often of low value to users and are often optimized for single words or phrases in order to channel users to a single location. We believe that doorway pages typically create a frustrating user experience, and we encourage you to correct or remove any pages that violate our quality guidelines. Once you’ve made these changes, please submit your site for reconsideration in Google’s search results. A few months ago, I discovered through WMT`s Fetch As Googlebot that one of the sites had the code “<a class=”l82cfa62fc” href=”hissite.net/” onclick=”window.open(‘hissite.net/’,’_blank’); return false;” style=”color:#0D3700; text-decoration:underline; border-bottom:1px solid; padding-bottom:1px;”>” Inserted. This resulted in traffic to my site being directed to the hacker`s site. The code was removed but is it possible that something else was done to the site resulting in the message from Google?]
If a hacker was able to break into your website and you have not found and fixed the vector used to break in, then you will likely be exploited again and again by the same hacker as well as new hackers that are constantly testing your web server for vulnerabilities.
You need to figure out how your site was exploited and fix the problem.
Have you changed the passwords for your hosting, databases, FTP accounts and any software installed on the server? Have you scanned your own machine for rook kits, viruses, spyware, Trojan horses and other malware using specialized tools for each? Do you have both a hardware and software firewall installed on the computer you use to manage and upload files to your website?
After you realize you have been hacked, you need to shut everything down, go offline until you have thoroughly cleaned or replaced all system data storage devices. It is important to identify the root of your exploit and clamp down hard. Once you are exploited sometimes it takes a clean install to wipe out all remaining threats.
Once your own systems are clean and protected, you need to go through every file on your web server. Make sure you know what each file is for and that it is placed there by you from trusted sources. Visit your server logs to look for activity from Unknown files or URLs on your website. Use Xenu’s Link Sleuth to scan all your website links, look for anything that shouldn’t be there.
Never rely on a single Anti-virus program, particularly if you have been hacked. Download a few different anti-malware programs from trusted sources and run scans with each. Some may find things that AVG misses.
I recommend Malwarebytes and Spybot Search & Destroy, in addition to your AVG. Also, use a good personal firewall program like ZoneAlarm or Comodo. Some things cannot be removed using general-purpose anti-virus programs, you may need to download specialized programs just to remove that particular malware.
Look at everything you find with Xenu Link Sleuth and list any link you don’t recognize as a link you placed yourself on your website. Research each to make sure they should be on your website.
Take a look at your server logs. Look for anything that you don’t recognize or understand and place it on a list. Research each item on your list until you know exactly what it is and that it has a legitimate purpose to be on your server.
Next, go through scripts that have been embedded in your web page coding. Make sure you know what each is doing and that there is nothing nefarious going on. Remove anything that isn’t absolutely necessary, after backing up of course.