Style Switcher

Predefined Colors

Sucuri Webinar: What is SEO Spam and How to Fight It

(perky techno music) – Alright, hello everybody. My name is Krasimir. I’ve been working in security for a while now. I really enjoy vulnerabilities, exploits just reading about them, testing them anything about security really is a passion of mine. I also like playing with hardware. I like playing with Raspberry Pi other small computers, microcontrollers. Yeah I have a lot of hobbies and projects. And another thing I love is traveling.

I love to visit different countries. But today we’re here to talk about SEO Spam. So in this webinar you will learn about SEO Spam and what attackers gain from SEO Spam and how to deal with attacks effectively. We’ll go into more details about SEO Spam the different variations and why your website might be targeted. How these attacks are facilitated and how you can determine if your website contains any SEO Spam. Obviously sometimes it’s not so easy. A lot of times you just see it on the website when you visit one day, and it’s like: Oh there’s a lot of spam. But in some cases it’s not so easy. So we’ll discuss that and we’ll see how we can determine. Yeah and we’ll also obviously discuss some ways you can protect your website and how to prevent it from being compromised in the first place.

So let’s start with SEO Spam. And what is SEO Spam? So SEO Spam is usually a combination of links, keywords and other phrases that are inserted into the website. (digital beep) It could be anything really. In many cases it will include a link to another website. It could be doing it just to get people to visit their website. Or it could be malware-related. But in most cases they include a link to their website which contains more spam. And they’re trying just to get visitors away from your website and to the website they want to promote. And from there it could be anything. Could be they just want traffic. Could be they have malware on their website and they just wanna compromise computers on there. It could be that they’re selling something. It could be some kind of scam or something like pretending that they’re selling some kind of product. People putting their credit card and then they get stolen. Or maybe, supposedly they bought something but the product never gets shipped. Yeah there’s so many. Right, it’s referred as SEO Spam because it’s usually crafted in a way that targets specific keywords.

These keywords are usually around a link they’re promoting which the attacker is trying to push to search engines. Or sometimes they might not target a search engine. It might just be for visitors going to your website. There might not really count on search engines. They index the site or they might not care if the site is visible in any search engines. It might not be indexed at all but as long as they get enough visitors from compromised websites they don’t really care. It still accomplishes their goal. Yeah in some cases they (mumbles) want their site to rank in Google, and want it to rank for specific keywords and that’s why they’ll push these keywords, put ’em around the link.

It depends in each case. Sometimes they do. Sometimes they don’t care. Obviously you have a lot of these sites stay long in search engines. So they might get indexed for like a day or a week or something like that. They’ll gain a lot of rank. And then eventually Google will notice that this site is not really legitimate and some of these backlinks that they had start disappearing when website owners figure out that their website was compromised, start removing them. And eventually this site will just get de-indexed completely from the search engine. But I’m guessing they don’t care. They’ll just register another domain and just keep going just keep compromising more sites just to place all the links on the ones that are still compromised.

And here you can see some examples. These are all from Google but it will look the same if you look at it through a different search engine. And you can see at the top we’d just search for a site and then the domain and then we could search for a keyword. This is a way you can try and see if you can protect any spam on your website. But you’ll have to try different keywords. It could be any keyword really that they’re targeting. But they can see at the top this one is more like a Japanese spam. They, I guess advertise in Louis Vuitton. You can see though on this one, after the domain you can see that there’s a full-sized need.php so that need.php file is probably the one that was uploaded there by the attacker. And it’s the one responsible for generating all the spam content. So they just used that file to just generate random content. And that one is probably the file that gets also pushed to Google to index it, and Google starts crawling in and that’s how these search results get on there.

On the bottom left you can see this one is targeting Nike shoes. And you can see this one is a little bit different and there’s still spam. But yet you can see they just target random keywords. Sometimes it’ll be a whole sentence. Sometimes it’ll just be random keywords that don’t make really any sense. But you can see even though we removed the eventual URL we can see after that where it has the IRIK, though be the actual URL on the website.

You can see that it was just randomly generated. So in that case you’re not really looking for a particular URL, you might not see it. But on the right side you can see this one is more carefully crafted. You can see that this one is most likely a WordPress site and it was targeting Cialis and Viagra and just medical in general. But you can see that all the links there actually make sense and they’re targeting the content from the article. Like the Cialis alternatives is actually talking about Cialis alternatives. So this one is most likely a WordPress site that was compromised.

And literally blog posts were created and they actually used the specific URL for each blog post so they can generate these. This has all been automatic but still you can see that sometimes they go through a lot of trouble just to compromise a site and make sure that there’s content gets indexed. And we’ll talk a little bit about how does SEO Spam get on your website and why. This is really important. And in many cases SEO Spam gets on the website through a vulnerability. It could be a lot of things. It depends on your website but in general let’s take WordPress for example it could be a vulnerability in one of your plugins.

Or it could be a team that you have. You didn’t update it. Or maybe you just didn’t update your WordPress in general and there’s a core vulnerability that attackers are using but never updated. Yeah a lot of the attackers usually, they’re looking for wall-hanging fruits or they’re not looking for big sites or anything like that. They’re just looking for sites that haven’t been updated in awhile. And they’ll just scam thousands of ’em. Yeah they’ll just look for, through like a let’s say you don’t have a list of a million websites that they just got from search engine or something. Or maybe online somewhere they found a list of WordPress sites and they’ll just go through the whole list with the bot. And the bot will just look for websites and look for (mumbles) does this website have this plugin? Okay. Is it vulnerable? Okay if it’s vulnerable exploit it.

If it’s not let’s check the next one. Does it have this other plugin that’s also vulnerable? Can we exploit it? No, okay. Let’s check the next one. And if it finds one then exploits it moves onto the next website. Yeah there are many ways, many reasons why attackers might wanna distribute SEO Spam. Yeah like I said before they could be trying to get a large number of users to their vulnerable website which will be a scam or sell some kind of product. You know just traffic. They could also be looking for vulnerable computers that might visit their own website. Let’s say you visit a computer or visit the website with your computer, like your home computer without knowing that this one, it’s a compromised website.

You get redirected to another website. It’s their own website. And all the sudden this website is canning your computer looking if you have a outdated version of Windows. Or maybe your Flash plugin is outdated. Or maybe you have some other software that’s running on your computer that might be vulnerable to attacks. So they’ll look for that. They’ll do a quick scan. You probably won’t notice anything. It won’t be any prompt or anything: Oh, do you wanna scan your computer? Or something like that. It’ll just be doing it in the background.

And then it depends on the attack. So it might be silent. Others might be more obvious. Like it’ll just flash a window and you’ll be like oh. You need to update your Flash player. And it’ll be convincing you. It’ll look like a real window. So you click on it and suddenly you’re infected. And it depends on the attack. I’m sure everybody’s heard of ransomware. So it might be that the attack is starting your computer just for ransom. It’ll encrypt all your files. And they’ll send you an email or change your wallpaper or something. Just be like: We want $600, let’s say. You just need to send ’em two bitcoins to this address or we’re just not gonna un-encrypt your files so you can’t use any of your files. Some people have important things on their computer important files that they just can’t get away with not having. They don’t have any backups. So they don’t really have an option. Some of them actually pay the ransom. Or it could be something else. They might just want your computer just to erase everything on it.

In some cases they might want to just turn it into a part of botnet. A botnet is usually a network of computers. They’re all compromised. And in most cases users don’t know that their computer is compromised or part of a botnet. And they’ll be a command and control center that controls all the bots and the network. All the computers they’re basically compromising the botnet. And they can do all kinds of attacks. For example if your computer is part of a botnet it could be used along with all the other computers to attack one website.

Let’s say there’s a really popular website that makes a lot of sales and sells a certain product and a attacker know that they’re making a lot of money. So they’ll contact the owner of the website and they’ll be like: I want you to pay me $1,000 otherwise I’ll take your website down. Obviously the owner of the website won’t pay ’em at least at first. So they’ll just attack the website. They’ll make so many requests to the website using all these computers that the server won’t be able to handle it and the website it would die, hang, and nobody’d be able to access it. And then they’ll just keep sending emails and be like: We want this amount of money otherwise we’ll continue attacking the website.

And some users have no choice but to pay the ransom just so they’ll stop attacking their website and leave it alone so they can make sales and sell their product. So yeah there’s a lot of reasons. Yeah there’s a lot more reasons. It’s hard to say exactly why they do it. But yeah it’s never a good reason. Yeah I wanted to touch a little bit on small websites. I know probably a lot of people are like: Well I have a small website. It’s like why would I care if my website is or why would somebody care about my website? It’s so small. I don’t really have a lot of traffic. Or I don’t make any money off of it. And I’d be like: personal blog or something or it’s only my family that visits my site or something like that. It’s like there’s no reason for ’em to compromise my website.

I shouldn’t worry about security and stuff like that. But that’s not true. Most of these attacks are done automatic. So it’ll be some kind of software, we call it a bot. So they’re not really targeting specific sites. It’s not like your website is more valuable. It might be but, for the most part they don’t really look at that. They’re not gonna look into your page ranks or how many visitors you get a month. They’ll just get a list of million sites and they’ll just keep going. And in a matter of a few hours the bot will probably be able to go through all the sites on that list. And if you’re vulnerable they’ll compromise. It doesn’t matter what kind of site it is and it doesn’t matter what kind of content. You have a lot of visitors. Not a lot of visitors. Yeah they’ll just look for something to compromise.

Yeah if it’s vulnerable and the bot can exploit it then it then it will be infected. So let’s talk a little bit about detecting SEO Spam. This one’s a little more tricky. Let’s say you’re not sure if your website was infected. I mean a lot of times you might see it. It might be related to something else. Like let’s say your website was compromised and then it was sending spam emails.

Or maybe pages got deleted. Or it was more severe. And then one of the symptoms of the compromise was the SEO Spamming notice that they also injected SEO Spamming into your website. But in some cases you might not see it at all. The website might’ve been compromised but the attacker doesn’t want you to know that they compromised the site. Otherwise you erase the content right? Or restore backup or something. So in some of these cases they might just keep silent and just create new pages, like completely new pages that you might not even be able to see in your WordPress dashboard if you’re using WordPress. Or they’ll just hide ’em in some subdirectory, just create an HTML file in some hidden subdirectory. Or maybe a directory inside a directory, inside a directory. And then they’ll just fill it with spam and links and whatnot, and they’ll just keep it there. And there’s not gonna be any sign on the actual website. Like if you go through your main website, there’s not gonna be a link to that specific page that has the spam.

But they still give the link to Google. So Google starts indexing these pages and well technically, they’re still on your website. You might not know that they’re there but they’re still indexing. That’s part of your website. And we see that a lot with online essay sites. They do that a lot. I guess trying to get more visitors and trying to rank these essay sites that apparently create real essays for people that don’t want to write ’em in college and whatnot.

But we see that a lot. Especially recently there’s been a goal interim but online essay sites, apparently they hire people to just spread their website everywhere. And in a lot of times they’ll just create random pages and just put links to their own site. And you won’t know it unless you search for something specifically, like online essay and then your domain or something like that and you’ll find it. So what I recommend is checking this website called unmaskedparasites. It’s a really good website to detect things like that. It can detect a lot of things but this guys are looking for find hidden links. And you can go to the main website and you can look under their security tools and you’ll find the hidden links to find hidden links. It’s a really nice tool. And basically what it does is, I’ll show you. This is what it looks like when you got the page. And you can see, we’ll search for powered by WordPress and then you’ll search for cheap Viagra, cheap visas. I’ll search for secret drinkers in your credit score or Viagra, strip poker, you know all kinds of spam words.

And any kind of keywords that might be targeted. Obviously you don’t have to use the same exact ones. You can always click on one, like open in a new window and then move the keywords, insert your own keywords. If you want the news powered by WordPress you have a different site. You can use the technique that we’ve solved before where you use site, then colon, then your domain and then space, and then you can put some keywords in there. And see if anything pops up if you suspect that something might be injected into your site. There’s also, if you have a WordPress obviously I believe there’s some Jungle as well but there is a lot of plugins that can monitor for file changes and changes through blog posts and things like that.

So that’s obviously one way you can monitor. I mean these plugins are not bullet-proof. They’re not gonna detect everything all the time. I mean if it’s smarter tech it goes in they might even disable that particular plugin before it can report to you and tell you that there’s something, some changes made. I mean these are obviously not running constantly. They’re not loading all the time. Let’s say some of these plugins, let’s say a plugin is on a 15 minute schedule. Every 15 minutes it’ll check for pilot changes. Well if your website was attacked and the attacker disabled that plugin within that 15 minute timeframe the plugin is never gonna scan again. So you just won’t receive any alerts or nothing. And yeah, by the time you notice that the plugin was actually disabled, then your website was compromised and it’s too late. So I wouldn’t rely on that as a bullet-proof way to protect your website. But it’s good to have one just in case something goes in and changes your blog post or uploads in your file.

That’s really nice to have that. When it works it’ll alert you right away and then you can make some changes. If you’re in front of the computer something you can access your website you can try to suspend the site or limit access to it right away so the malware doesn’t spread and Google doesn’t detect it and it doesn’t get even worse than it already is. All right. And we should also talk about protecting your website. Obviously keeping your website up to date is the best way. I mean if you have vulnerable plugins or even your WordPress you didn’t update it or you didn’t have some other software maybe it’s not related to WordPress but some third-party software that you put on there. A lot of times we see people, they have a old version of the website. They’ll keep a backup of their old version. Maybe they update it to a new WordPress.

Or maybe they migrate it from Jungle to WordPress or something like that. Then they just keep this old installation in a folder called backup or something that’s really easy to guess. Some of these bots will do that. They’ll look for directories that might be like backup or maybe like admin or old or something like that. You know, different directories that might contain another website and try to compromise it through there. So we always recommend if you’re not using something just get rid of it. If you have a plugin that you never use you just disabled it, there’s no reason for it to just sit there. Remove it if you have a old installation that you had in there. If you want to keep it zip it. Use your hosting Pow manager zip directory. And then keep the zip file but remove the actual directory with all the files. Obviously backup is always great to have. I mean it depends on the infection. You can have a backup but if your website has been infected for months and months you might not have a backup to restore from. So then in that case you might have to clean it and try to salvage as much as possible.

But yeah having a backup is always a good idea and especially if your database gets infected and things like that. There’s like thousands and thousands of keywords injected everywhere. It could be almost impossible to replace all of them and find them. So having a backup just to restore the entire database is a lot easier than trying to just randomly go through articles and look for any kind a keyword that might be spent or remove it. Another thing, that’s obviously having a Web Application Firewall. We recommend having one that does Virtual Patching. A firewall is always gonna be a really good idea.

It can protect your website obviously. But blocking different attack methods, different exploits. It will scan traffic so this traffic passes through. It will scan it and it will look for what requests people are doing and things like that so it can prevent some attacks before it even happens. Like let’s say one plugin was outdated and if you have a Web Application Firewall, the firewall hopefully will block that attack before it even gets there. Somebody will try to access a file directly and the plugins directory and you read some random query or something like that, but firewall detect that and be like: Why would they try to access this plugin file directly? And I’ll block it. Virtual Patching is also really good. For example our firewall has Virtual Patching.

So if we detect any new exploit or maybe vulnerability in a plugin that was made public we’ll create a virtual patch for that vulnerability and we’ll put it on the firewall. So even if you weren’t able to update your plugin right away let’s say you have a big site, and the site was attacked but you can’t, or decide it’s vulnerable but you can’t really push a new update because you’re not sure what’s gonna happen. What if the site goes down? Or maybe you have this big plugin that you’re depending on but you’re not sure what’s gonna happen when you push this new update and maybe it’s not compatible with your version of PHP or your server or something or Apache, or you gotta make more changes.

A lot of people use a staging environment where they stage the update. Test it, see if everything works fine and then push through the live website. And that’s a really good strategy that works really well. But it depends on how fast you can do that. I mean what if you’re just learning about a vulnerability in one of your plugins, but it was released 10 days ago and it’s gonna take a few days maybe to contact your developer, have them go through and update it on the staging site.

And then push it in a few days after some testing. By the time you do that your website might already be compromised. Yeah attackers are really fast to pick up on these things. Especially if it’s a vulnerability that was released to the public. And even worse if there’s a proof of concept something they can go on, a lot of times when the new vulnerability’s found and released to the public the person that found it will do a proof of concept. And so there will be a simple script that shows the vulnerability that might not do anything like inject malware but it will show how the vulnerability works and whatnot. And then it’s super easy for attackers to just pick up on that. Just change it a little bit for like half an hour. Make it so it injects some kind of malware or something. Just incorporate it into their arsenal they use to compromise websites. So yeah by the time you get it updated, your website might already have been scammed and hacked.

So that’s why we always recommend keeping everything up-to-date, having a backup, and hopefully having a firewall as well to keep you protected if you can’t act fast enough. And there you can see this is a little graphic. The firewall and how it actually works. But there you can see injections, spam, hackers even brute force attacks and bad bots. They go through the firewall which will be in the middle. They’ll be in the network of the firewall, not notes. And then that traffic gets discarded. Good traffic goes to the website.

So that’s the best way really to protect a website. But yeah, so this is the end of the webinar. I will take some questions. – Not even close to the end of the webinar. Thank you so much Krasimir. We’ve got loads of questions. Let’s see if we can sneak in at least a few of them on the live show. And then as I’ve said in the beginning for those of you that maybe joined after we started Krasimir will go through all of the questions you guys sent. No matter they came through Facebook, Twitter or inside the Zoom session.

And we will be having the Q&A document attached to the recording that will be placed on the same page you registered for the webinar on. After those of you who registered via email in your forum you will also get the email announcing you when these the recording and everything is gonna be on the site. So with that said, thank you so much Krasimir. I’m gonna go to some of the questions now. Apparently SEO and specifically SEO Spam is a big pain in the we-know-where. So a lot of the people have questions first off. When I’m SEO Spam, does that mean that I’m also hacked? Or can we say that there’s an equal sign between being hacked and having SEO Spam on the site? – And yeah, in most cases yeah, if you see SEO Spam on your website, it’s most likely you’re being compromised as well.

I mean for the SEO Spam to get on the website they must have found a vulnerability or somewhere. It’s very rare that we see SEO Spam that gets through from a comments. Like let’s say your website accepts comments and somebody just keeps scamming comments on your blog or something like that. Yeah that’s one way that you could see SEO Spam when it’s one of your comments. But that’ll be only on the particular articles and only in the comments sections.

So that’s easy. You can just get a plugin to clean up the comments. But yeah, if you see new pages created or spam that gets injected in between your article’s words and whatnot, like on the bottom of your articles not just in the comments then yes, the website was compromised at some point. And yeah these contact were injected. – Thank you, Krasimir. That’s good to know. What do you think, the next question coming up here what do you think is the best protection if any (laughs) against SEO Spam? – I mean the best protection, obviously it’s great to update all your plugins. That’s the best way to keep everything secure. But like I said if you can’t really keep up with that or it takes you a few days, the best protection will be to get our website firewall.

There is so many out there. You have to evaluate which one works best for you. I recommend one that also does Virtual Patching so that when your vulnerabilities get released these can be patched through the firewall. And then you don’t have to worry about them specifically. I mean obviously the firewall blocks attacks. But in most cases it’s generic attacks that they target certain behavior and things like that. So having Virtual Patching, that’s a lot more targeted. So yeah the firewall will be the best. – And it’s worth mentioning that Sucuri firewall does Virtual Patching as well. – Right, right. – Next question, this is actually a very interesting one. Does my industry matter to an SEO Spammer that tries to come off the MicroMain? So– – Yeah. I don’t think the industry building matters. I mean maybe at some point it might be attackers that target a specific industry. Or maybe because the website or the product they’re promoting or the, let’s say if they’re promoting essays and they’re trying to convince college students to get free essays from this website, or paid essays to somebody who has to write an essay for them then they might target college websites or something like that.

Or websites that students might go to. But for the most part these bots these attacks are automated. And bots are doing all the work or scripts. You know, it’s all automated. So no they don’t really care what industry you’re in or anything like that. They just take a large list of sites and just go through ’em and try to compromise as many as possible. – Yeah. Rubin is asking a question right now. He actually just sent this. I’m gonna skip through it. Apparently he says, “Thanks for the webinar.” So thank you Krasimir. – When? – When I tried to access my WordPress blog it redirects to a Viagra website. I checked the HD access and plugins but could not find where the redirection is hidden. I used the Unmasked Parasites site you just presented. It reported that 301 and 302 redirects but I can’t find them. And we can help him with this. – Right. It could be also the index file. Some of the core files might have been changed. It doesn’t have to be the HD access file. It could be just the index.php. Or it could be something else hidden.

I mean you could see it, that’s it’s redirecting but is it redirecting right away before it loads any content? Or maybe it’s trying to load something like let’s say it’s loading the header section and your theme. And then as soon as it tries to load it then there’s a random redirecting there. Yeah it’s hard to say exactly what it is but– – I hope and this is something we can definitely fix for him, right? So– – Right, right. – Yeah we– – He can either reach out directly to us via chat or just buy any of the plans on our, most like, maybe even Krasimir will get through for working the site– – (laughs) – (laughs) – Yeah. – That should fix it. So that’s not an issue for us to clean up. – Yep. Definitely.

– Talking about WordPress. Actually Rubin just made the lead in here. The next question that I have is: Is there a specific CMS more prone for SEO Spam? – There isn’t really one that’s more prone. A lot of people mistake let’s say they look at statistics and they’re like: Oh my God, look WordPress has been compromised by this vulnerability. Or like: Look how many times WordPress is being compromised. But then when you look at the whole picture and it’s like: Well how many sites actually use WordPress? And they’ll be like: Some huge number, like millions of sites that use WordPress. And how many use like (mumbles) or something? It’s like: There aren’t that many, so obviously WordPress will be a bigger target because it’s more broadly used. So yeah, for the most part we see WordPress a lot. But that’s not because it’s more prone. It’s more because it’s so popular and people are using it. There’s always gonna be third-party plugins that somebody else wrote. Not the core WordPress team. And I mean there’s obviously some people that go through ’em and they try to make ’em secure. But yeah, it’s never bullet-proof. I mean you’re installing a third-party plugin on your WordPress site and you hope that it’s secure.

But it’s not always possible. – Well another question regarding the plugins. So we’re still in the let’s say Warcraft’s universe. From your daily activity cleaning sites can you speak to which WordPress plugin is a common target for malware that generates SEO Spam? – I don’t think there’s a common plugin. At one point we had some like a red slider that was really popular and it was a big vulnerability. And then we saw a large wave of websites getting compromised. But a few years back we had (mumbles) thumb.

That was also being targeted. I wouldn’t say it was specifically for SEO Spam. It was more like a really popular plugin that a lot of people were using. And a huge vulnerability was found on it and so that we had thousands of websites that were just compromised. Yeah we were dealing with that for months and months. Just cleaning thousands of websites. So I can’t say there’s a specific plugin that’s targeted right now or there’s like: Oh my God, there’s one.

But it’s like: There’s like a wave right now one specific plugin that’s causing problems. I mean there’s so many sites that publish vulnerabilities in different plugins. A lot of them get patched through the fast. So no it’s not really one particular plugin or anything like that. It’s usually a range of different plugins that are just easy to exploit. And there’s already a vulnerability public. – We’re still not living the WordPress universe. Greg has a question regarding, let me just read through. We recently added firewall to seclude our WordPress website and we’re unable to make edits to our site within WordPress since the IP address was changed.

Is there a way to work around this so we can have the firewall and still have the ability to edit our site via WordPress CMS? Most likely this is something that they would raise in a ticket right? For our product? – I would recommend yeah, make a ticket and I’m sure one of our guys can figure out what’s being blocked on the site so we can make regular edits. And there’s also another solution you can use. The API that’s integrated into the firewall. So you can literally get a link and then put it on your browser like a bookmark, that link. And every time you click the link it will check your IP whitelist your IP. And that said and then you can make all the edits you want.

– Yeah, so Greg if you can’t find it yourself feel free to open a support ticket and our team will most likely, easy to help you with that. – Very great. – Have another one question. There’s too many questions coming in so we are really sorry. We’re kind of out of time. But I still wanna go through one. This says: Does Google always know when SEO Spam attacks your site? And what to do if my ranking is still dropped after an attack? So I’m assuming this gentleman’s website is already under attack.

So their SEO ranking are down now. – Yeah. Google doesn’t always know or at least not initially. Sometimes it will take some time sometimes. The attackers will intentionally not want the content to be nixed by Google and they’ll try to block bots. A lot of times Google will find a way to use they have so many IP’s and so many servers and different regions that eventually they’ll index the content. But it could take ’em weeks, it could take ’em months. You never know. So no, Google doesn’t always know if there is SEO Spam. Once the problem is fixed you could there’s multiple methods that you could try. It depends on how many pages were actually indexed that have the spam. If it’s only a few then you can always go through the Google Webmasters console and try to just de-list those pages.

There’s a tool there that you can use to tell it to remove those pages from the index. And then you can also submit a sitemap. The sitemap you have to generate it somewhere else. And there’s plugins that you can use. The generator sitemap if you have WordPress. But a sitemap is just like map of all your links. That they’re actually though, the pages they are part of your website. So then when you submit the sitemap you’re telling Google that these are all my pages, and anything outside of that is not on my website. So that also helps. But there is no way to instantly recover the ranking or something like that. It will still take Google some time to remove some of the links and index the ones that are valid. And then your rank will go up eventually. – Awesome. That’s good to know. Thank you so much Krasimir. Thank you to everyone who registered, participated today sent questions in. If you think of questions that you didn’t have time to ask now or you think you have more advance or complicated questions, feel free to tweet us.

You see our tweeter handle on the screen right now. Use the hashtag #AskSucuri. It will get to us. We’ll make sure you get your answers. Again this recording will be available on our website within a few days. And you’ll get an email with slides and everything you followed here. We’ll make sure to have all the links. Especially to Greg and everybody all that asked how they can access their sites even if they’re on their own firewall. Thank you again Krasimir. For those of you who didn’t know this was Krasimir’s first webinar and I would just want to say thank you. That was really well done. – Thank you. – And most likely we’re gonna lead back with Krasimir. So stay tuned. Thank you everyone. I’m gonna let Krasimir say goodbye to you. And then we’ll see you in about two weeks for our other webinar. Thank you. – All right. Bye guys.

I can’t wait to see you on the next webinar. .

As found on Youtube

Posted in SEOTagged , , , , , , , , ,