Viruses on the site and the site position in Yandex
Recently, we are faced with a very unexpected and even dangerous phenomenon, which will be discussed further. This post will interest all those who care about the position of their own site in the Yandex search engine. Perhaps our experience will allow someone not to repeat the mistakes of others, as well as promptly correct them. And also we will tell you a little about our anti-virus for sites (or rather, about the whole system of site protection) - SiteGuard , which will help minimize the risk of infection of the site. And that means - to avoid losing customers, nerves, time, money.
On one of the websites of our Studio clients, a virus recently snuck in, posted at the end of the index.php file a plain javascript code with an exploit for IE 6-7 and FF 1-2 (the script is pretty ordinary). The virus made its way to the site, probably because our colleague, from whom we “inherited” this site for part of the work, saved the passwords directly in the FTP client (this should not be done in any case). Next, we have an infected local computer - stealing passwords from FTP - an infected site.
All client sites are connected to our anti-virus, which notified us as soon as it found the virus, so three hours after the infection, the last one was removed, all passwords were changed, but ... by fatal accident, the Yandex robot “visited” , re-indexed the site, and the virus along with it. This is where the fun began.
')
It should be said that the client’s site felt pretty good in the search engines. Excellent, frankly, I felt - the first places for requests of interest. And here, looking in the morning the daily statistics of the positions of reporting sites in search engines, we notice that the site mentioned earlier has lost all its positions. Totally. It is not in Yandex, even at the 500th position, even in provincial cities, not to mention the Moscow issue. It should be noted that there was no update on this day (standard fluctuation, not exceeding half percent).
We add the site to Yandex.Webmaster (according to the old sign, websites that are doing well are not added there just like that), we see that Yandex found a virus on the site. To speed up the situation, go to the security page and press the button, they say, they have deleted everything for a long time, moderate soon. By the end of the day, Yandex removes the status of "infected with a virus" from the site (in the Webmaster), but does not return the position. At the same time, the index contains many provirovannyh sites that have not lost their positions, but with the mark "this site can threaten the security of the computer." Why it was ours that was thrown out is unclear (it would be curious to see Yandex’s answer here). Well, nothing comes back: Yandex also let know that everything is in order. The letter even sent.
Not having found the site the next morning at the usual positions (and, to tell the truth, I didn’t find it at all), we write a letter to the respected "Plato Schukin", directly from the Yandex.Webmaster panel. We get the answer that everything is in order, everything will be soon, wait. Waiting, waiting, waiting. The client is worried - the season is in full swing, buyers do not find the site, go to competitors. Days go by.
After two weeks of experiences, doubts, correspondence, dancing with a tambourine, increasing the reference mass, the site began to gradually return to the issue, regardless of updates from Yandex. So, on the 7th of April (the update was) in the index “hatch” one small query ranked 19th. From our experience of pulling sites out of viruses, we knew: this is a good sign. The very next day (there was no update) the absolute majority of requests seemed to be in the Yandex index, but in positions from 10 to 20. And yesterday's 19th place grew to the 18th. Not bad, but before the former TOP-1 Oh how far!
And today, on the 9th of April (the update was) the site returned to the issue. Almost all previous requests returned to the 1st place, except for one, which rose only to the second (which, however, is also a good result, and we are sure that it will also fall on the 1st place, the site is a good one). Everyone is happy, thank you all.
If the topic turns out to be in demand, we will try to compare available anti-viruses for sites and publish test results on Habré.
Virus hits the site
On one of the websites of our Studio clients, a virus recently snuck in, posted at the end of the index.php file a plain javascript code with an exploit for IE 6-7 and FF 1-2 (the script is pretty ordinary). The virus made its way to the site, probably because our colleague, from whom we “inherited” this site for part of the work, saved the passwords directly in the FTP client (this should not be done in any case). Next, we have an infected local computer - stealing passwords from FTP - an infected site.
All client sites are connected to our anti-virus, which notified us as soon as it found the virus, so three hours after the infection, the last one was removed, all passwords were changed, but ... by fatal accident, the Yandex robot “visited” , re-indexed the site, and the virus along with it. This is where the fun began.
')
The site falls out of Yandex
It should be said that the client’s site felt pretty good in the search engines. Excellent, frankly, I felt - the first places for requests of interest. And here, looking in the morning the daily statistics of the positions of reporting sites in search engines, we notice that the site mentioned earlier has lost all its positions. Totally. It is not in Yandex, even at the 500th position, even in provincial cities, not to mention the Moscow issue. It should be noted that there was no update on this day (standard fluctuation, not exceeding half percent).
We add the site to Yandex.Webmaster (according to the old sign, websites that are doing well are not added there just like that), we see that Yandex found a virus on the site. To speed up the situation, go to the security page and press the button, they say, they have deleted everything for a long time, moderate soon. By the end of the day, Yandex removes the status of "infected with a virus" from the site (in the Webmaster), but does not return the position. At the same time, the index contains many provirovannyh sites that have not lost their positions, but with the mark "this site can threaten the security of the computer." Why it was ours that was thrown out is unclear (it would be curious to see Yandex’s answer here). Well, nothing comes back: Yandex also let know that everything is in order. The letter even sent.
Further developments
Not having found the site the next morning at the usual positions (and, to tell the truth, I didn’t find it at all), we write a letter to the respected "Plato Schukin", directly from the Yandex.Webmaster panel. We get the answer that everything is in order, everything will be soon, wait. Waiting, waiting, waiting. The client is worried - the season is in full swing, buyers do not find the site, go to competitors. Days go by.
Return to index
After two weeks of experiences, doubts, correspondence, dancing with a tambourine, increasing the reference mass, the site began to gradually return to the issue, regardless of updates from Yandex. So, on the 7th of April (the update was) in the index “hatch” one small query ranked 19th. From our experience of pulling sites out of viruses, we knew: this is a good sign. The very next day (there was no update) the absolute majority of requests seemed to be in the Yandex index, but in positions from 10 to 20. And yesterday's 19th place grew to the 18th. Not bad, but before the former TOP-1 Oh how far!
And today, on the 9th of April (the update was) the site returned to the issue. Almost all previous requests returned to the 1st place, except for one, which rose only to the second (which, however, is also a good result, and we are sure that it will also fall on the 1st place, the site is a good one). Everyone is happy, thank you all.
Conclusions, briefly and in the case
- Viruses on the site detrimentally affect the position of the site in search engines, it is necessary to monitor the security of the site, vulnerabilities, and also to prohibit employees from storing passwords in ftp / sftp / ssh clients and browsers.
- There is an external filter “oh, a virus” in Yandex generation algorithms (we certainly don’t know the name of the filter, but let it be so). The filter “oh, virus”, depending on unknown reasons, can simply mark the site as “threatening to security”, or it can be completely excluded from the issue. In this case, all manipulations with the issuance (exclusion, restoration) occur independently of the “updates” of the search base, into the so-called “inter-rapier”, and updates of this filter occur every day (such “fast”).
- The post describes the situation with Yandex, but it could well happen with Google. The action algorithm is similar, just wait, it will take even longer.
- Use modern site monitoring tools - antivirus for sites. The post mentions a free antivirus for SiteGuard sites, this is our secret development, which we can safely recommend to use, and we have been using it for one and a half years already. In addition to informing about viruses (e-mail, SMS, ICQ), there are also some nice buns, for example, monitoring domains. The site also has an extensive knowledge base on site security issues and site viruses.
If the topic turns out to be in demand, we will try to compare available anti-viruses for sites and publish test results on Habré.
Source: https://habr.com/ru/post/90466/
All Articles