Cleaning out spam infections may yield some unwanted results

Nov 18, 2015 21:13 GMT  ·  By

Webmasters that remove large-scale spam infections from their website may sometimes be DDoSed by Google's search engine crawling bot, a.k.a. Googlebot.

This out-of-the-ordinary scenario has been discussed by Sucuri researchers, who warn webmasters and urge them to properly set up their Google Search Console (formerly known as Webmasters Tools) before removing the spammy HTML files from their Web host.

A Japanese-themed spam campaign that dirties up your servers

Sucuri staff observed a recent spam campaign that compromises websites and leaves behind numerous HTML spam files. These files are harmless and do nothing more than to redirect users to more dangerous websites.

Attackers leave tens or hundreds of thousands of such files in numerous directories on compromised sites. These HTML pages link to other compromised websites, creating a self-standing mesh of malicious websites that link to each other, with the sole purpose of gaining SEO points and popping up in Google's search results.

The tactic is ancient, but Google is an automated system, and some spam campaigns can poison its search results using such antiquated tricks.

Beware of how you remove spam campaigns from infected servers

In the cases where webmasters notice the infections, Sucuri, a security vendor for websites, is warning that removing all the files at once without going through a series of steps may lead to two negative results.

One is a quick drop in Google's PageRank, due to a high number of 404 errors that will pop up by incorrectly removing the spammy HTML files.

The second is more dangerous and occurs only in some cases, where it may lead to an accidental DDoS attack from Googlebot if the proper settings aren't made in the Google Search Console.

For both cases, Sucuri has published a series of steps to follow, so webmasters won't get penalized when cleaning up their websites.