Google Webmaster Tools Showing Wrong Warning in Manual Actions

I was quite confused and shocked by the notice that one of my blogs has been hacked. How do I come to know? Google Webmaster Tools under Search Traffic>Manual Actions. One of my blogs listed as “Hacked Site”. First, I ignored the message because I knew my blogs have tight security because of recent hack attempts and multiple backlink spam attacks.

[box type=”note”]Here is the image from Google Webmaster Tools[/box]

hacked site notice google webmaster tools

Click to enlarge image

[box type=”info”]To confirm it is not photo-shopped[/box]

Click to enlarge

Click to enlarge

After a week I realized that this message seems to stuck and maybe Google is right. I investigated the issue further and I ran multiple scans and double checked my folder via FTP and web host file manager. I don’t find any folder or directory named “ebestcars.co.uk/moving.page/”. I was worried because when my blogs were hacked, there was a folder “/moving.page/”. However, it was ewali.com not my other blog listed in Google Webmaster Tools.

[box type=”important”]Message showed up after Google introduced “Manual Actions” Tab.[/box]

Moving further, I contacted my web host that I must say is one of the best WordPress web hosting providers that I have ever seen. Thanks to their excellent web support, I confirmed before writing this post that there is no hacked attempt on my blog or any other code.

There might be multiple reasons behind the issue:

  • Google Webmaster Tools “Manual Action” is still in beta phase (not sure or heard about this).
  • Google is picking data from my ewali.com blog and mixing up with ebestcars.co.uk.
  • Google maybe showing old data about 1 to 2 years old to benchmark manual action.
  • Google is going nuts ;-).

I am more confident at second and third point that they are showing old data and mixing other Google Webmaster Tool properties. I remember hiring the services of Freelance SEO agencies from Odesk before the Penguin updates. Those links hurt my blog rankings at that time a lot after Penguin was launched. I have noticed that Google is still showing old backlinks data, most of the links are either washed away due to domain expiry or websites no longer in business and rest of the links were manually removed. I can see the old links in Google Webmaster Tools and they are never updated. And for the second point, ebestcars.co.uk was never hacked and still working fine from past three years.

The point here is that Google is making so many changes and updates that they cannot keep track of every website in their system. I am not going to go ahead and send a reconsideration request for now because me and my friend is working on bigger issue (removing the links) to solve the “manual action” penalty on the given website.

[box type=”important”]Here is the chat transcript from my Web Host.[/box]

Don P.   Sat, 8/17/2013 10:56:33 pm

Hello Ahmad Wali. Please wait while we connect you to an operator.

Ahmad Wali        Sat, 8/17/2013 10:56:40 pm

Hi

I am getting this warning in Google Webmaster toolds

*tools

Hacked site

Some pages on this site may have been hacked by a third party to display spammy content or links. You should take immediate action to clean your site and fix any security vulnerabilities. Learn more.

ebestcars.co.uk/moving.page/

Don P.   Sat, 8/17/2013 10:57:11 pm

Hello Ahmad. My name is Don. Okay let me check the site here, one moment.

Ahmad Wali        Sat, 8/17/2013 10:57:34 pm

ok

Don P.   Sat, 8/17/2013 11:02:00 pm

Hm, from what I’m seeing here, there doesn’t seem to be a page at ebestcars.co.uk/moving.page/ and also I’m not seeing the domain blacklisted with Google either. I’m not sure why you’re seeing this. I would suggest first having Google scan the site again through Webmaster tools and see if it comes back clear now. If you think your site may have been a victim of a hacker, we can run a full security audit here on the site if you wish.

Ahmad Wali        Sat, 8/17/2013 11:03:12 pm

I don’t feel anything recently to be honest, but I am surprised to see this message in Google webmaster tools

Don P.   Sat, 8/17/2013 11:04:20 pm

yes, that is a bit odd. Usually if anything on the domain is blacklisted by Google, it will be picked up in a scan on the Sucuri.net site. (I use this a lot to see if sites are hacked/blacklisted) I’d suggest getting Google to check the site again for sure first.

Ahmad Wali        Sat, 8/17/2013 11:05:50 pm

Let’s wait because there is no way to contact Google for re-can. Maybe Google is going nuts. Would you mind if I use this chat in one of my blogs that I am going to upload regarding this issue?

Don P.   Sat, 8/17/2013 11:06:18 pm

Sure, no problem.

Ahmad Wali        Sat, 8/17/2013 11:06:28 pm

Great! Thank you 🙂

Have a good day

Don P.   Sat, 8/17/2013 11:06:38 pm

You too, thanks!

Updated: 20 August 2013

Google Malware Test

At first place I did not run a malware test by Google or my web host. However, I requested complete audit from my webhost and Malware test from Google. You can see the picture from Google Webmaster Tools showing there are no malware on the website.

google malware test

Click to enlarge

Furthermore, here are the results from my webhost for complete audit of my blog.

Hi Ahmad,

Audit of your account has completed, and here are the results:

************************************************
AUDIT : ebestcar (Mon Aug 19 01:32:16 CDT 2013)
************************************************

Downloading latest pattern set..
(173 patterns to search for)
Downloading latest versions set..

public_html/ permissions (0750) okay

Applications installed
———————-
(* Most recent stable release)
WordPress CMS 3.6 (*3.6(???)) => /home/ebestcar/public_html/

Malicious files
—————
[Minimum required score: 5.0]
(Fri Aug 16 01:48:08 2013 : 0644) /home/ebestcar/public_html/wp-admin/.htaccess [11.6] {HTPASSWD,}
(Thu Feb 16 08:07:37 2012 : 0644) /home/ebestcar/public_html/wp-content/bps-backup/master-backups/backup_wpadmin-secure.htaccess [12.2] {HTPASSWD,}
(Sat Jul 20 05:00:51 2013 : 0644) /home/ebestcar/public_html/wp-content/bps-backup/master-backups/wpadmin.htaccess [11.6] {HTPASSWD,}
(Sun Jun 2 05:17:43 2013 : 0644) /home/ebestcar/public_html/wp-content/bps-backup/wpadmin.htaccess [11.6] {HTPASSWD,}
(Tue Aug 6 04:37:23 2013 : 0644) /home/ebestcar/public_html/wp-content/plugins/bulletproof-security/admin/htaccess/wpadmin-secure.htaccess [11.0] {HTPASSWD,}

FTP logins
———-
SOURCE DATES
————– —–
103.12.40.178 Aug 16 (unknown)

ControlPanel logins
——————-
SOURCE DATES
————— —–
BACKSTAGE 08/17/2013

Malicious files listed above look like false-positive, so I believe you can conclude that the account is clean!

Please let us know if we can assist you any further.

Thanks,

Dragan Stamatovic
Senior System Administrator, Site5.com

One Response to “Google Webmaster Tools Showing Wrong Warning in Manual Actions”
  1. Karl King

    Thank you very much for the heads up. I’ll have to check all of my sites now to make sure if mine has been hacked or not. The forums I have one of my sites forums where I believe Russians are taking over and I need to fix it.