How A Rogue, Hacked Subdomain Got My Primary Domain In Trouble with Google!
When a new service hits the market that I want to test out, I typically sign up and give it a test run. For many platforms, part of the onboarding is to point a subdomain to their server so you can run the platform on your subdomain. Over the years, I’ve added dozens of subdomains that pointed to different services. If I got rid of the service, I often didn’t even bother cleaning up the CNAME in my DNS settings.
Until tonight!
When I checked my email tonight, I got a message that scared the heck out of me. It was a warning from Google Search Console that my site had been hacked, and I needed to request a reconsideration to ensure my site stayed in search results. I host all of my core domains on premium hosting accounts, so to say I was concerned is an understatement. I was freaking out.
Here’s the email I received:
Take a closer look at the URLs that Google Search Console listed, and you’ll see that none were on my core domain. They were on a subdomain called dev, one of the test subdomains that I’ve used for dozens of different services.
Was My Site Hacked?
No. The subdomain was pointing to a third-party site that I no longer have any control over. It appeared when I closed the account there; they never removed their domain entry. That meant that my subdomain was still active and pointing to their site. When their site was hacked, it made it appear that I had been hacked. Even more surprising is that Google Search Console didn’t care that it was some rogue subdomain; they were still ready to pull my clean, core site out of search results!
Ouch! I never thought they’d ever be at risk.
How did I fix it?
- I went through my DNS settings and removed any unused CNAME or A Records that pointed to any service I wasn’t using anymore, including
dev. - I waited until my DNS settings propagated around the web to ensure the dev subdomain didn’t resolve to anywhere anymore.
- I did a backlink audit using Semrush to ensure the hackers didn’t try to increase the subdomain’s authority. They hadn’t, but if they had, I would have disavowed each of the domains or links via Google Search Console.
- I submitted a reconsideration request immediately via Google Search Console.
It only took a few weeks for my search engine visibility to bounce back, but that was quite the scare.
How Can You Avoid This?
I recommend that you review your DNS settings at least once a month to ensure that you’re removing any subdomains that you’re not using. I’m going through the rest of my domains right now. I’d also recommend that you buy a separate domain for third-party services rather than risk your core, organic domains. This way, if a subdomain gets hacked, it won’t affect your primary domain’s search authority and visibility.
Related Martech Zone Content
