Paid and Organic Search Marketing

How A Rogue, Hacked Subdomain Got My Primary Domain In Trouble with Google!

When a new service hits the market that I want to test out, I typically sign up and give it a test run. For many platforms, part of the onboarding is to point a subdomain to their server so you can run the platform on your subdomain. Over the years, I’ve added dozens of subdomains that pointed to different services. If I got rid of the service, I often didn’t even bother cleaning up the CNAME in my DNS settings.

Until tonight!

When I checked my email tonight, I got a message that scared the heck out of me. It was a warning from Google Search Console that my site had been hacked, and I needed to request a reconsideration to ensure my site stayed in search results. I host all of my core domains on premium hosting accounts, so to say I was concerned is an understatement. I was freaking out.

Here’s the email I received:

DK New Media Hacked Content

Take a closer look at the URLs that Google Search Console listed, and you’ll see that none were on my core domain. They were on a subdomain called dev, one of the test subdomains that I’ve used for dozens of different services.

Was My Site Hacked?

No. The subdomain was pointing to a third-party site that I no longer have any control over. It appeared when I closed the account there; they never removed their domain entry. That meant that my subdomain was still active and pointing to their site. When their site was hacked, it made it appear that I had been hacked. Even more surprising is that Google Search Console didn’t care that it was some rogue subdomain; they were still ready to pull my clean, core site out of search results!

Ouch! I never thought they’d ever be at risk.

How did I fix it?

  1. I went through my DNS settings and removed any unused CNAME or A Records that pointed to any service I wasn’t using anymore, including dev.
  2. I waited until my DNS settings propagated around the web to ensure the dev subdomain didn’t resolve to anywhere anymore.
  3. I did a backlink audit using Semrush to ensure the hackers didn’t try to increase the subdomain’s authority. They hadn’t, but if they had, I would have disavowed each of the domains or links via Google Search Console.
  4. I submitted a reconsideration request immediately via Google Search Console.

It only took a few weeks for my search engine visibility to bounce back, but that was quite the scare.

How Can You Avoid This?

I recommend that you review your DNS settings at least once a month to ensure that you’re removing any subdomains that you’re not using. I’m going through the rest of my domains right now. I’d also recommend that you buy a separate domain for third-party services rather than risk your core, organic domains. This way, if a subdomain gets hacked, it won’t affect your primary domain’s search authority and visibility.

Douglas Karr

Douglas Karr is a fractional Chief Marketing Officer specializing in SaaS and AI companies, where he helps scale marketing operations, drive demand generation, and implement AI-powered strategies. He is the founder and publisher of Martech Zone, a leading publication in marketing technology, and a trusted advisor to startups and enterprises… More »
Back to top button
Close

Adblock Detected

We rely on ads and sponsorships to keep Martech Zone free. Please consider disabling your ad blocker—or support us with an affordable, ad-free annual membership ($10 US):

Sign Up For An Annual Membership