How A Rogue, Hacked Subdomain Got My Primary Domain In Trouble with Google!

Google Search Console Hacked

When a new service hits the market that I want to test out, I typically sign up and give it a test run. For many platforms, part of the onboarding is to point a subdomain to their server so you can run the platform on your subdomain. Over the years, I’ve added dozens of subdomains that pointed to different services. If I got rid of the service, I often didn’t even bother cleaning up the CNAME in my DNS settings.

Until tonight!

When I checked my email tonight, I got a message that scared the heck out of me. It was a warning from Google Search Console that my site had been hacked and I needed to request a reconsideration to ensure my site stayed in search results. I host all of my core domains on premium hosting accounts, so to say I was concerned is an understatement. I was freaking out.

Here’s the email I received:

Highbridge Hacked Content

Take a closer look at the URLs that Google Search Console listed, though, and you’ll see that none of them were on my core domain. They were on a subdomain called dev. This is one of the test subdomains that I’ve used for dozens of different services.

Was My Site Hacked?

No. The subdomain was pointing to a third-party site that I don’t even have any control over anymore. It appeared when I closed the account there; they never removed their domain entry. That meant that my subdomain was still essentially active and pointing to their site. When their site had been hacked, it consequently made it appear that I had been hacked. Even more surprising is that Google Search Console didn’t care that it was some rogue subdomain, they were still ready to pull my clean, core site out of search results!

Ouch! I never thought they’d ever be at risk.

How did I fix it?

  1. I went through my DNS settings and removed any unused CNAME or A Record that pointed to any service I wasn’t using anymore. Including dev, of course.
  2. I waited until my DNS settings propagated around the web to ensure the dev subdomain didn’t resolve to anywhere anymore.
  3. I did a backlink audit using Semrush to ensure the hackers didn’t try to increase the authority of the subdomain. They hadn’t… but if they had, I would have disavowed each of the domains or links via Google Search Console.
  4. I submitted a reconsideration request immediately via Google Search Console.

I’m hoping it won’t be long and my search visibility won’t be hurt.

How Can You Avoid This?

I’d recommend that you review your DNS settings at least once a month to ensure that you’re removing any subdomains that you’re not using. I’m going through the rest of my domains right now. I’d also recommend you just buy a separate domain for third-party services rather than put your core, organic domains at risk. This way, if a subdomain gets hacked it won’t affect your primary domain’s search authority and visibility.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.