The nature of the URL is that it contains the tilde (~) character which in a cPanel shared hosting situation is user to denote a user account name. The server bypasses searching for the files and folders on your domain and attempts to load a user account on the shared IP number of your domain, which can lead to pages on other domains being loaded under your domain name. Obviously this is an undesireable result in any event, but more so when the ploy is used to infect your computer or distribute malware and other malicious software.
If you have receieved a message from Google about this then you need to follow the instructions provided as quickly as possible. Google tells you what to do, but it does not tell you how to do it. We expand on the subject with some how-tos below.
How to do it
1. Log in to your Google Webmasters account. click on the search console link and review the files listed. In this case it is likely that only one URL will be listed and that there will be no further explanation of the problem. If you do not have a Google Webmasters account, then you need to create one. Guidance for this activity is outside the scope of this article. It is possible to do it yourself. clickonIT Virtual Assistants can do it for you if you prefer.
2. The problem URL is not helpful to you as it refers to virtual folders that do not exist in your hosting space. Therefore there is nothing to remove. You should however advise your host of the problem by raising a support ticket and including the Google message. This will assist in getting the suspended account removed. You should also scan your site for viruses. Use the anti-virus scanner in cPanel and destroy any files it finds infected. If these files are core system files, then you will need to reinstate your website from a previous backup taken before your site was infected. If you do not have a series of backups to reinstate your site from or do not know when your site was infected, this should indicate to you the value of making regular backups retained for a reasonable period of time and the value in scanning your site for malware every day. With this procedure in place you will have a choice of backup points and an indication of when your site was infected and can reinstate the last clean backup set.
3. Securing your site from future attacks of this nature. In the case where your site is not infected and hackers are taking advantage of a configuration anomoly of your server system, it may seem unfair to expect you to take action to prevent this from happening again. However coping with system anomolies are the trade off for the low cost of shared hosting. You can do three things; 1) advise your hosting service of the Google message. They will/should act to get the suspended service deleted, 2) Disallow Google from indexing the problem URL and any that are likely to cause the same problem - therby stopping access to the URL spreading, 3) catch problem URLs and reject them so that they are dropped from indexes and do not present as a threat. See details below for technical specifics.
4. The message you received from Google has a link to request a review. Use it to request reversal of your site demotion and removal of the warning from thi URL. In any case the problem response will not now be accessible so the warning should not be triggered, but ask for it to be removed anyway. Advise Google that the URL in question is not of your creation and is a cPanel shared hosting anomaly that is beyond your control, you have reported the suspended account to your host and have prevented any response to problem URLs of this nature by redirecting them to a 403 error. Also confirm that you have scanned your site internally and externally for malware and that is it reported clean by all checking and reporting authorities.
If you have not yet received a message from Google about this it may be that you have not yet been attacked or that you have been lucky so far. You should act at once to prevent any response to URLs that contain the tilde character that are called under your domain name. Follow steps 1-4 above.Technical Specifics
Robots.txt
This is a plain text file found in your webroot folder. If you do not have one create one. Learn more in a different article specifically on this subject.
Edit your robts.txt file to disallow search engines to index problem URLS (any URL containing the "~" character) - In your robots.txt file add the line;
Disallow: /~
.htaccess
This is a hidden text file found in your webroot folder. If you do not have one create one. Learn more in a different article specifically on this subject.
Edit ,htaccess to redirect all urls containing the "~" character to a "403 - Forbidden" error page by adding these lines to the .htaccess file in your webroot;
RewriteEngine On
RedirectMatch 403 ^[a-zA-Z\/\.\:]*\~[a-zA-Z\/\.\:]
If "RewriteEngine On" is already in your .htaccess file, include the other line immediately after it.
Alternative Solutions
Done-For-You
clickonIT Virtual Assistants can quickly and efficiently take all the action required to address this situation, restoring and preserving your online reputation. http://www.clickonIT.com.au/virtual-assistant.php
VPS or Dedicated Server
This problem only exists on shared hosting environments. By hosting on a VPS or Dedicated Server you will not be affected by this problem. Contact clickonIT to discuss the benefits for your situation.
