(perky techno music) – Alright, hello everybody. My name is Krasimir. I’ve been working insecurity for a while now. I really enjoy vulnerabilities, exploits just reading about them, testing them anything about securityreally is a passion of mine. I also like playing with hardware. I like playing with Raspberry Pi other small computers, microcontrollers. Yeah I have a lot of hobbies and projects.And another thing I love is traveling. I love to visit different countries. But today we’re hereto talk about SEO Spam. So in this webinar youwill learn about SEO Spam and what attackers gain from SEO Spam and how to deal with attacks effectively. We’ll go into more details about SEO Spam the different variations and why your website might be targeted. How these attacks are facilitatedand how you can determine if your website contains any SEO Spam. Obviously sometimes it’s not so easy. A lot of times you justsee it on the website when you visit one day, and it’s like: Oh there’s a lot of spam. But in some cases it’s not so easy. So we’ll discuss that andwe’ll see how we can determine. Yeah and we’ll also obviouslydiscuss some ways you can protect your websiteand how to prevent it from being compromised in the first place. So let’s start with SEO Spam.And what is SEO Spam? So SEO Spam is usually acombination of links, keywords and other phrases that areinserted into the website.(digital beep) It could be anything really. In many cases it will includea link to another website. It could be doing it just to get people to visit their website. Or it could be malware-related. But in most cases they include a link to their website which contains more spam. And they’re trying just to get visitors away from your website and to the website they want to promote. And from there it could be anything. Could be they just want traffic. Could be they havemalware on their website and they just wannacompromise computers on there.It could be that they’reselling something. It could be some kind of scam or something like pretending that they’reselling some kind of product. People putting their creditcard and then they get stolen. Or maybe, supposedlythey bought something but the product never gets shipped. Yeah there’s so many. Right, it’s referred as SEO Spam because it’s usually crafted in a way that targets specific keywords. These keywords are usuallyaround a link they’re promoting which the attacker is tryingto push to search engines. Or sometimes they mightnot target a search engine. It might just be for visitorsgoing to your website. There might not reallycount on search engines.They index the site or theymight not care if the site is visible in any search engines. It might not be indexedat all but as long as they get enough visitors fromcompromised websites they don’t really care. It still accomplishes their goal. Yeah in some cases they (mumbles) want their site to rank inGoogle, and want it to rank for specific keywords andthat’s why they’ll push these keywords, put ’em around the link. It depends in each case. Sometimes they do.Sometimes they don’t care. Obviously you have a lotof these sites stay long in search engines. So they might get indexedfor like a day or a week or something like that. They’ll gain a lot of rank. And then eventually Googlewill notice that this site is not really legitimateand some of these backlinks that they had start disappearingwhen website owners figure out that their website wascompromised, start removing them.And eventually this site will just get de-indexed completelyfrom the search engine. But I’m guessing they don’t care. They’ll just register anotherdomain and just keep going just keep compromising moresites just to place all the links on the ones thatare still compromised. And here you can see some examples. These are all from Googlebut it will look the same if you look at it througha different search engine.And you can see at the topwe’d just search for a site and then the domain and thenwe could search for a keyword. This is a way you can tryand see if you can protect any spam on your website. But you’ll have to try different keywords. It could be any keywordreally that they’re targeting. But they can see at thetop this one is more like a Japanese spam.They, I guess advertise in Louis Vuitton. You can see though on thisone, after the domain you can see that there’s afull-sized need.php so that need.php file isprobably the one that was uploaded there by the attacker. And it’s the oneresponsible for generating all the spam content. So they just used that file tojust generate random content. And that one is probably thefile that gets also pushed to Google to index it, andGoogle starts crawling in and that’s how these searchresults get on there. On the bottom left you can see this one is targeting Nike shoes. And you can see this oneis a little bit different and there’s still spam. But yet you can see theyjust target random keywords. Sometimes it’ll be a whole sentence. Sometimes it’ll just be random keywords that don’t make really any sense. But you can see even thoughwe removed the eventual URL we can see after that whereit has the IRIK, though be the actual URL on the website.You can see that it wasjust randomly generated. So in that case you’renot really looking for a particular URL, you might not see it. But on the right side you can see this one is more carefully crafted. You can see that this one is most likely a WordPress site andit was targeting Cialis and Viagra and just medical in general. But you can see that all the links there actually make sense and they’re targeting the content from the article. Like the Cialis alternatives is actually talking about Cialis alternatives. So this one is mostlikely a WordPress site that was compromised. And literally blog posts were created and they actually used thespecific URL for each blog post so they can generate these. This has all been automaticbut still you can see that sometimes they gothrough a lot of trouble just to compromise a site and make sure that there’s content gets indexed. And we’ll talk a littlebit about how does SEO Spam get on your website and why.This is really important. And in many cases SEO Spam gets on the website through a vulnerability. It could be a lot of things. It depends on your website but in general let’s take WordPressfor example it could be a vulnerability in one of your plugins. Or it could be a team that you have. You didn’t update it. Or maybe you just didn’t updateyour WordPress in general and there’s a core vulnerability that attackers areusing but never updated.Yeah a lot of the attackersusually, they’re looking for wall-hanging fruitsor they’re not looking for big sites or anything like that. They’re just looking for sites that haven’t been updated in awhile. And they’ll just scam thousands of ’em. Yeah they’ll just look for, through like a let’s say you don’t have alist of a million websites that they just got fromsearch engine or something. Or maybe online somewherethey found a list of WordPress sites andthey’ll just go through the whole list with the bot. And the bot will just lookfor websites and look for (mumbles) does thiswebsite have this plugin? Okay.Is it vulnerable? Okay if it’s vulnerable exploit it. If it’s not let’s check the next one. Does it have this otherplugin that’s also vulnerable? Can we exploit it?No, okay. Let’s check the next one. And if it finds one then exploits it moves onto the next website.Yeah there are many ways,many reasons why attackers might wanna distribute SEO Spam. Yeah like I said beforethey could be trying to get a large number of users totheir vulnerable website which will be a scam orsell some kind of product. You know just traffic. They could also be lookingfor vulnerable computers that might visit their own website. Let’s say you visit a computer or visit the website with your computer,like your home computer without knowing that this one,it’s a compromised website. You get redirected to another website. It’s their own website. And all the sudden this websiteis canning your computer looking if you have aoutdated version of Windows. Or maybe your Flash plugin is outdated. Or maybe you have some othersoftware that’s running on your computer that mightbe vulnerable to attacks. So they’ll look for that.They’ll do a quick scan. You probably won’t notice anything. It won’t be any prompt or anything: Oh, do you wanna scan your computer? Or something like that. It’ll just be doing it in the background.And then it depends on the attack. So it might be silent.Others might be more obvious. Like it’ll just flash awindow and you’ll be like oh. You need to update your Flash player. And it’ll be convincing you.It’ll look like a real window. So you click on it andsuddenly you’re infected. And it depends on the attack. I’m sure everybody’s heard of ransomware.So it might be that the attack is starting your computer just for ransom. It’ll encrypt all your files. And they’ll send you an email or change your wallpaper or something. Just be like: We want $600, let’s say. You just need to send ’emtwo bitcoins to this address or we’re just not gonnaun-encrypt your files so you can’t use any of your files. Some people have importantthings on their computer important files thatthey just can’t get away with not having. They don’t have any backups. So they don’t really have an option. Some of them actually pay the ransom. Or it could be something else. They might just want your computer just to erase everything on it. In some cases they might want to just turn it into a part of botnet.A botnet is usually anetwork of computers. They’re all compromised. And in most cases users don’tknow that their computer is compromised or part of a botnet. And they’ll be a commandand control center that controls all thebots and the network. All the computers they’rebasically compromising the botnet. And they can do all kinds of attacks. For example if yourcomputer is part of a botnet it could be used along withall the other computers to attack one website. Let’s say there’s a really popular website that makes a lot of salesand sells a certain product and a attacker know thatthey’re making a lot of money. So they’ll contact the ownerof the website and they’ll be like: I want you to pay me $1,000 otherwise I’ll take your website down. Obviously the owner ofthe website won’t pay ’em at least at first.So they’ll just attack the website. They’ll make so manyrequests to the website using all these computersthat the server won’t be able to handle itand the website it would die, hang, and nobody’dbe able to access it. And then they’ll just keepsending emails and be like: We want this amount of moneyotherwise we’ll continue attacking the website. And some users have no choicebut to pay the ransom just so they’ll stop attackingtheir website and leave it alone so they can makesales and sell their product.So yeah there’s a lot of reasons. Yeah there’s a lot more reasons. It’s hard to say exactly why they do it. But yeah it’s never a good reason. Yeah I wanted to touch alittle bit on small websites. I know probably a lot ofpeople are like: Well I have a small website. It’s like why would Icare if my website is or why would somebodycare about my website? It’s so small. I don’t really have a lot of traffic. Or I don’t make any money off of it. And I’d be like: personalblog or something or it’s only my family that visits my site or something like that. It’s like there’s no reason for ’em to compromise my website.I shouldn’t worry aboutsecurity and stuff like that. But that’s not true. Most of these attacks are done automatic. So it’ll be some kind ofsoftware, we call it a bot. So they’re not reallytargeting specific sites. It’s not like yourwebsite is more valuable. It might be but, for the most part they don’t really look at that. They’re not gonna lookinto your page ranks or how many visitors you get a month.They’ll just get a list of million sites and they’ll just keep going. And in a matter of a fewhours the bot will probably be able to go through allthe sites on that list. And if you’re vulnerablethey’ll compromise. It doesn’t matter whatkind of site it is and it doesn’t matter what kind of content.You have a lot of visitors.Not a lot of visitors. Yeah they’ll just look forsomething to compromise. Yeah if it’s vulnerable and the bot can exploit it then itthen it will be infected. So let’s talk a little bitabout detecting SEO Spam. This one’s a little more tricky. Let’s say you’re not sure ifyour website was infected. I mean a lot of times you might see it. It might be related to something else. Like let’s say yourwebsite was compromised and then it was sending spam emails. Or maybe pages got deleted.Or it was more severe. And then one of the symptomsof the compromise was the SEO Spamming notice thatthey also injected SEO Spamming into your website. But in some cases youmight not see it at all. The website might’ve been compromised but the attacker doesn’t want you to know that they compromised the site. Otherwise you erase the content right? Or restore backup or something. So in some of these casesthey might just keep silent and just create new pages,like completely new pages that you might not even beable to see in your WordPress dashboard if you’re using WordPress.Or they’ll just hide ’em insome subdirectory, just create an HTML file in some hidden subdirectory. Or maybe a directory inside adirectory, inside a directory. And then they’ll just fill it with spam and links and whatnot, andthey’ll just keep it there. And there’s not gonna be anysign on the actual website. Like if you go through yourmain website, there’s not gonna be a link to that specificpage that has the spam. But they still give the link to Google. So Google starts indexing these pages and well technically, they’restill on your website. You might not know that they’re there but they’re still indexing.That’s part of your website. And we see that a lotwith online essay sites. They do that a lot. I guess trying to getmore visitors and trying to rank these essay sites that apparently create real essays forpeople that don’t want to write ’em in college and whatnot. But we see that a lot. Especially recentlythere’s been a goal interim but online essay sites,apparently they hire people to just spread their website everywhere. And in a lot of times they’lljust create random pages and just put links to their own site. And you won’t know it unless you search for something specifically,like online essay and then your domainor something like that and you’ll find it.So what I recommend is checking this website called unmaskedparasites. It’s a really good websiteto detect things like that. It can detect a lot ofthings but this guys are looking for find hidden links. And you can go to the main website and you can look under theirsecurity tools and you’ll find the hidden linksto find hidden links. It’s a really nice tool. And basically what itdoes is, I’ll show you. This is what it looks likewhen you got the page. And you can see, we’ll searchfor powered by WordPress and then you’ll search forcheap Viagra, cheap visas. I’ll search for secretdrinkers in your credit score or Viagra, strip poker, youknow all kinds of spam words. And any kind of keywordsthat might be targeted. Obviously you don’t haveto use the same exact ones. You can always click on one,like open in a new window and then move the keywords,insert your own keywords. If you want the news powered by WordPress you have a different site.You can use the techniquethat we’ve solved before where you use site, thencolon, then your domain and then space, and then youcan put some keywords in there. And see if anything pops up if you suspect that something might beinjected into your site. There’s also, if you havea WordPress obviously I believe there’s some Jungle as well but there is a lot ofplugins that can monitor for file changes andchanges through blog posts and things like that. So that’s obviously oneway you can monitor. I mean these plugins are not bullet-proof. They’re not gonna detecteverything all the time. I mean if it’s smarter tech it goes in they might even disablethat particular plugin before it can report to you and tell you that there’s something, some changes made. I mean these are obviouslynot running constantly. They’re not loading all the time. Let’s say some of these plugins, let’s say a plugin is on a 15 minute schedule. Every 15 minutes it’llcheck for pilot changes. Well if your website was attackedand the attacker disabled that plugin within that15 minute timeframe the plugin is never gonna scan again.So you just won’t receiveany alerts or nothing. And yeah, by the time younotice that the plugin was actually disabled, then your website was compromised and it’s too late. So I wouldn’t rely onthat as a bullet-proof way to protect your website. But it’s good to have onejust in case something goes in and changes your blog postor uploads in your file. That’s really nice to have that. When it works it’ll alertyou right away and then you can make some changes. If you’re in front of the computer something you can accessyour website you can try to suspend the site or limitaccess to it right away so the malware doesn’t spreadand Google doesn’t detect it and it doesn’t get evenworse than it already is.All right. And we should also talk aboutprotecting your website. Obviously keeping your websiteup to date is the best way. I mean if you have vulnerableplugins or even your WordPress you didn’t update it or youdidn’t have some other software maybe it’s not related toWordPress but some third-party software that you put on there. A lot of times we see people, they have a old version of the website. They’ll keep a backupof their old version. Maybe they update it to a new WordPress. Or maybe they migrate itfrom Jungle to WordPress or something like that. Then they just keep this old installation in a folder called backup or something that’s really easy to guess. Some of these bots will do that. They’ll look for directoriesthat might be like backup or maybe like admin or oldor something like that. You know, different directories that might contain another website and try to compromise it through there. So we always recommend ifyou’re not using something just get rid of it. If you have a plugin that you never use you just disabled it, there’s no reason for it to just sit there.Remove it if you have a old installation that you had in there. If you want to keep it zip it. Use your hosting Powmanager zip directory. And then keep the zip file but remove the actual directory with all the files. Obviously backup is always great to have. I mean it depends on the infection. You can have a backup but if your website has been infected for monthsand months you might not have a backup to restore from. So then in that case youmight have to clean it and try to salvage as much as possible. But yeah having a backupis always a good idea and especially if yourdatabase gets infected and things like that. There’s like thousands and thousands of keywords injected everywhere. It could be almostimpossible to replace all of them and find them. So having a backup just torestore the entire database is a lot easier thantrying to just randomly go through articles andlook for any kind a keyword that might be spent or remove it. Another thing, that’s obviously having a Web Application Firewall. We recommend having onethat does Virtual Patching.A firewall is always gonnabe a really good idea. It can protect your website obviously. But blocking different attackmethods, different exploits. It will scan traffic sothis traffic passes through. It will scan it and itwill look for what requests people are doing and thingslike that so it can prevent some attacks before it even happens. Like let’s say one pluginwas outdated and if you have a Web ApplicationFirewall, the firewall hopefully will block that attackbefore it even gets there. Somebody will try toaccess a file directly and the plugins directory andyou read some random query or something like that,but firewall detect that and be like: Why would they try to access this plugin file directly? And I’ll block it. Virtual Patching is also really good.For example our firewallhas Virtual Patching. So if we detect any newexploit or maybe vulnerability in a plugin that wasmade public we’ll create a virtual patch for that vulnerability and we’ll put it on the firewall. So even if you weren’t able toupdate your plugin right away let’s say you have a big site,and the site was attacked but you can’t, or decide it’s vulnerable but you can’t really pusha new update because you’re not sure what’s gonna happen. What if the site goes down? Or maybe you have this bigplugin that you’re depending on but you’re not sure what’sgonna happen when you push this new update andmaybe it’s not compatible with your version of PHP or your server or something or Apache, oryou gotta make more changes.A lot of people use a staging environment where they stage the update. Test it, see if everything works fine and then push through the live website. And that’s a really goodstrategy that works really well. But it depends on howfast you can do that. I mean what if you’re justlearning about a vulnerability in one of your plugins, butit was released 10 days ago and it’s gonna take a few days maybe to contact your developer,have them go through and update it on the staging site. And then push it in a fewdays after some testing. By the time you do that your website might already be compromised.Yeah attackers are really fastto pick up on these things. Especially if it’s a vulnerability that was released to the public. And even worse if there’sa proof of concept something they can goon, a lot of times when the new vulnerability’s foundand released to the public the person that found itwill do a proof of concept. And so there will be asimple script that shows the vulnerability thatmight not do anything like inject malware but it will show how the vulnerability works and whatnot. And then it’s super easy for attackers to just pick up on that. Just change it a littlebit for like half an hour.Make it so it injects somekind of malware or something. Just incorporate it intotheir arsenal they use to compromise websites. So yeah by the time you getit updated, your website might already have been scammed and hacked. So that’s why we alwaysrecommend keeping everything up-to-date, having abackup, and hopefully having a firewall as well to keep you protected if you can’t act fast enough. And there you can seethis is a little graphic. The firewall and how it actually works. But there you can seeinjections, spam, hackers even brute force attacks and bad bots. They go through the firewallwhich will be in the middle. They’ll be in the networkof the firewall, not notes. And then that traffic gets discarded. Good traffic goes to the website. So that’s the best wayreally to protect a website.But yeah, so this isthe end of the webinar. I will take some questions. – [Valentin Vesa] Not evenclose to the end of the webinar. Thank you so much Krasimir. We’ve got loads of questions. Let’s see if we can sneak in at least a few of them on the live show. And then as I’ve said in the beginning for those of you that maybejoined after we started Krasimir will go through allof the questions you guys sent. No matter they camethrough Facebook, Twitter or inside the Zoom session.And we will be havingthe Q&A document attached to the recording that willbe placed on the same page you registered for the webinar on. After those of you who registeredvia email in your forum you will also get the emailannouncing you when these the recording and everythingis gonna be on the site. So with that said, thankyou so much Krasimir. I’m gonna go to some of the questions now. Apparently SEO andspecifically SEO Spam is a big pain in the we-know-where. So a lot of the peoplehave questions first off. When I’m SEO Spam, does thatmean that I’m also hacked? Or can we say that there’san equal sign between being hacked and havingSEO Spam on the site? – And yeah, in most casesyeah, if you see SEO Spam on your website, it’s most likely you’re being compromised as well.I mean for the SEO Spamto get on the website they must have found avulnerability or somewhere. It’s very rare that we see SEO Spam that gets through from a comments. Like let’s say yourwebsite accepts comments and somebody just keeps scamming comments on your blog or something like that. Yeah that’s one way thatyou could see SEO Spam when it’s one of your comments. But that’ll be only onthe particular articles and only in the comments sections. So that’s easy. You can just get a pluginto clean up the comments. But yeah, if you see newpages created or spam that gets injected inbetween your article’s words and whatnot, like on thebottom of your articles not just in the commentsthen yes, the website was compromised at some point.And yeah these contact were injected. – [Valentin] Thank you, Krasimir. That’s good to know. What do you think, the nextquestion coming up here what do you think is the best protection if any (laughs) against SEO Spam? – I mean the best protection,obviously it’s great to update all your plugins. That’s the best way tokeep everything secure. But like I said if you can’treally keep up with that or it takes you a few days,the best protection will be to get our website firewall. There is so many out there. You have to evaluate whichone works best for you. I recommend one that alsodoes Virtual Patching so that when your vulnerabilitiesget released these can be patched through the firewall. And then you don’t have toworry about them specifically.I mean obviously thefirewall blocks attacks. But in most cases it’s generic attacks that they target certainbehavior and things like that. So having Virtual Patching,that’s a lot more targeted. So yeah the firewall will be the best. – [Valentin] And it’s worthmentioning that Sucuri firewall does Virtual Patching as well. – Right, right. – [Valentin] Nextquestion, this is actually a very interesting one. Does my industry matter to an SEO Spammer that tries to come off the MicroMain? So— Yeah. I don’t think theindustry building matters. I mean maybe at some pointit might be attackers that target a specific industry.Or maybe because thewebsite or the product they’re promoting or the,let’s say if they’re promoting essays and they’re tryingto convince college students to get free essays fromthis website, or paid essays to somebody who has towrite an essay for them then they might target college websites or something like that. Or websites that students might go to. But for the most part these bots these attacks are automated. And bots are doing allthe work or scripts. You know, it’s all automated. So no they don’t reallycare what industry you’re in or anything like that. They just take a large list of sites and just go through ’em and try to compromise as many as possible. – [Valentin] Yeah. Rubin is asking a question right now. He actually just sent this.I’m gonna skip through it.Apparently he says,”Thanks for the webinar.” So thank you Krasimir. – When? – When I tried to access myWordPress blog it redirects to a Viagra website. I checked the HD access andplugins but could not find where the redirection is hidden. I used the Unmasked Parasitessite you just presented. It reported that 301 and 302 redirects but I can’t find them. And we can help him with this. – Right. It could be also the index file. Some of the core filesmight have been changed. It doesn’t have to be the HD access file. It could be just the index.php. Or it could be something else hidden. I mean you could see it,that’s it’s redirecting but is it redirecting right awaybefore it loads any content? Or maybe it’s trying to loadsomething like let’s say it’s loading the headersection and your theme. And then as soon as it triesto load it then there’s a random redirecting there. Yeah it’s hard to sayexactly what it is but– – [Valentin] I hope and thisis something we can definitely fix for him, right? So— Right, right.- Yeah we— [Valentin] He can either reach out directly to usvia chat or just buy any of the plans on our, mostlike, maybe even Krasimir will get through for working the site– – (laughs)- [Valentin] (laughs) – Yeah. – [Valentin] That should fix it. So that’s not an issue for us to clean up. – Yep.Definitely. – [Valentin] Talking about WordPress. Actually Rubin just made the lead in here. The next question that I have is: Is there a specific CMSmore prone for SEO Spam? – There isn’t reallyone that’s more prone. A lot of people mistake let’ssay they look at statistics and they’re like: Ohmy God, look WordPress has been compromisedby this vulnerability. Or like: Look how many timesWordPress is being compromised.But then when you lookat the whole picture and it’s like: Well how manysites actually use WordPress? And they’ll be like: Somehuge number, like millions of sites that use WordPress. And how many use like(mumbles) or something? It’s like: There aren’t thatmany, so obviously WordPress will be a bigger targetbecause it’s more broadly used. So yeah, for the most partwe see WordPress a lot. But that’s not because it’s more prone. It’s more because it’s sopopular and people are using it. There’s always gonnabe third-party plugins that somebody else wrote. Not the core WordPress team.And I mean there’s obviouslysome people that go through ’em and they try to make ’em secure. But yeah, it’s never bullet-proof. I mean you’re installinga third-party plugin on your WordPress site andyou hope that it’s secure. But it’s not always possible. – [Valentin] Well anotherquestion regarding the plugins. So we’re still in the let’ssay Warcraft’s universe. From your daily activitycleaning sites can you speak to which WordPress plugin isa common target for malware that generates SEO Spam? – I don’t think there’s a common plugin. At one point we had some like a red slider that was really popular andit was a big vulnerability. And then we saw a large wave of websites getting compromised.But a few years backwe had (mumbles) thumb. That was also being targeted. I wouldn’t say it wasspecifically for SEO Spam. It was more like a really popular plugin that a lot of people were using. And a huge vulnerabilitywas found on it and so that we had thousands of websites that were just compromised. Yeah we were dealing withthat for months and months. Just cleaning thousands of websites. So I can’t say there’s a specific plugin that’s targeted right now or there’s like: Oh my God, there’s one. But it’s like: There’s likea wave right now one specific plugin that’s causing problems. I mean there’s so many sitesthat publish vulnerabilities in different plugins. A lot of them getpatched through the fast. So no it’s not reallyone particular plugin or anything like that.It’s usually a range of different plugins that are just easy to exploit. And there’s already avulnerability public. – [Valentin] We’re still notliving the WordPress universe. Greg has a question regarding,let me just read through. We recently added firewall toseclude our WordPress website and we’re unable to make editsto our site within WordPress since the IP address was changed. Is there a way to workaround this so we can have the firewall and still have the ability to edit our site via WordPress CMS? Most likely this is somethingthat they would raise in a ticket right?For our product? – I would recommend yeah,make a ticket and I’m sure one of our guys can figure outwhat’s being blocked on the site so we can make regular edits. And there’s also anothersolution you can use. The API that’s integratedinto the firewall.So you can literallyget a link and then put it on your browser likea bookmark, that link. And every time you click thelink it will check your IP whitelist your IP. And that said and then you canmake all the edits you want. – [Valentin] Yeah, so Gregif you can’t find it yourself feel free to open a support ticket and our team will most likely,easy to help you with that. – Very great. – [Valentin] Have another one question. There’s too many questionscoming in so we are really sorry. We’re kind of out of time. But I still wanna go through one. This says: Does Googlealways know when SEO Spam attacks your site? And what to do if myranking is still dropped after an attack? So I’m assuming this gentleman’s website is already under attack. So their SEO ranking are down now. – Yeah. Google doesn’t always knowor at least not initially. Sometimes it will takesome time sometimes. The attackers will intentionallynot want the content to be nixed by Google andthey’ll try to block bots.A lot of times Googlewill find a way to use they have so many IP’s and so many servers and different regions that eventually they’ll index the content. But it could take ’em weeks,it could take ’em months. You never know. So no, Google doesn’t alwaysknow if there is SEO Spam. Once the problem is fixed you could there’s multiple methodsthat you could try. It depends on how manypages were actually indexed that have the spam. If it’s only a few thenyou can always go through the Google Webmastersconsole and try to just de-list those pages.There’s a tool therethat you can use to tell it to remove those pages from the index. And then you can also submit a sitemap. The sitemap you have togenerate it somewhere else. And there’s plugins that you can use. The generator sitemapif you have WordPress. But a sitemap is just likemap of all your links. That they’re actuallythough, the pages they are part of your website.So then when you submit thesitemap you’re telling Google that these are all mypages, and anything outside of that is not on my website. So that also helps. But there is no way to instantly recover the ranking or something like that. It will still take Googlesome time to remove some of the links and indexthe ones that are valid. And then your rank will go up eventually. – [Valentin] Awesome.That’s good to know. Thank you so much Krasimir. Thank you to everyone whoregistered, participated today sent questions in. If you think of questionsthat you didn’t have time to ask now or you thinkyou have more advance or complicated questions,feel free to tweet us. You see our tweeter handleon the screen right now. Use the hashtag #AskSucuri.It will get to us. We’ll make sure you get your answers. Again this recording will be available on our website within a few days.And you’ll get an email with slides and everything you followed here. We’ll make sure to have all the links. Especially to Greg and everybody all that asked how they can access their sites even if they’re on their own firewall. Thank you again Krasimir. For those of you who didn’t know this was Krasimir’s first webinar and I would just want to say thank you. That was really well done. – Thank you. – And most likely we’re gonnalead back with Krasimir. So stay tuned. Thank you everyone. I’m gonna let Krasimir say goodbye to you. And then we’ll see you in about two weeks for our other webinar. Thank you. – All right. Bye guys. I can’t wait to see youon the next webinar..