They seem to be causing 5xxxx errors on our search console that I can’t figure out how to resolve as they don’t actually exist (couldn’t post second image, will post as reply).
When I try to go matrix.education it doesn’t resolve and shows a Cloudflare DNS error. We haven’t set up matrix.education on Cloudflare though.
I’ve asked our website developer and he’s not really sure how to deal with this. We own the matrix.education domain, but we don’t use it or have it pointing anywhere. I could block backlinks coming from matrix.education but I’m not entirely sure I do that in case we start using the domain. I’ve spoken to a few other IT people, but nobody really has any ideas on how to solve this one. Any help or directions would be appreciated.
To be clear, I’m an SEO person with some tech skills, but this is way out of my comfort zone.
Hi @fritex , Thanks for replying. For a bit of context, we only use Cloudflare for DNS hosting. Our main site is located at matrix.edu.au and is hosted on Kinsta. We don’t actually have anything on matrix.education it’s just a domain we own sitting dormant. Could you explain how the above would help, please? Just so I can understand why I am doing things?
We’ve already been troubleshooting with point 5 and turned up nothing.
It seems there’s a problem of ownership that needs to be resolved before Cloudflare would be able to help you with other issues.
You claim that matrix.education belongs to your institution, but it has been added by someone to a Cloudflare account, and it seems you have no control over that Cloudflare account. Surely someone then must have gained access to your institution’s account with the registrar for that domain, to be able to point its Name Servers records to Cloudflare.
The first thing to be done is verify with the domain’s registrar if you still have ownership of the domain. After the domain ownership issue is resolved, hopefully favorably to your institution, change the NS records to point to your hosting provider’s default (don’t use any Cloudflare nameservers yet).
At that point you should open a ticket and request to Cloudflare support to remove the domain from that account, as by then you’ll be able to demonstrate you have control over the domain. Post back here the ticket number in case you face any difficulties.
After all is settled, then you add the domain back to Cloudflare, by pointing to its newly-assigned nameservers, making sure to subsequently protect it with DNSSEC and HTTPS. As your experience shows, even a parked domain resting somewhere can be a security vulnerability!
As for the existing backlinks, please head over to Google Search Console support community for instructions on how to best deal with, and possibly remove, them.
Hi @cbrandt , thanks so much for this. We’re looking into the domain issue. It’s definitely ours, it’s listed on our dash with Ventra IP, our provider. But something doesn’t match up with doing a whois search. I will post back when I learn more. Will do the support ticket and post that here.
Hi @jnperamo , Thanks for your input. I’ve got the disavow file ready to roll in SE. Yes, it is definitely a negative SEO attack. The whole thing that kicked this off was tanking SERP rankings and a 404 issue from thee spammers hitting our search feature back in October. It’s been an epic journey involving multiple dead-ends and IT support rabbit-holes that lead nowhere, @fiorpare is right though, we’ve had a dev look into it and somebody definitely seems to have hijacked one of our domains (matrix.education) to their Cloudflare account - we had it dormant and so never set it up in Cloudflare and so didn’t notice until now). Once we can put a stop to that, I’ll send off that disavow. I’m just waiting until we solve the domain issue. One of the problems is that I’m pretty sure they’re turning that domain on and off so I’m not entirely sure that disavowing the links is going to work on its own, it’ll just kick the can down the road. This article Anatomy of a Negative SEO Attack 💣 - The Raven Blog kind of sums up what I think is going on:
To make it even tougher to spot with tools, I’m seeing the attackers turn on and turn off domains really, really quickly…they’re hoping (I think) before the link analysis tools get any data on the domain, so it just looks like a weak domain. No nasty spam score in the toolbar.
Another problem is, because of the domain issue, none of my tools like HREFS and SEMrush show it up as an issue because they think it is internal.
I’ll keep you posted once support get back to me.