From 3,043 GSC Errors to Zero: Malware Recovery Done Right
How we eliminated Chinese malware spam and restored clean Google Search Console for a Texas locksmith in 16 hours.
Complete Error Resolution
The Challenge: Hidden Malware Attack
report Initial Problem Report
Client reported "big mess with over 8k pages not found, canonical errors etc." in Google Search Console. They attributed it to a recent WordPress-to-Astro migration.
What It Actually Was: A Chinese e-commerce malware attack from months prior had injected 2,984+ spam URLs that were still in Google's index.
bug_report Discovery Findings
- close 3,043 total indexing issues
Across 7 different error types
- close 98.1% were malicious
2,984 spam URLs from hack
- close Only 1.9% legitimate
59 real URLs needing redirects
warning Malware Patterns Found
- shield
/pages.php?b=[number]&channel=[number]995+ variations • Chinese e-commerce spam
- shield
/goods.aspx?shopdetail/[number]400+ variations • Fake product injection
- shield
/link.htm?q-~[encoded]350+ variations • Backlink injection
Error Type Breakdown
| Error Type | Total | Spam | Legitimate | Spam % |
|---|---|---|---|---|
| 404 Not Found | 995 | 989 | 6 | 99.4% spam |
| Duplicate without canonical | 788 | 773 | 15 | 98.1% spam |
| Server error 5xx | 244 | 220 | 24 | 90.2% spam |
| Crawled not indexed | 1000 | 993 | 7 | 99.3% spam |
| Duplicate, Google chose canonical | 465 | 459 | 6 | 98.7% spam |
| Page with redirect | 10 | 0 | 10 | 0% spam |
| Excluded by noindex | 6 | 5 | 1 | 83.3% spam |
The Security-First Solution
We implemented a systematic 6-phase approach focused on security, preservation of SEO equity, and complete error resolution.
Phase 1: Discovery
- check Analyzed 7 GSC export files
- check Identified malware patterns (pages.php, goods.aspx)
- check Separated spam (98.1%) from legitimate issues (1.9%)
- check Created prioritized remediation plan
Phase 2: Security Implementation
- check Deployed "Security Sandwich" (3 layers)
- check Vercel routing + Astro middleware + robots.txt
- check Implemented 410 Gone responses for spam
- check Tested malware pattern blocking
Phase 3: Redirect Mapping
- check Analyzed 59 legitimate old URLs
- check Consolidated 30 zip codes → 3 regional pages
- check Created 106+ targeted redirects
- check Prioritized by impression volume
Phase 4: Content Creation
- check Built 3 new location pages
- check Built 7 new service pages
- check Optimized canonical tags
- check Fixed query parameter duplicates
Phase 5: Sitemap & Automation
- check Generated custom 54-page sitemap
- check Built Python GSC API submission script
- check Automated old sitemap removal
- check Verified successful Google crawl
Phase 6: Testing & Validation
- check Verified all malware URLs return 410
- check Confirmed redirects working
- check Tested new page indexation
- check Final GSC audit: 0 errors
The Security Sandwich: Multi-Layer Defense
We implemented three layers of security to block all malware patterns. This redundancy ensures complete protection even if one layer fails.
Layer 1: Server-Level
Platform
Vercel Configuration
Implementation
Security headers and route blocking
Benefit
Blocks malicious patterns before application code
Layer 2: Application-Level
Platform
Astro Middleware
Implementation
410 Gone responses for spam URLs
Benefit
Tells Google to permanently stop crawling
Example: Astro Middleware
// Return 410 Gone for malicious patterns
if (isMalicious) {
return new Response('Gone - security incident removed', {
status: 410,
headers: {
'X-Robots-Tag': 'noindex, nofollow',
'Cache-Control': 'public, max-age=31536000, immutable'
}
});
}Layer 3: Crawler-Level
Platform
robots.txt
Implementation
Explicit disallow rules for malware patterns
Benefit
Prevents search engines from attempting crawls
Why Multi-Layer Defense?
If one layer fails, others protect
Complete attack surface coverage
Prevents similar future attacks
6 Strategic Lessons Learned
Security First, Always
We immediately recognized this as a security issue, not just a migration problem. Treating symptoms (individual redirects) instead of the disease (malware attack) would have wasted weeks.
Multi-layer defense ensures complete protection and prevents re-infection.
The Security Sandwich Works
3 layers of defense (server, application, crawler) created redundancy. If one layer fails, the others still protect. This pattern is now standard for all post-breach recoveries.
Redundancy is critical. Single-point security = single point of failure.
410 Gone > 404 Not Found
Using 410 status codes instead of 404 tells Google "this is permanently deleted, stop crawling." Results in faster removal from index and reduced crawl budget waste.
410 = explicit signal to stop. 404 = "might exist elsewhere, keep checking."
API Automation Saves Time
Built Python script for GSC API sitemap submission. Automated old sitemap removal and new submission. Google crawled within 1 second. Reusable for all future clients.
Automation investment: 1 hour. Time saved per project: 30+ minutes.
Data Collection Upfront
Client provided 7 GSC export files incrementally. Should have requested all at once. Would have saved 25% of project time by seeing complete picture immediately.
Lesson learned: Request ALL GSC data exports in first conversation.
Simple Solutions Win
Used post-build script for sitemap naming instead of complex Astro integration. Simpler to build, easier to maintain, works with any framework. Avoided over-engineering.
Framework-agnostic solutions = more reusable, less technical debt.
Technical Highlights
GSC API Automation
Built Python script for programmatic sitemap submission via Google Search Console API.
- check Automated old sitemap removal
- check Submitted new sitemap programmatically
- check Google crawled within 1 second
- check Reusable for all future clients
410 Gone Response
Used 410 status codes instead of 404 to tell Google these pages are permanently deleted.
Why 410 > 404?
- • 410 = "stop crawling permanently"
- • 404 = "might exist, keep checking"
- • Faster index removal
- • Reduces wasted crawl budget
Build Pipeline Integration
Simple post-build script for custom sitemap naming. Framework-agnostic, easy to maintain.
// package.json
{
"scripts": {
"build": "astro build && node scripts/rename-sitemap.js"
}
}Smart Redirect Strategy
Prioritized redirects by GSC impression volume. Consolidated similar pages to reduce redirect count.
- High-value (300+ impressions): 1:1 mapping
- Medium-value (50-300): Regional consolidation
- Low-value (<50): Category catch-all
Need Similar GSC Cleanup for Your Site?
This systematic approach works for any post-hack GSC cleanup, malware recovery, or major indexation issue. We've built reusable tools and procedures from this project.
check_circle This Approach Works If:
- check GSC shows hundreds or thousands of indexation errors
- check Your site was hacked or infected with malware
- check You recently migrated platforms (WordPress, Wix, Squarespace, etc.)
- check Google is crawling spam URLs or duplicate content
- check You need to preserve SEO equity from old URLs
verified What You Get:
- arrow_right Complete GSC error elimination (target: 95%+ resolution)
- arrow_right Multi-layer security to prevent re-infection
- arrow_right SEO equity preserved via strategic redirects
- arrow_right Clean, optimized sitemap submitted to Google
- arrow_right Documentation of all fixes for future reference
Free GSC Error Analysis
Send us your GSC error exports and we'll analyze the scope, identify malware patterns, and provide a remediation plan. No obligation.
Clean GSC, Clean Conscience: 3,043 Errors → 0 in 16 Hours
This systematic security-first approach works for any post-hack cleanup, malware recovery, or platform migration. We've turned this into a repeatable process with reusable tools and documented procedures. Your GSC errors don't stand a chance.