I'm currently dealing with a hacker which is able up to this point to upload the HTML file verification from Google Search Console to my servers and become a verified owner. From my research the hackee is not after my site instead he's trying to make google to index a lot of content through my websites. From my research this is what the hacker is doing:
- creates a rewrite rule in my web.config
- deletes the sitemap register in google search console and adds about 7 sitemaps with thousands of resources.
I'm not sure if this is related but all websites hacked up to this point (4) they don't belong to my CDN network because these clients have their email service with a different provider and my CDN feature works only if all DNS servers are pointing to the my hosting provider.
The reason of this post is to find out if somebody already went through this so I can get more recommendations and also to let everybody knows about this thread for future reference.