Google flagged site due to mod_userdir

There are occasions on our shared servers, when Google may send you a notice saying your website is hacked. The notice will include your domain name; however, the username at the end is not your username. Google hack notification showing a similar url like the following:

https://example.com/~baduser

If you receive a notice like this from Google that shows your domain with the wrong username added to it, it is your site being confused with a hacked site. This is caused by the “mod_userdir Apache module“.

Why is my domain with the wrong username?

Domains that share the same IP address can have cPanel usernames added to the end to reach a particular account. For example, If an account domain-one.com has IP 72.155.26.36 with the username userna5 and they share the same IP as a different cPanel account called domain-two.com with username domain2, then you can visit the site using another persons username like the following.

Correct URLsIncorrect URLs
https://domain-one.com/~userna5
https://domain-two.com/~domain2
https://domain-two.com/~userna5

This is how the Temporary URL system works on the cPanel servers. We do not know why Google caches domains like this. It could be because of an intentional script, someone visiting it, or a error on Googles side. It is hard to say. This is a common issue with all hosting companies that use temporary urls with cPanel.

What to do if your receive this Google warning

This warning is what’s called a “False Positive“, meaning, it falsely flagged your site as a hacked site because of the “mod_userdir” Temporary URL. In most cases you do not need to do anything. The Warning is not going to effect your website functionality, nor will your site get bad search results.

If you do receive a warning for this, please notify tech support to have Systems look to see if your account can have the “mod_userdir” setting disabled.

Was this article helpful? Join the conversation!