How to Tell If Your Site Has Been Hacked

305
5266

How to know if your site has been hacked? Sometimes you will know it because the site has fallen precipitously in the search engine rankings for no apparent reason. Or many of your pages are no longer indexed by search engines. Or, visitors send you emails complaining that their antivirus software is warning them to leave your site. These are not good things to have, because at that moment, the damage is done.

A better approach to proactively analyze your site for hacked pages. What you are looking for are unauthorized links to external sites, as most hackers use them to improve the search engine rankings of their own sites. This makes most of the hacked pages easy to find with a few simple queries in the search engines.

The key is to combine the "site:" command with one or more commonly used hacker ranking terms, such as "viagra" or "cialis". The "site:" command limits search engine results to pages in the given domain. For example, the query:

site: about.com

Restricts the search to the domain "about.com". All you have to do is add one or two keywords targeted by the hackers to the query, as in:

site: whitehouse.gov viagra

This query returns all indexed pages in the "whitehouse.gov" domain containing the word "viagra". (At the moment I'm writing this, there are actually two pages on the official website of the White House that have been hacked this way.

Although "viagra" is the most obvious term to look for, there are other possibilities. Any medicine against erectile dysfunction is a candidate: "levitra", "cialis", etc. The generic version of the brand names is also popular: "sildenafil", "vardenafil", etc. Really, any kind of drug product C is a good candidate, but you can also search for money generating ploys (think "forex" or "online gambling") and other things that A spam sensor would normally isolate in your incoming mail.

Of course, you will not actually see these links on the pages in question. Hackers do their best to hide the links to human visitors. But they do not hide them from the search engines, because it's a question of getting them to find these links and consider them as "votes" so that their own "monetary sites" are very well ranked, because they are very sought after, highly commercial and extremely competitive. This is why a simple search query exposes the hacked pages.

What do you do once you have found a hacked page on one of your sites? It depends on how links have been added to your pages and how your pages are generated. You will find a lot of help online on how to get rid of spam links to a website and "strengthen" your site against future attacks.

Do not forget to run this check on each of your sites every few days. This is a very quick and easy way to detect potential spam on links before it becomes a real problem.


Comments are closed.