How to check if your website got Hacked?

Damn Viagra selling terrorists wearing Louis Vuitton!!!

You might be thinking:“What the heck`s wrong with this guy?”

But the truth of the matter is that most of you have visited a hacked website, whether you know it or not.

Eventhough you might have not seen any of these items lately:

Most commonly used “Hacked sites” sold products!

You`ve probably visited a site thats pleagued with viruses aka was hacked by someone or something and has Viagra/Louis Vuitton/Cheap Nike written all over it…or have you?

“Nop. I haven`t been to any of these.”

Really? Think again…

Why are sites getting hacked and why should you care?

It is estimated that over 30,000 sites get hacked each day. That`s almost 11 million sites a year or basically a site every 3 seconds.

Is your site one of them? How would you even know if it got hacked?

Usually when we talk about hacked sites people presume that there are actual hackers sitting behind a computer trying to infiltrate websites all day long, but that is not the case.

There are viruses/worms/spiders/programs (call it what you like) crawling the web constantly in search of vulnerabilities where they can infiltrate any website.

The 2 most common gateways are low-quality hosting providers with low security standards and low-quality plugins/modules/extensions installed on your website.

So if you have a wordpress blog and have installed 10 new plugins in order for the blog to “perform better”, there is a great possibility that not all of them are profesionally made and are therefore easy targets for the above mentioned viruses.

There is always a but…

What most of the viruses do is implant code on a “secret” (or sometimes not so secret) part of your server with the intent of showing their subpage on your domain.

No matter what the content on your site is about, it will now be about viagra/nike/louisVouitton as well, if you like it or not.

Your website might be called something like www.greensmoothies.com, well not there will be hundreds if not thousands of www.greensmoothies.com/buy-viagra-cialis-250mg style sites live and indexed in Google.

This is WHY it is critical to know if your site has been hacked. Google doesn`t like hacked sites and will punish you for not taking notice.

I just did a random search in order to find a “hacked” site in the greens/smoothies niche and look what I found:

Exact same domain/website running simultaneously.

As you can see from the site above the site has obviously been hacked. (Do not worry, I have contacted the owner of the site at once and told him all about it. Hopefully he will take the neccessary actions to delete it.)

The site has been infected and now there are hundreds of subpages with this exact e-commerce (online store) where people can actually make a real life purchase of viagra and other illegal substances, without the owner ever knowing.

But why sell viagra on my site? It has nothing to do with pharmacy at all!

It doesn`t matter…

Your site (prefferably aged sites 3+ years) has some authority in Googles eyes. It is far better to put some content, or anything we wish to rank high in Google for, on an aged site with authority that`s been around for a couple of years, than to put it on a fresh new domain.

So putting their viagra store on your domain and then blasting it with 10.000+ links will be less suspicious to Google and will rank faster (it will not last long though, since Google will catch on and probably de-index your site). Your site will be as good as dead, but the viagra guy will just find 10 new ones. Do you get it now?

How do I check my site?

A picture is worth a thousand words…

Just switch “yourdomain.com” with your actual domain.

The picture is pretty much self-explanatory. This works with any domain extension and for any country.

In order to be as sure as you can be about the variation of hacking involved also try these keywords for intitle:

  • cialis
  • kamagra
  • pharmacy
  • louis vouitton
  • cheap nike
  • ugg boots

Scroll through 2-3 pages of Google and you will be able to spot something like this, if you are infected:

The boxed out domain is from a top20 university.

NOTE: You can, and most probably should, check your clients sites for infections if you are doing SEO, PPC, web-design or any kind of web-related services.

PRO TIP: You can also dig around sites in the niche you are going after to land a client and check everyones sites. If you find an infected site, just let the owner know about it , along with the solution (found in the next paragraph). This will get your foot in the door for possible future cooperation ๐Ÿ˜‰

How do I fix the issue, if hacked?

There are many ways to go about fixing this issue.

If your site is running on WordPress (most of the web is) you should first and foremost update all themes and plugins currently running and also delete all the themes and plugins you are not using (and don`t intend to use in the future). You should also change your passwords for all users assocciated with your site.

After completing the basics I urge you to download and setup a free plugin called Wordfenceย and just run it through aka follow the instructions. The above mentioned sequence clears out 95%+ of all incidents.

For non-wordpress users I suggest you turn to your webmaster or directly to your hosting provider with the exact information you have gathered. The infection might had been a servers fault and could be spreading on their servers if you are using shared hosting (many sites on the same server).

All users should also check the Google Search console (former webmaster tools) if you have it installed and let Google know about the malicious subpages so that he can remove them from the index. It`s always better that he hears it from you, than to find it out for himself.

What can I do to prevent it from happening?

If your site is not infected you should still keep an eye out and do the above mentioned checks every couple of months and check Google search console for any suspicious activities reported.

WordPress users are advised to keep your themes, plugins and wordpress instalation up to date at all times (its just 3 clicks ๐Ÿ˜‰ ).

The best and by far the most important action you can take is to invest in quality hosting like Bluehost.com or similar. It`s dirt cheap compared to the price you pay for a de-indexed site.

“I hope I`ve made it clear that hacked sites are a real problem and should be treated as such. Always be on the lookout for updates and try to invest in quality hosting.”

I am sure you have many friends,coworkers and business partners running their own websites. Let them know about this trick by sharing via the social icons on the left.If you like my content and would like to be informed when new content comes out feel free to follow me on Twitter or like my FB page. Feel free to leave a comment, if you have any questions.

Sincerely, Buyseech

Comments

comments

Posted in SEO