How to Tell If Your Website Is Hacked and How to Fix It!

by Peter Young on August 6, 2010 · 0 comments

This is a a guest post from Kevin Strong aka Goosh from the ongoing “guest bloggers” series on Holistic Search

One of the biggest impacts to your online presence is your website being hacked – particularly if it’s earning you money. Depending on the severity of the hack it can have several affects on your presence, your brand and, ultimately, your reputation. Your search engine rankings can suffer, you could lose valuable visitors and potential business and in a variety of cases you could lose face in the online world – your own reputation being associated with the hack.

It’s all well and good checking your own website manually and feeling safe ‘cause your site looks exactly the same, but imagine if you were hacked and you didn’t even know about it? There have been several exploits to open source platforms including WordPress, PHPBB forums etc where a website is leveraged in the hackers favour for a variety of reasons:

  • Creation of spammy pages which are then auto-tweeted from your own twitter account to your own follower list if you are using the popular TweetMeMe plugin.
  • Links inserted in your highly authoritative pages using CSS to hide them.
  • Your domain authority being abused to cloak your website to show content containing something completely unrelated but highly lucrative.

There are many more reasons for your site to be hacked without your knowledge, but by utilising some simple techniques you can ensure you that if your website succumbs to a hacking attempt you catch it early and rectify it.

Catch It Early
There are several things you can do to combat hacking attempts on your website. They start with the often recommended, but not often implemented, internet safety recommendations:

  • Ensure your CMS & FTP passwords are complex and contain a mixture of upper and lowercase letters, a number and some symbols. (This is dependent on your provider’s capabilities of course).
  • If your platform is open source ensure that it is updated to the latest version. That’s the primary reasons for the updates in the first place – to fix a security loophole.
  • Regularly check user access and ensure your antivirus software is up to date on the machines you regularly update from.

Aside from these basic steps, you can utilise several free tools out there to check your website and its contents for signs of a successful hack.

Keyword Significance

Often not utilised as much as it should be, Google Webmaster Tools is a great source of information about your website and content.
The keyword significance feature shows you a huge list of keywords it deems your website to be about. Have a look through them regularly to see if you can spot any keywords that simply don’t belong.

Fetch as Googlebot
You can also utilise a great feature introduced in October 2009 called Fetch as Googlebot. This allows you to take a closer look at what Googlebot sees so you can spot any potential cloaking issues.

This can also be achieved with several Firefox toolbar addons (User Agent Switcher, SEOMoz’s MozBar etc).

Google Alerts
Following on from the GWMT’s keyword significance, you can also setup Google Alerts to let you know the moment your website starts containing any of the usual keywords associated with website hijacking all via a simple email.
An example alert could be: site:goosh.co.uk cialis|porn|viagra|casino|poker
On a side note, as of March 2010 Google Webmaster Tools will also send you an alert if it suspects hacking attempts:

Debugging the Extent of the Hack

Now you know your site has been hacked, it’s time to find out how, and more importantly, what is affected.

Date & Time Stamp Pages

Depending on how much access you have to your website you can give yourself a great way of knowing when the page was truly last updated even if your CMS currently tells you. By utilising your server-side language be it PHP, ASP, .net etc, you can add a commented out piece of code to your page showing the date and time of the last save date.

By looking at the source code of your pages you will be able to see code similar to the above. This is particularly useful if your website is hacked directly from its template and not on an individual page basis (e.g. WordPress) and can be used to pinpoint the date of the hack and cross checking against your server logs/access logs

Google Analytics
Unless you don’t live in Analytics like a lot of search marketers do, it is always a further fountain of knowledge to see if the website has been receiving traffic around the hacked keywords or through referral traffic from other hacked websites. It is often common for your website to be used as part of a cluster with many other websites in the hijack.

Fixing the Website Hack
Unfortunately this can vary depending on the size of the website, the platform it is built upon etc. But several things can be done to restrict and eradicate the threat.

User Access
My first port of call is to check user’s access etc. Are there any users with privileges they shouldn’t have? Promptly remove or restrict them in the CMS as this stops anyone exploiting the access being alerted to your attempt to fix the problem and thusly cutting the chances of them knowing any new information.

Password Changes
Change your hosting configuration password, your FTP password and your CMS access details (also checking the email addresses used).

Version Updates
Once that’s been cleared up you should update the platform version immediately. As mentioned earlier the hack could have been exploiting a previously public exploit.
Funnily enough, if you remember the steps to safeguard from hacks at the beginning of the post, then you will realise that the steps to fix are the same as the steps to prevent. Being cautious can save you a headache when you really don’t need one!

Kev Strong is a senior SEO Consultant for Newcastle upon Tyne based Mediaworks Online Marketing working with national and international brands.


He can often be found posting insightful tips, tricks and search related rants on his personal blog, Goosh.

Google+ Comments

Leave a Comment

Previous post:

Next post: