A post went up on Google’s official Webmaster Central Blog last night from a representative of the Search Quality Team providing tips for how to find out if your site has been hacked, as well as fix it and prevent future incidents.
Since hacking is surprisingly common I felt it was important to pass along this information to SEJ readers. Please take a minute or two to review these tips, even if you don’t think you may be a victim of hacking. No one ever expects their site to get hacked, so it’s good to be prepared in the unfortunate event that it does happen.
Adding spammy pages are the most common way hackers take advantage of vulerable sites, Google says. Hackers add spammy pages to redirect users to undesired or harmful destinations. For example, Google says they have seen a rise in hacked sites redirecting visitors to online shopping sites.
Here are some tips Google provides to help you identify hacked content on your site:
- Check for for shady looking URLs or directories: You can check for any kind of shady activity on your site by performing a “site:” search of your site in Google, such as [site:example.com]. If there are there any suspicious URLs or directories that you do not recognize, they may have been added by a hacker.
- Check the Search Queries page in Webmaster Tools for unnatural looking queries: The Search Queries page shows Google Web Search queries that have returned URLs from your site. Look for unexpected queries as it can be an indication of hacked content on your site.
- Turn on email forwarding in Webmaster Tools: Google will send you a message if they detect that your site may be compromised. Messages appear in Webmaster Tools’ Message Center but it’s a best practice to also forward these messages to your email.
Here are some tips Google provides for how to fix and prevent hacking:
- Stay informed The Security Issues section in Webmaster Tools will show you hacked pages detected on your site. Google also provides detailed information to help you fix your hacked site.
- Protect your site from potential attacks: Prevent attacks by keeping the software that runs your website up-to-date, sign up to get the latest security updates for your website management software, and choose a provider that you can trust to maintain the security of your site.
Google also reminds you can help keep the web safe by reporting sites you believe may have been hacked. If you find suspicious sites in Google search results, you can report them using the Spam Report tool.