Clues that your website might have been hacked

Hands up who’s had a website ‘hacked’ in the past? I hope you haven’t, but it’s not uncommon. The traditional type of hacking has simply been to take over and replace the website. You visit your own home page one day, and something completely new is there. The result is that you end up paying someone to sort it all out and restore your site, preferably as quickly as possible. In the end, you wonder what the point of the whole thing was.

There’s a sneakier type of hacking, however, which can be used by the type of spammers looking to make money online. They put stuff on your site which you don’t even know about, possibly even thousands of new pages. After all, if someone did this, most of us wouldn’t notice.

So how do we keep an eye on this sort of thing? Well, if you ‘crawl’ the site, like Google does, and get a list of all the pages, mystery pages might show up there. But that rather relies on them having a link for the crawler app to follow. Another way is to query Google for pages on your site (just search for “site:www.[whatever]”). Page down into the recesses of the results and see if there’s anything odd there.

Finally, use Google Search Console. If you take a look at the searches which people are making to find your website, you might see some strange stuff there. That’s a good indication that you’ve got some content on your site which you didn’t know about. If that’s the case, call for the IT crowd.

Discussion

  1. Richard

    In case it helps…

    We had this type of hack on our old site, another page had been added into the images sub-directory folder. It was only discovered when I noticed the number of links coming to the site had increased alot, I checked the most linked to pages on Webmaster Tools and that’s where I found the new page (cheaptrainers.asp I think it was). I went into the directory and removed it, simple, and the links disappeared over a few weeks.

    Another one we had on the new site was a bit worse though as it was an injected code rather than a page, which can be more difficult for people to spot. I only knew something was up when I checked my site on a mobile device and got redirected to wowcher or something similar.
    This only happened on mobile devices so I recommend checking it every so often to make sure everything is working as normal rather than just relying on the desktop version.
    On that instance even though I am quite good with HTML, CSS and other web codes I needed professional assistance to remove all of the script.

Leave a Reply

Your email address will not be published. Required fields are marked *