Why do sites get hacked? Hackers have
different motives for compromising a website, and hack attacks can be very
different, so they are not always easily detected. Here are some tips which will
help you in detecting hacked sites!
Getting started:
Start with our guide "How do I know if my
site is hacked?" if you've received a security alert from Google or another
party. This
guide will walk you through basic steps to check for any signs of
compromises on your site.
Understand the alert on Google Search:
At Google, we have
different processes to deal with hacking scenarios. Scanning tools will often
detect malware, but they can miss some spamming hacks. A clean verdict from Safe
Browsing does not mean that you haven't been hacked to distribute spam.
If you ever see "This site may be
hacked", your site may have been hacked to display spam. Essentially, your
site has been hijacked to serve some free advertising.
If you see
"This site may harm your computer" beneath the site URL then we think the
site you're about to visit might allow programs to install malicious software on
your computer.
If you see a big red screen before your site, that can mean a variety of things:
If you see "The site ahead contains malware", Google has detected that
your site distributes malware.
If you see "The site ahead contains harmful programs", then the site has
been flagged for distributing unwanted
software.
"Deceptive site ahead" warnings indicate that your site may be serving phishing or
social engineering. Your site could have been hacked to do any of these
things.
Malvertising vs Hack:
Malvertising happens when your site
loads a bad ad. It may make it seem as though your site has been hacked, perhaps
by redirecting your visitors, but in fact is just an ad behaving badly.
Open redirects: check if your site is enabling open redirects
Hackers might want to take advantage of a good site to mask their
URLs. One way they do this is by using open redirects, which allow them to use
your site to redirect users to any URL of their choice. You can read
more here!
Mobile check: make sure to view your site from a mobile browser in
incognito mode. Check for bad mobile ad networks.
Sometimes bad
content like ads or other third-party elements unknowingly
redirect mobile users. This behavior can easily escape detection because
it's only visible from certain browsers. Be sure to check that the mobile and
desktop versions of your site show the same content.
Use Search Console and get message:
Search Console is a
tool that Google uses to communicate with you about your website. It also
includes many other tools that can help you improve and manage your website.
Make sure you have your site verified in
Search Console even if you aren't a primary developer on your site. The
alerts and messages in Search Console will let you know if Google has detected
any critical errors on your site.
If you're still unable to find any signs of a hack, ask a security expert or
post on our
Webmaster Help Forums for a second look.
The #NoHacked campaign will run for the next 3 weeks. Follow us on our G+ and Twitter channels or look out for the
content in this blog as we will be posting summary for each week right here at
the beginning of each week! Stay safe meanwhile!