Have you ever wondered if your site has been hacked? Sometimes it’s hard to tell, because hackers try hard not to leave any visible tracks that make it obvious. More than once I’ve noticed that this site in particular has been hacked only because I was playing around with the layout of the site and looking closely at the HTML that WordPress was generating.
These days, however, there’s an easy way to check for hacking by doing a Google search like so:
site:yourdomain.com viagra
This works for two reasons:
- Google crawls most sites very regularly
- Hacked sites are used to increase the search engine rankings of other sites using keyword-targeted links to those sites
You can replace the term “viagra” with almost any ED-related drug like “levitra” or “cialias”. Or more generic terms like “online prescription”.
Note that your pages may still match these terms in Google even after you’ve eradicated the hacking, as it may take a while for them to be expunged from Google’s cache. You’ll still want to check the HTML of some of the pages that Google thinks have been hacked just to be sure, especially the inner pages.
As I said, it’s a quick test. Not 100% accurate, but a pretty good indicator.
Of course, if you regularly talk about Viagra and their ilk, this method won’t work at all…
P.S.: Getting rid of these links is important, because Google will definitely penalize your site if it finds them by crawling the site less often and dropping pages. You have to be vigilant!
This has happened to me once, a good way of preventing is making sure your file rights of your website are not set to chmod 777, also to backup your site so you can replace your files with the latest version thats not comprimised. Thanks for the nice article though
How does Google find if the keyword is not Spam, and is a content of the post?
It is very useful as snapshot. As you said It is not accurate but I think it is enough to snap shot our blog of being hacked.
For some reason, I find it exceedingly funny that this article on EzineArticles is surrounded with Viagra ads.
BTW, why was the original link rejected? My guess was that it discussed “questionable SEO tactics”.
Ted
how if we found a lot of it when googling? do we have to edit all of the post manually?
Great tips. As you mentioned most of us would never have suspected that our website has been hacked if nothing changed in the front-end. I am going to use this nugget on all my websites. I already receive tons of SPAM on a daily basis that last thing I want is my web site visitors to see Viagra ads on my web pages.
Wow! You almost nailed it! I’ve experienced a bit different form of blog-hijacking though. One of my blogspot blogs had mail2blogger enabled, with the secret words being easily guessable. I’d even forgotten about the enabled state of the feature. One day, to my great horror, I found a post about Adobe products with links to some spam website littered all over! Though I changed the Mail2Blogger secret words, the RSS/Atom feeds still have the post! How could I remove the post from my feeds?
Deepesh, not sure what you mean… Google doesn’t know that the keyword is spam, only you know. Google just indexes the content.
You would have to edit the site, yes. It depends, most of the WordPress hacking involves changing one or two files that are used by all the posts, i.e. footer.php (in your theme) is a common place to look.
In webmaster tools it shows whether a site has malware or has been hacked a fairly good indication…. IMO.
Watching for some strange activity, errors on websites etc can be a give away that there is something wrong.
Many times there are script injections, and the HTML redirects / iframe inserts into the files are another dead giveaway.
Yeaah, google really cares what she index and it is good way to help find out if anything happend to your page. I will try it in future.
The best way to avoid script injectors, I presume you’re talking about WordPress?, is to keep your install up to date and to use the ‘secure wordpress’ plugin. That should keep you ahead of 99% of the game.
Ste
Thanks for sharing your view. I often found these viagra spam comments but mostly caught by akismet plugin so these comments weren’t published.
Excellent article. Also, if you use CMS like WordPress, Joomla or Drupal, Be careful when you select and install plugins to the system! A lot of badly written plugins are filled with security holes and offer the hacker a very easy way in. Install only big and certified plugins and update them regularly!
Genius, how did i not think of this before, to be honest i didnt even realise you could do stuff like that in google
What I would like to know is how to find out whether your site is vulnerable to script injection in the first place.
Am I right in assuming script injection vulnerability is increased significantly when you allow interactivity (visitors to comment, register, etc.)?
And wouldn’t you be able to reduce this vulnerability with a captcha function?
Next, are sites without interactivity still vulnerable to script injection? How then?
I recently found a lot of adult pages on one of my client’s websites through this method. I urge everyone to check your sites from time to time to avoid external material on your sites.