Follow on Google News News By Tag Industry News News By Place Country(s) Industry News
Follow on Google News | Getting Hacked: The Aftermath – What To DoHacking sites, especially WordPress sites is on the rise again. I noticed more hack attempts after the Panda Update with Google. S
By: Simon Birch Original Article Here: http://www.seomarketingforums.com/ Getting hacked is no one is immune from. I’ve been hacked. But knowing what to do after the hack is critical. Very critical. Last year, eCommerce sites were getting hit in record numbers. The same is true right now. Why? You thought it was just blogs didn’t you? While that’s true, it used to be mainly blogs, but the bottom line is hackers figured out that hacking into blogs wasn’t very profitable. However, hacking into eCommerce sites and hijacking the sales, now, that’s real money. I would recommend reading this article on filing a Reinclusion Request with Google as it will give you some techniques to employ, including setting up a Google Alerts account to be notified if a hack attempt is successful. The key to fixing this quickly is to know about it quickly. Tedster, a moderator at Webmaster World, posted a great summary. Let me share it with you and inject additional information which will help you better understand the process and what EXACTLY to do in order to fix it and prevent it from happening again. There are, unfortunately, all kinds of devious server hacks making the rounds these days. They usually depend on two factors: sites that use a common CMS (such as WordPress) and site owners who do not update their software to keep security solid (this is where having a server admin is highly recommended) With having their site hacked, the average site owner may not have the resources or understanding to investigate the hack thoroughly. All they know is that their Google traffic went away, or their sales have greatly slowed down or stopped completely. They just don’t know where to start or what to do. But if you can discover that you’ve been hacked, the fix is straightforward: Change the password Identify the problem Fix the security problem on the server Restore a clean version of the site (you should always have “offline” backups), if you don’t, start today Request reconsideration through Google Install RK Hunter on your server and set it as a cron job so it runs and scans your server every morning for potential problems Malware One thing that hackers do is find sites to help distribute malware. This one should be easy to detect, because Google will post a warning notice in the SERPs “This site may harm your computer.” They also can post a message in your Google Webmaster Tools account too. So, what should you look for? iFrames. One common footprint for a malware hack is an iframe that doesn’t belong in your code – especially one with a lot of hex coding. They are the code of choice by hackers as it lets them do all sorts of nasty things. This is commonly referred to as an “iFrame injection”. You need to remove this code – all of it. If you aren’t good with code, it is time you learned or hired someone good to handle it for you. Once the code is removed, you need to do a reinclusion request with Google and also with StopBadWare. With malware infections becoming more and more common online these days, sites and blogs are being “compromised” How can you check? It’s pretty simple. Just do a site command in Google. For example: site:yourdomain.com casino This will check the domain for any reference to the word “casino.” If you get a few hundred pages returned and you are NOT in the casino business, chances are VERY good you’ve been hacked. Other phrases you should check would be: porn viagra cialis Just four and it will take you less then two minutes to run the check. If you find evidence of a hack attempt and this site is a prospect’s site, guess what? You’ve probably just landed their business. For future searches, I would highly recommend setting up a Google Alert. Defacement Hacks These are really “old school” – they’re more like online graffiti than anything else. The hacker usually just wants to brag that they got you, and they put up a message on your pages for all to see. Well, that’s easily detected because you just go to your pages and there it is! But as I said, this is old school and many hackers are looking for something with some financial value these days, which is why they are going after eCommerce sites more aggressively instead of the easier targets of Blogs. Robots.txt Hacks This one is either done for sheer malicious delight, or perhaps for competitive disruption. How often do you check your robots.txt file? If someone replaced the first line and disallowed all indexing, how fast could you catch that? In addition to visually inspecting your robots.txt file on a regular basis (and especially if your urls start disappearing from the Google index) you can also set up a Webmaster Tools account and check it regularly. Google will report to you when urls get blocked by robots.txt. Parasite Hosting This one is sneakier and depends on the value of backlinks, either for PageRank or for the traffic itself. The hacker places links on your pages (they may be hidden through various means) and you may not be inspecting your content close enough to see those links. The tool you need is a link checker, such as Xenu LinkSleuth, that can give you a report on all your external links. Anything really bogus is going to jump out at you from that list. Running a link checker on a regular basis has many other benefits as well, such as keeping those accidental 404s out of your site. Cloaked Hacks Now we’re really getting devious. Over the past few years, hacks have been showing up that cloak their parasite content so that only GoogleBot sees it. If you visit with a regular browser (user agent) you only see what you expected to see. See what I mean by devious? Your main tool here is a user-agent spoofer of your own, such as the User Agent Switcher extension for Firefox. Just fire it up with a GoogleBot user agent string and see if your page content changes. Complex Cloaking – Using IP and Cookies This is getting deep – and it’s also not so common, but it is out there “in the wild.” The hacker places complex scripting on your site so that not only do they cloak for googlebot by user agent, they also cloak by IP address. In some cases the script also places a cookie so you get only one chance to see what they’re doing. And your tools here are: 1) Learning how to browse your site with coolies turned off; 2) Studying your server logs for what your server replies to GoogleBot with. Cloaked Redirects – .htaccess hacks Google’s John Mueller (JohnMu) made an excellent blog post about this: The first symptom that you would see is hard to interpret: URLs from the website are just not indexed anymore… When you submit a Sitemap file, Google will show warnings for URLs that redirect. By design, you should be listing the final URL in your Sitemap file, so if the URL is redirecting for our crawlers (as in this case), we’ll show a warning in your account. I urge you to read JohnMu’s entire article. He’s offering a lot of help here. DNS Troubles Some of the sneakiest hackers have used various kinds of DNS tricks. While rare, this is still possible. End
|
|