How to Tell If Your Site Has Been Hacked

How do you know if your site has been hacked? Sometimes you will know because the site has dropped precipitously in the search engine rankings for no apparent reason. Or many of your pages are no longer being indexed by the search engines. Or visitors send you emails complaining that their anti-virus software warns them away from your site. These are not good things to have happen, because by then the damage has been done.

A better approach to to proactively scan your site for hacked pages. What you are looking for are unauthorized links to external sites, because most hackers use those links to boost the search engine rankings of their own sites. That makes most hacked pages easy to find with a few simple search engine queries.

The key is to combine the "site:" command with one or more commonly used hacker ranking terms like "viagra" or "cialis". The "site:" command restricts search engine results to pages from the given domain. For example, the query:

site:about.com

restricts the search to the "about.com" domain. All you need to do is add one or two hacker-targeted keywords to the query, as in:

site:whitehouse.gov viagra

That query will return all indexed pages on the "whitehouse.gov" domain that include the word "viagra". (As I write this, there are in fact two pages on the official White House site that have been hacked in this manner. Oops!)

While "viagra" is the most obvious term to search for, there are other possibilities. Any erectile dysfunction drug is a candidate: "levitra", "cialis", etc. Generic version of the brand names are also popular: "sildenafil", "vardenafil", etc. Really, any kind of high-demand pharmaceutical product is a good candidate, though you can also look for money-making schemes (think "forex" or "online gambling") and other things that a spam catcher would normally isolate in your incoming email.

Of course, you will not actually see these links on the pages in question. Hackers do their best to hide the links from human visitors. But they do not hide them from search engines, because the point is to get the search engines to find those links and count them as "votes" to getting their own "money sites" to rank highly for sought-after, highly commercial and extremely competitive terms. That is why a simple search query exposes hacked pages.

What do you do once you have found a hacked page on one of your sites? It depends on how the links were added to your pages and how your pages are generated. You will find lots of help online on how to get rid of link spam from a website and how to "harden" your site against future attacks.

Just remember to run this check on each of your sites every few days. It is a very quick and simple way to detect potential link spam before it becomes a real problem.

Be sure to check out Eric Giguere's privacy policy plugin, useful for anyone running WordPress. Eric is a co-founder of Synclastic Media and has written extensively about all aspects of Internet marketing, website and blog development, and software programming.