6 Ways to Identify That Your Site Has Been Hacked

Shield blue glowing binary matrix style background
Getty Image

You might think that your site is too small for an attacker to be interested in hacking it, but they go after small sites because the owners often have poor security. Hackers can download plenty of scripts for WordPress or Joomla sites, they don’t need to write a single line of code. They try to hide their tracks, so their access to your site is hidden from view. Here are some ways to identify if your site has been hacked.

1) Look at Your Source Code In the Browser

Hackers sometimes attack sites just to insert hidden links and code. The hidden links are picked up by search engines and your site’s authority is passed to the linked site.

These sites are usually gambling or online pharmacy sites that hire hackers to build as many blackhat links as possible.

The attacker uses vulnerabilities in your code especially if you’re using WordPress. WordPress plugins are created by developers who don’t usually have the ability to code for various cyber security threats. For this reason, you should always limit the number of plugins on your site.

The attacker injects links into your content, so you don’t know the links are there until you check your site’s source code. The simplest and fastest way to check for this attack is to right-click your page in a browser and view the HTML source code. Check the bottom and very top of your pages if you’ve been hacked, you’ll find auspicious links to sites that you didn’t authorize within the HTML source code.

2) Search Your Site in Google

One way hackers steal traffic from your site is to redirect pages to a malicious website. Google picks up on this redirect and attributes your site with the malicious site.

If the attacker just injects hidden links, your site will rank for unusual search terms such as pharmacy or gambling terms.

Go to Google and type “Viagra site:<yoursite.com>” and press Enter. Replace “yousite.com” with your domain name. This search finds any of your pages that contain the term “Viagra.” You can do a number of searches like this to find pages with spammy terms. Since “Viagra” is a common online pharmacy product, it’s a good way to find hacked pages.

If Google shows results, then click the link and view the source code in your browser. If you find hidden links with these phrases, you know that your site has been hacked.

Some attackers redirect your site only for users that find it in a Google search. Typing the site directly in your browser doesn’t show this hack. You must click the link in Google to see the redirect. Do a search for your site in Google and click the link. If you’re automatically redirected to a malicious site, your site has been hacked.

3) Check the .htaccess File

An .htaccess file is included with any Apache-based website. Most sites hosted on a Linux server use Apache. You can find this file in the root of your website’s directory. It’s a file that provides certain directives for the web server. If a website owner decides to move to a new domain, one of those directives can be to redirect users to the new domain.

Hackers use this file to silently redirect users based on where they come from. When you open your site, everything looks fine, but users clicking a link from an outside source are redirected to a malicious website. Hackers hide their attack by redirecting only people who come from search engines. You can find this attack in the .htaccess me.

If you are hacked, you should see something similar to the following in your .htaccess tile:

RewriteEngine on

RewriteCond %{HTTP_REFERER}!^://httpgoogle.com [NC]

Rewrite Rule ^/?your-page.html$ http://malicious-domain.com/[L,R]

The line containing HTTP_REFERER indicates that a redirect occurs from people who access your site from Google. If you didn’t place this redirect on your site, then it’s a sign that your site was hacked.

4) Check Google Search Console

Google’s algorithms are good at detecting hacked websites. Unfortunately, if Google detects that your site is compromised, it leaves a message in search results that your site has been hacked. This warning severely reduces your site traffic, so you should always monitor your site and find vulnerabilities before hackers do.

If you think your site has been hacked, but you’re not sure, you can check Google Search Console. If Google detects that your site is compromised, you see a warning in Search Console. Unfortunately, they don’t tell you which pages are vulnerable, but this is still a good way to verify if your site has been hacked.

5) Run a Scan on Your Site

Sucuri offers a free, quick scanner for webmasters. Sucuri doesn’t guarantee that it will fund all vulnerabilities, but the scanner finds many of the common ways hackers are able to compromise your site.

Just access sucuri.net and enter your site into the scanner. You can also sign up for a paid monitoring service where Sucuri will regularly scan your site for any vulnerabilities and send you an alert if it finds any.

6) Use WordFence If You have WordPress

Because so many people use WordPress and it’s well known, many attackers target mainly these websites. Attackers run scripts against you log in page, and they often scan your site for common vulnerabilities. There are plenty of scripts available for anyone to download, so attacking a WordPress site doesn’t even take any skill.

You can block these scripts using Word Fence. WordFence detects these attacks and displays a list of attackers in your dashboard. If you are already hacked, you see successful login attempts in the WordFence dashboard. Word Fence keeps track of all successes and unsuccessful login attempts, so you can identify any unauthorized access to you WordPress dashboard.

If attackers are able to gain access to you dashboard, you need to change your password and same the dashboard before they deface your site’s pages. On rare occasions, you need to reinstall WordPress to fix the vulnerability.

Always Monitor Your Site to Avoid Being a Victim

Most webmasters don’t know how to identify if their site is hacked, and by that time it’s already too late. The best way to avoid being hacked is to monitor your site for vulnerabilities and limit the number of plugins if you use WordPress.

If you think you’ve been hacked. It’s imperative that you find the vulnerability or you risk being hacked again. It usually requires a professional penetration tester to find your vulnerability and help you fix it. These penetration testers will flnd vulnerabilities using the same tools that hackers use, so you can protect your site from many of the scripts in the wild.


Written by NaijaRoko

Viral news from Nigeria


Leave a Reply

Your email address will not be published.





What do you think?

25 points
Upvote Downvote

The Best Online Business Opportunities for Beginners

4 Small Business Management Mistakes To Avoid