Have you been hacked? Is there malware on your site that you may not even be aware of that is decreasing your ability to convert and potentially putting you and your customers information at risk? Hopefully, you are safe, but hacking is an activity that occurs everyday and hackers are skilled at hiding what they do. You need to monitor your site for malware not only to protect yourself and customers, but your standing with the SERPS.
Google’s search quality guidelines plainly warn all users: “Don’t create pages with malicious behavior, such as phishing or installing viruses, trojans, or other badware.” If malware in your website is the result of successful hacking activity, it can be hard to prove it isn’t you and Google will want to get you out of the results quickly and may not give you time to find the problem. No search engine wants to direct people to a hacked site because it compromises their credibility. If you aren’t on the search indexes, you’re basically nowhere.
If however you are monitoring your site regularly and detect malware early, it will not cause as much damage to your websites or your visitors. Google can actually help you, since they have the most effective tools for detecting hacked in malware on your website. In this type of situation, Google is your ally – they want to get rid of as much malware as they can as much as you do so that more sites and users don’t become infected.
To get started, visit http://www.google.com/, and type in site: yourdomain.com (using your domain name where it says yourdomain). Use your domain name only, and don’t include www. so you will get the maximum number of indexed pages. Follow this step EXACTLY!
Google will then produce a list consisting of all of the indexed pages on your website. If you have a lot of pages, change the default view to 100 instead of 10 results per page (you can do this in “Advanced search” under “Need more tools”) to help speed the process up a little bit. Next, choose “repeat the search with the omitted results included” to display hidden results that you otherwise wouldn‘t be aware of.
If you see anything that says “This site may harm your computer.” it means that Google found malware hosted on that URL. This means you have been hacked by someone who managed to slip some malware onto your site. This isn’t good news, but once you know it is there you can start to repair the damage it has done. That is good news.
Go to your Google Webmasters account and then go to “Labs” in the dashboard. Once you are there, choose “Malware details.” If you get the response “Google has not detected any malware on this site,” then there has not been a hack and you are in the clear – almost.
New methods employed by hackers include planting links in the site pointing to spammy websites or malware domains. If link building is being done that you or your SEO are not responsible for, be suspicious! Links from unknown origins are not your friend and should be removed just to be safe. Tools are available to check external links, however, and you can also utilize your server logs to find out if unknown IP addresses are accessing restricted pages.
To do this, log in to your hosting account and copy and paste the access log into an Excel file or OpenOffice Calc. Once that step is accomplished, create filters to eliminate your own IP address and find URLs containing the word “admin”. If you find any and they return a 404 (not found) or a 301 header that indicates a failed hacking attempt. That means your security measures are working, but also that breaches have been attempted so you may want to beef things up. A “200 OK” status may indicate a successful hacking attempt. Use server logs to trace where the hacker visited other restricted pages in your domain, and block them. If you fail to do this, they will backdoor you to death with hacks.
To protect yourself, enable logs for admin pages, update your web software, and sanitize user input. Also, use captcha to defeat malware bots planting links via comments or any openly available area. Once that is done, disable unneeded PHP functions, and use strong passwords and SSL. Never under any circumstances should you use the default passwords, and never store your passwords anywhere online. Scan your website regularly as described, and act fast if you think you’ve been hacked. it is better to be vigilant than a victim!