How to know if your site has been hacked: Key Signs
12:09, 08.06.2022
As a result of a site hack, attackers will gain access to internal files, be able to pull information from the administrative panel of the web resource and introduce malware to the site to use it for their own selfish purposes. In this article we'll tell you what signs are indicative of a compromised site.
The main signs of a site hack
The most frequently hacked sites are those based on free content management systems. These include the well-known WordPress and Drupal - they are widespread, so attackers most often look for vulnerabilities in these very CMS. And from time to time they find them.
To detect a hack, the first thing you should do is check your Yandex.Webmaster and Google Search Console accounts - the search engine security system will correctly report the presence of security vulnerabilities in 80% of cases. But we are talking about vulnerabilities, not hacks, so you still have to work with your hands.
Let's take a look at the key steps to help identify a hack:
- Check indexing. In the address bar type in your domain and edit it by adding the operator "site" before the domain name. For example, our domain hostzealot.ru - so in the address bar, type in the string site:hostzealot.ru and hit Enter. If intruders have uploaded malware to the site, the number of indexed pages will become abnormally high.
- Examine the source code. In Search Console, you can check the source code in the URL Verification section. If you see incomprehensible characters and pieces of code that shouldn't be there, this is a sign of hacking. The problem is that this method is only suitable for experienced administrators who are quite good at coding.
- View sitemap. Fraudsters may resort to a trick after the hack: They generate a copy of the sitemap so that search engines can index the recently added malware on the site. Examine the sitemap.xml file in Search Console and make sure that the sitemap has not been modified in any way.
These actions, in most cases, will help determine the presence of a break-in.
And here are some more indirect and direct signs that may indicate the presence of malware on the server:
- The site is running slower than usual - this may also indicate a lack of power VPS, but is often a sign of hacking;
- sharp decline in the number of visitors to the resource;
- large amount of "fake" emails on the mail server - this is how spammers work;
- a large amount of new and meaningless information on the site - mojibake, strange ads, an overabundance of banners, etc;
- The site is blacklisted by search engines;
What to do if you were hacked
If you discovered the fact of hacking, you should immediately:
- Record all detected problems, indicate the date and approximate time when the resource was hacked.
- Contact your hosting provider and request a log of visits to the site.
- Scan the server with antivirus and clean it from any third-party software.
- After cleaning, roll back the site to the last backup that was created before the hack.
- Replace all passwords with the most complex ones, using different case, numbers and symbols.
You can get more information from our experts by contacting us through Livechat or by phone. Remember, you need to act quickly and decisively during a break-in, otherwise you risk aggravating the consequences and losses.