Google has seen an increase in the number of hacked sites by approximately 32% in 2016 compared to 2015. In a blog post from Google, they do not expect this trend to slow down. As hackers get more aggressive and more sites to become outdated, hackers will continue to capitalize by infecting more sites.
On the bright side, 84% webmasters who do apply for reconsideration are successful in cleaning their sites. However, 61% of webmasters who were hacked never received a notification from Google that their site was infected because their sites weren’t verified in Search Console.
All webmasters should register for Search Console, if you do, this is the primary channel that Google uses to communicate site health alerts.
There is more helpful for Hacked Webmasters
Google created new documentation to give webmasters more context when their site has been compromised. Here is a list of the new help documentation:
- Top ways websites get hacked by spammers
- Glossary for Hacked Sites
- FAQs for Hacked Sites
- How do I know if my site is hacked?
Google has created clean up guides for sites affected by known hacks. Google has noticed that sites often get affected in similar ways when hacked.
Google has created the following guides for know hacks, with a short description:
The gibberish hack automatically creates many pages with nonsensical sentences filled with keywords on the target site. Hackers do this so the hacked pages show up in Google Search. Then, when people try to visit these pages, they’ll be redirected to an unrelated page, like a porn site. Learn more on how to fix this type of hack.
Japanese Keywords Hack
The Japanese keywords hack typically creates new pages with Japanese text on the target site in randomly generated directory names. These pages are monetized using affiliate links to stores selling fake brand merchandise and then shown in Google search. Sometimes the accounts of the hackers get added in Search Console as site owners.
Cloaked Keywords Hack
The cloaked keywords and link hack automatically create many pages with nonsensical sentences, links, and images. These pages sometimes contain basic template elements from the original site, so at first glance, the pages might look like normal parts of the target site until you read the content. In this type of attack, hackers usually use cloaking techniques to hide the malicious content and make the injected page appear as part of the original site or a 404 error page.
Prevention is Key
The best approach to secure your site is to take a preventative approach. You can read more about how to identify vulnerabilities on your site in Google’s hacked help guide. In the Google blog post Top ways websites get hacked by spammers, Google outlined the following six ways that websites get hacked by spammers:
1. Compromised passwords
The key is to create a strong password, not use the same password across multiple web properties, and use additional security tools like two-factor authentication or if you use G Suite, setup Google Apps SAML SSO.
2. Missing security updates
Keep an eye open for security updates to software you use, old software that hasn’t been updated may be missing an essential patch to account for a serious vulnerability. You should make sure to check for updates on a regular basis, add in your calendar daily updates check.
3. Insecure themes and plugins
If you using WordPress or other open-source CMS, make sure your plugins and themes are patched and make sure to remove all themes or plugins files that are no longer maintained by their developers. Also, be careful when using free plugins, or ones that may only be available through an unfamiliar website.
4. Social engineering
Social engineering attacks, like phishing, try to trick the user into thinking they are providing needed information to an actual webmaster or account manager, for example. Check to make sure the email address matches perfectly to a person you know, and never give out personal information to someone you aren’t familiar with.
5. Security policy holes
Bad security policies, such as allowing users to create weak passwords, giving admin access too freely, and not enabling HTTPS on your site can have negative consequences. Google recommends making sure you have the highest security controls configured, that user access and privileges are properly managed, that logs are checked, and that encryption is used.
6. Data leaks
When data is mishandled, or improperly uploaded, it can become available as part of a leak. One method, “dorking,” can utilize common search engines to find the compromised data. Make sure only trusted employees have access to the data they need and use URL removal tools to make sure that sensitive URLs don’t display in Google search results.
Hacking behavior is constantly evolving, and research allows Google to stay up to date on combatting the latest trends. You can find more in Google research publications in the information security research site. Highlighted below are a few specific studies specific to website compromises:
- Cloak of Visibility: Detecting When Machines Browse a Different Web
- Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software
- Users Really Do Plug in USB Drives They Find
- Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
If you have feedback or specific questions about compromised sites, the Webmaster Help Forums has an active group of Googlers and technical contributors that can address your questions and provide additional technical support.