Help! Google Says My Website May Be Hacked!Posted by Jason Hawkins / December 9, 2016
What are the five most frightening words to a web site owner? “This site may be hacked”, at least when those words are under your site’s link in Google’s search results! While your site is stuck with this warning, you’ll likely see your incoming Google traffic plunge to nearly nothing.
Google will slide this warning into your search results link when their regular web crawl sees code added to existing page that looks suspect, or sees new pages added that appear to be spam. While this can provide you with an early warning of actual unauthorized access, this feature is also not immune to false positives.
What Next? Find Out What’s Going On
If you see this warning in the search results for your site, the first step is to register for Google Search Console if you have not already. This service is free, and it provides you with detailed information about how Google crawls your site as well as any penalties it might currently be applying to your search ranking.
When there is a “this site may be hacked” warning on your site, you’ll usually see the reason for it under the Security Issues section of Search Console. Google will list all of your site’s URLs that it suspects are compromised.
Ideally, it’s a simple internal issue that you can fix yourself. If it’s the result of an actual attack by an outside party, however, then there are steps you should immediately take to prevent any further damage and begin fixing the problem.
Steps To Take If You Have Been Hacked
Aside from using KND Digital’s high speed hack-repair service https://hackrescue.com.au you can try the following steps…
1) Contact Your Web Host
Immediately get in touch with the company responsible for hosting your site and let them know that it appears to have been hacked. They can do quite a bit from their end to help you, and this also gives them a heads-up that their internal network is potentially compromised and the hack may extend to other sites they host.
2) Take Your Site Offline
This prevents the possibility of malware being served to your visitors. If you have direct control of your own web server, you can simply turn it off. Otherwise, your web host may be able to do it for you. If all else fails, go into your DNS settings and route your traffic to a safe URL outside your website (like Google’s search page). Simply redirecting all visitors to a 404 error page isn’t safe, as hackers can potentially compromise that page too.
3) Catalog The Damage and Point Of Vulnerability
This is far too big of a topic to cover in this post, and you may need to secure the services of a security expert. Fixing the links with spam and malware isn’t enough, as the attacker may still have access and return to compromise the site again. It’s also important to identify how the hacker got access so you can close that route off.
What If My Site Wasn’t Hacked?
Though it’s fairly rare, sometimes innocuous internal changes can cause Google to mistakenly label your site as hacked. For example, an update in early 2015 to the way Google classified pages caused a wave of false positives of this nature. Another example is the use of the wrong type of redirect to move people between pages, especially if moving between two different domains. A handful of coding errors can also be misinterpreted by Google as an attempt to pass malware.
Once you are absolutely sure you haven’t been hacked, or you’re certain the attack has been repaired, you should notify Google through Search Console to do a review of your site. The web crawler will re-index your website with the clean pages. Once the site is online, Google will assume that your cleanup efforts are still underway until you manually notify them you are ready for review.
In addition to our marketing and SEO services, KND Digital can assist you in securing your website.
Contact us to learn more today!