The search engine says the number of incidents of hacked sites grew by 32% between 2015 and 2016 – a figure it expects to rise this year as hackers become more aggressive, sites become outdated and the cyber criminals quicker to take advantage of that lax security.
When Google notices a site has been hacked, it will send a notification to the webmaster via the Search Console. In 61% of cases, hacked site owners do not get a notification from Google – not because the search engine fails to catch the hack but, it says, because the site was not verified in Search Console.
On the flip side, of those who are notified of an infected site, 84% are successful when they apply for their site to be reconsidered after removing the malicious content and cleaning the domain of infected files.
In order to help webmasters fight off the increasing number of attacks, Google has also made a few changes to how it can help. The search engine notes that its most often received request is to make hacked site documentation easier to understand. As a result, the search engine has made a number of amendments to its hacked sites information. Chief among them it cites the following new documents which it has added to its webmaster help offering:
Top ways websites get hacked
This is a new article within the Webmasters Guide section of developers.google.com. This article helps webmasters to understand how their site may be compromised, so they can better arm themselves against an attack. The document outlines a number of security lapses to be mindful of and discusses the most popular methods of hacking a site. They include the need to create a strong password, keep software up to date, use updated themes and plugins, implement robust security policies and conduct periodic checks on sensitive data.
Glossary for hacked sites
This new glossary is also located within the Webmasters Guide area for developers. It provides a definition for a large list of technical terms used throughout Google’s wider documentation on hacking, to help webmasters translate from tech speak to real world scenarios when attempting to navigate the hacked site documentation. It lists a range of terms such as cloaking, obfuscation, phishing and two-factor authentication (2FA), along with a plain English definition of each.
FAQs for hacked sites
While Google says this is a guide, it is currently a fairly small document with just four questions and answers covered. The search engine says this section brings together its most commonly asked questions about hacking so it’s possible that this guide is still a work in progress with more information to be added at a future date.
How do I know if my site was hacked guide
This new guide walks webmasters through the steps to follow if they have received a hacked site alert from Google or, if there is some uncertainty as to whether or not a site has been hacked. The guide provides links to the Hacked Site Troubleshooter, Fetch as Google, Websites Help Forums and the Webmasters help for hacked sites guide.
Most common types of hack
In addition to the above educational articles, which are designed to help webmasters access information more easily and in a more understandable manner, the search engine’s #NoHacked update also confirmed the creation of three new clean up guides, created for the three most common types of hack the search engine encounters.
Google’s research shows that most hacked sites will be hacked by one of the following:
- The Gibberish Hack: a hack which creates a slew of new pages within a domain, each filled with text that doesn’t make sense but is filled with keywords. The hacked pages will be redirected through to a third party site, such as one showing adult content, allowing the hack to hijack the domain’s traffic.
- Japanese Keywords Hack: Similar to the Gibberish Hack, the Japanese Keywords Hack creates new pages on the target domain and fills them with keyword stuffed text, this time in the Japanese language. The new pages will be located in random directories which the Hack also creates and will be filled with affiliate links. One thing to look out for with this hack is that the perpetrators will sometimes add themselves as site owners in Search Console, potentially locking out the real owners of the domain.
- Cloaked Keywords Hack: This type of hack creates new pages on the domain filled with text, links and images. The hack may even use the site’s own page template, so the hacked pages will look very similar to genuine pages. The content will contain malicious content which is cloaked.
Keeping your site safe
Having noted that hacking activity is on the rise, making sure your site doesn’t become a victim means being proactive about site security.
Google suggests webmasters familiarize themselves with how to identify vulnerabilities shared in its hacked help guide.
You should also be following best practice:
- Use complex passwords with upper and lower case, symbols and letters
- Maintain security protocols for sites where members can join (such as ecommerce sites requiring users to register before check out) to ensure that they also choose secure usernames and passwords
- Ensure plugins and themes are kept up to date and come from trusted sources
- Use HTTPS rather than HTTP
- Never miss a security update
- Regularly check logs for suspicious activity
- Disable unnecessary services to keep security controls high