Security Blog
The latest news and insights from Google on security and safety on the Internet
Helping webmasters with hacked sites
12. Dezember 2012
Posted by
Oliver Barrett
, Search Quality Team
(Cross-posted from the
Webmaster Central Blog
)
Having your website hacked can be a frustrating experience and we want to do everything we can to help webmasters get their sites cleaned up and prevent compromises from happening again. With this post we wanted to outline two common types of attacks as well as provide clean-up steps and additional resources that webmasters may find helpful.
To best serve our users it’s important that the pages that we link to in our search results are safe to visit. Unfortunately, malicious third-parties may take advantage of legitimate webmasters by hacking their sites to manipulate search engine results or distribute malicious content and spam. We will alert users and webmasters alike by labeling sites we’ve detected as hacked by displaying a “This site may be compromised” warning in our search results:
We want to give webmasters the necessary information to help them clean up their sites as quickly as possible. If you’ve verified your site in Webmaster Tools we’ll also send you a message when we’ve identified your site has been hacked, and when possible give you example URLs.
Occasionally, your site may become compromised to facilitate the distribution of malware. When we recognize that, we’ll identify the site in our search results with a label of “This site may harm your computer” and browsers such as Chrome may display a warning when users attempt to visit. In some cases, we may share more specific information in the Malware section of Webmaster Tools. We also have
specific tips for preventing and removing malware from your site
in our Help Center.
Two common ways malicious third-parties may compromise your site are the following:
Injected Content
Hackers may attempt to influence search engines by injecting links leading to sites they own. These links are often hidden to make it difficult for a webmaster to detect this has occurred. The site may also be compromised in such a way that the content is only displayed when the site is visited by search engine crawlers.
Example of injected pharmaceutical content
If we’re able to detect this, we’ll send a message to your Webmaster Tools account with useful details. If you suspect your site has been compromised in this way, you can check the content your site returns to Google by using the
Fetch as Google
tool. A few good places to look for the source of such behavior of such a compromise are .php files, template files and CMS plugins.
Redirecting Users
Hackers might also try to redirect users to spammy or malicious sites. They may do it to all users or target specific users, such as those coming from search engines or those on mobile devices. If you’re able to access your site when visiting it directly but you experience unexpected redirects when coming from a search engine, it’s very likely your site has been compromised in this manner.
One of the ways hackers accomplish this is by modifying server configuration files (such as Apache’s .htaccess) to serve different content to different users, so it’s a good idea to check your server configuration files for any such modifications.
This malicious behavior can also be accomplished by injecting JavaScript into the source code of your site. The JavaScript may be designed to hide its purpose so it may help to look for terms like “eval”, “decode”, and “escape”.
Cleanup and Prevention
If your site has been compromised, it’s important to not only clean up the changes made to your site but to also address the vulnerability that allowed the compromise to occur. We have instructions for
cleaning your site
and
preventing compromises
while your hosting provider and our
Malware and Hacked sites
forum are great resources if you need more specific advice.
Once you’ve cleaned up your site you should submit a
reconsideration request
that if successful will remove the warning label in our search results.
As always, if you have any questions or feedback, please tell us in the
Webmaster Help Forum
.
1 Kommentar :
Unknown
hat gesagt…
Interesting to see ... thank you it's well done :)
Mögel
-
fuktskada
-
vattenskada
16. Februar 2014 um 04:41
Kommentar posten
Labels
android
android security
android tr
app security
big data
biometrics
blackhat
chrome
chrome security
federated learning
Gboard
google play
google play protect
pha family highlights
privacy
Security
spyware
targeted spyware
vulnerabilities
Archive
2020
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2019
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2018
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2017
Dez
Nov
Okt
Sep
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2016
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2015
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
Jan
2014
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Apr
Mär
Feb
Jan
2013
Dez
Nov
Okt
Aug
Jun
Mai
Apr
Mär
Feb
Jan
2012
Dez
Sep
Aug
Jun
Mai
Apr
Mär
Feb
Jan
2011
Dez
Nov
Okt
Sep
Aug
Jul
Jun
Mai
Apr
Mär
Feb
2010
Nov
Okt
Sep
Aug
Jul
Mai
Apr
Mär
2009
Nov
Okt
Aug
Jul
Jun
Mär
2008
Dez
Nov
Okt
Aug
Jul
Mai
Feb
2007
Nov
Okt
Sep
Jul
Jun
Mai
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.
Follow
1 Kommentar :
Interesting to see ... thank you it's well done :)
Mögel - fuktskada - vattenskada
Kommentar posten