Website Security, Part 2 – Detecting A Hack
Print Article
Website Security, Part 2 – Detecting A Hack
Say you run a website. You’re doing what you normally do; that is, trying to track results and seeing how you could do better from an SEO perspective. You go to Google, type in the keywords that usually show your site within the top results, and see something strange – there’s a link to your site, but instead of your keywords, it says something like “generic Cialis” with your URL underneath it. What the…? Now, you know for a fact there’s nothing about Cialis on your site, so you click the link and, instead of being taken to your site as per usual, you’re sent to some spam site.
Of course, this whole mess might have been avoided if you’d followed the steps we talked about in Part 1 of our Website Security series. In Part 2, we’ll show you some tips you can use to find out if your site’s been hacked.
1. Use Google’s Safe Browser
If you suspect that something fishy is going on, a good way to start your investigation is by running your site through Google’s safe browsing tool. This will give you a quick look into how Google sees your site, and it can tell you if their scan of your site has found anything suspect, like whether your site is hosting malware:
http://www.google.com/safebrowsing/diagnostic?site=http://www.yourwebsite.com
In fact, Google’s Webmaster Tools package is something you should be using regularly anyway – it has a whole host of tools and resources, including information about viruses and hacks are going around and what to do when you come down with them.
2. Turn Off Javascript
Another way to check your site is to turn off Javascript support in your browser and manually check your website’s code. If you have a large website, it can be tedious to check every page, but it’s vital to do so. Most malicious code will be first be injected in your index page, so start there. Not only will this step allow you to see what’s going on, but if the hack is Javascript-based, this step will disable it as well. There are several ways to accomplish this step – if you’re using Firefox, there’s a plugin called NoScript that will do it automatically, but you can also disable Javascript in your browser’s settings.
3. Pretend To Be A Search Engine
Another great way to see what’s going on behind your site’s closed doors is using – again – Google Webmaster Tools’ “Fetch As Googlebot” function. This tool allows you to see what Google’s search engine spiders see when they crawl your page. It doesn’t show you your site’s code (follow the step above to see that), but it shows you the links that are there. You can also use other Search Engine Simulators such as http://www.seochat.com/seo-tools/spider-simulator/. Considering that the dreaded Gumblar virus works by injecting hidden links into your site, this is a pretty timely tool to have at your disposal.
4. Search For Hidden Spamwords
If your website is fairly small – only a few pages, for example – you can check the titles of your pages by performing a search that displays all of your pages that are in Google’s index by performing the query:
site:http://www.yourwebsite.com.
If your website is larger, you can spot check by performing the following query:
site:http://www.yourwebsite.com Spamword
Simply replace “spamword” with typical spam words like “cialis” or “viagra.”
5. Use Your Antivirus Software
Finally, your antivirus tools should also be able to block websites that have been infected with malicious code. If your anti-virus software doesn’t actively scan and block websites you can check out free ones that do, such as http://www.avast.com/eng/download-avast-home.html or http://www.mywot.com/.
Obviously, these methods won’t catch everything, but they’re a pretty good place to start if you think your site’s fallen victim to a hack attack. And if you have? What then? In Part Three of our article on website security, we’ll walk you through some steps to take to clean up the mess.
What tools have you used to determine if your site has been hacked?
Related posts:
Comments
Web Hosting Help Guy
December 17th, 2009 at 9:53 am
Hi Jason,
Thanks for the comment! Here, at InMotion Hosting we actually have a
proprietary automated system that detects hacks and hacking attempts, blocks
the IP of the intruder, and then restores the affected website. Unfortunately,
not all hosts are as proactive as this.
Golem Web Security
February 28th, 2011 at 1:33 am
A nice step to step guide on website security…Webmasters should always opt for regular website security audits..
Web Hosting Help Guy;
Excellent post! These are all very good methods to detect a malware injection or infection.
However, something your readership would be most interested in (and perhaps you folks!) is regular scanning of the site.
We scan for malware on an ongoing basis, however we do more on the preventative side. We do deep application inspection, full port scanning, and codebase testing (PHP/ASP/.net, etc.)
Our results are impeccable. Anyone who was hacked, and then fixed by us with our scanning services are now 100% hack free (even months later).
I have written about this extensively at:
http://blog.54f3.com/2009/12/16/data-to-support-the-others-in-malwareinfection-attacks/
http://blog.54f3.com/2009/12/03/tools-%e2%80%b9-54f3-com-website-security-audit-scanning-%e2%80%94-wordpress/
http://blog.54f3.com/2009/12/02/why-malware-scanning-is-imperative-to-your-business/