Get Help Ranking
Tim Hill SEO
How to SEOin2024
With me, Tim Hill

The hacked site penalty

There are a number of easy to spot signs that your site has been hacked. Easy for robots to spot and flag and then for a human to verify even if they are not easy for you to see.

People who hack sites are usually looking to do one of the following:

  • Insert well hidden malicious content that will infect the computers of visitors for any number of reasons such as stealing email addresses, harnessing their computers to send spam, etc.
  • Insert well hidden links on popular pages. These links often point to adult related or gambling websites.
  • Insert totally new pages which they then optimise or promote in spam emails. In other words using part of your website for their content knowing only you will get banned.

A good web hosting company will pull your site down and notify you of the issue long before Google gets involved. But if you are hosting on the cheap you may well get caught out.

Hacked site penalty recovery

The penalty notice from Google will include some sample pages where this has happened so you can test these as follows.

For hidden content:

  • Open one of the pages in Firefox, right hand click on a blank space and choose 'Select All' which will highlight all the text on the page, even text the same color as the background.
  • Open one of the pages in Firefox, right hand click, choose 'View Page Source', click Ctrl+F and search 'iframe'. If the search returns a result look at the content in the iframe to ensure it is legitimate. Note YouTube, Amazon and Facebook all use iframe so simply having one is no cause for alarm. It is when you see links to strange websites that you can start getting concerned.

    • Avast anti-virus is also a highly effective way of tracking down where very small pieces of pages (such as javascript files) have been hacked and corrupted. Avast will tell you the exact files, rather than just the pages, that are causing the problem so they can be addressed.

    Finding pages created by hackers

    Google's penalty message may have made you aware of pages you did not know existed on your website but were placed there by hackers. You can double check further by using the Google search: site:mydomain.com [keyword] – for example, site:mydomain.com viagra.

    This will return any pages on your site that Google has in its index and contain the word viagra.

    Note that getting rid of the hackers content will not be enough for a reconsideration request to be successful with Google. They will want to see what you have done in order to stop future hacking so you will also need to organise new hosting somewhere more secure.

    In the first instance you might want to contact your hosting company to see if you are on their most up to date and secure servers. If you are then you will need to change hosting company as they are obviously not secure enough.

    I've used Webfusion in the UK for well over a decade so that would be my personally recommendation but you might also want to sound out members in a well respected forum for other alternatives.

    Once again document everything you do, with dates, to provide Google with a convincing reconsideration request.

    Tim Hill SEO

    I'm Tim Hill, a Search Engine Optimization and Online Marketing specialist. I created this site to help others understand that SEO is not a mysterious black art!.

    If your a newbie try the Getting Started in SEO page, otherwise feel free to dig around and learn more.

    If you need help simply get in touch.

    DIY SEO
    Outsourcing SEO
    eCommerce SEO
    SEO Mistakes
    Need Help? Seo Assistance
    this man can affect your rankings