There are a number of easy to spot signs that your site has been hacked. Easy for robots to spot and flag and then for a human to verify even if they are not easy for you to see.
People who hack sites are usually looking to do one of the following:
A good web hosting company will pull your site down and notify you of the issue long before Google gets involved. But if you are hosting on the cheap you may well get caught out.
The penalty notice from Google will include some sample pages where this has happened so you can test these as follows.
For hidden content:
Google's penalty message may have made you aware of pages you did not know existed on your website but were placed there by hackers. You can double check further by using the Google search: site:mydomain.com [keyword] – for example, site:mydomain.com viagra.
This will return any pages on your site that Google has in its index and contain the word viagra.
Note that getting rid of the hackers content will not be enough for a reconsideration request to be successful with Google. They will want to see what you have done in order to stop future hacking so you will also need to organise new hosting somewhere more secure.
In the first instance you might want to contact your hosting company to see if you are on their most up to date and secure servers. If you are then you will need to change hosting company as they are obviously not secure enough.
I've used Webfusion in the UK for well over a decade so that would be my personally recommendation but you might also want to sound out members in a well respected forum for other alternatives.
Once again document everything you do, with dates, to provide Google with a convincing reconsideration request.
I'm Tim Hill, a Search Engine Optimization and Online Marketing specialist. I created this site to help others understand that SEO is not a mysterious black art!.
If your a newbie try the Getting Started in SEO page, otherwise feel free to dig around and learn more.