Google has emailed me three times in the last two months alerting me of 'hacked content' on my website.
The email is as below:
"Alert - Hacked content found on www.kunalsf1blog.com
To owner of www.kunalsf1blog.com, Google has detected that some of your webpages have been hacked by a third party who may have created spammy or malicious content on your site. This lowers the quality of results for Google Search users and affects the reputation of your site. We have applied a manual action to your site that will warn users of hacked content when your site appears in search results. It will protect our users from malicious content present on the site. To remove this warning, clean up the hacked content and file a reconsideration request. To protect yourself from this happening again, we also recommend you secure your site against intrusion by implementing industry best practices. Following are some example URLs where we found pages that have been compromised. Review them to gain a better sense of where this hacked content appears. The list is not exhaustive"
Can one advise what and how can this be rectified and avoided altogether in the future? Many thanks.
Solved! Go to Solution.
Hi @kunalashah. Thanks for being part of GoDaddy Community! It looks like you've been able to address this issue. When I tested your site on Google's Safe Browsing site, it found no unsafe content. Perhaps you can follow up here with the steps you took to resolve this. Others may benefit from your experience.
Hello @JesseW, many thanks for your reply and for checking the website result with Google's tool. I had checked it a few days ago and the result was negative.
Frankly, I didn't take any step towards removing the malicious content, but I will check with my developer if he did.
However, can you please advise what steps does one need to take to avoid this issue from recurring? I have had this issue occur once every month for the last 2-3 months. Is this something that GoDaddy needs to sort from a hosting point of view, or I need to sort at my end with WP / plugins?
@kunalashah - If you're using WordPress to build the site, there are a number of things I'd suggest to increase your security. At the top of the list would be to make sure that your WordPress version and plugin/theme versions are all up to date. Beyond that, many people use the Wordfence plugin to increase security. GoDaddy also provides website security scanning which may prove helpful for you.
Cybercriminals often hijack legitimate websites for the benefit of their spam and malware operations. They are also increasingly abusing legitimate webmaster tools
cybercriminals can easily verify ownership of a hijacked website in Google Search Console. There are several ways they can do this, but the most popular method seen by researchers involves uploading an HTML file provided by Google to the hijacked website. By having access to the site, they don’t need to hack the legitimate owner’s Google account to gain “owner” status in Search Console.
Google allows each website to have multiple owners. However, when a new owner is verifier, all existing owners receive a notification email which informs them that a new user has been added.
According to analysis made by WP hacked help(a popular hacked wordpress cleanup service) , of a Japanese spam campaign by that uses tens of thousands of websites as “doorway” pages leading to ads for cheap and fake items has revealed why it’s difficult for many victims to find the malicious ownership verification file.
The attackers use a PHP script that adds rewrite rules to the .htaccess file and makes it look like the spam and verification files are at the top level of the website when they are actually hidden in a subfolder.
This is possible because attackers often verify ownership of the subdirectories containing their spammy pages and malicious code, not the site’s root level. Furthermore, the verification files can be difficult to detect if their content is generated dynamically by the malicious PHP script.