Tutorials

How to Recover Hacked Website in 7 Simple Ways

Michael Evans 5 March, 2015

Like it or not, hackers are not going anywhere. Hackers gonna hack! That means, no matter how many safety precautions you have embraced to safeguard your website from malicious virus or malware, your website will still remain largely vulnerable to external attacks.

How to Recover Hacked Website in 7 Ways

What Happens When a Website Gets Infected?

When a website gets infected with virus or malware, the hackers take control over the website. In most cases, they change the website content, add pages that have no relation to the website whatsoever or insert malicious codes in the website. In some cases, iFrames and Scripts are injected into the website and this can compromise the computer security of your website visitors.

How to Know If Your Website Got Hacked

So, it is clear that things get pretty bad when a website gets infected by virus or malware. But the problem with most webmasters is that they fail to realize the fact that their website is hacked. Since they are not aware of the telltale signs of an infected website, they remain blissfully unaware of the hack attack and this aggravates the situation further.

Below are certain signs that you should not be ignoring at any cost:

  • Traffic Decrease;
  • Traffic Surge;
  • Browser Warning Signs;
  • Google Warning;
  • Irrelevant Content Keywords;
  • Strange Website Cache;
  • Unusual Google Site Search Results;
  • Google Safe Browsing Alerts.

Traffic Decrease

Website traffic decrease is the very first thing to notice when your website got hacked. At the initial stage, you might not notice that fewer people are coming to your website but later you will be surprised with the huge negative impact of that. There are a couple of reasons why this happens. The first reason is that your website may redirect to another website, the other one is that visitors will find inappropriate content on your site. So, if you see sudden changes in the traffic, you should not first analyze whether your website is hit by a Google Update, but you need to make sure that it has not been hacked.

Traffic Surge

Sometimes, the opposite could happen. You might notice a huge increase in the traffic volume. However, as obvious, this is nothing to be excited about. Sneaky redirection code could be the reason behind this sudden upsurge in the website traffic. So, whenever you find a sudden unusual traffic surge in the Analytics, you need to grow suspicious at it. You need to check such metrics as Bounce Rate, Average Time Spent on a Page and you will definitely find some anomalies there. High Bounce rate and low Average Time Spent on a Page means there is something seriously wrong with your website.

Browser Warning Signs

How to Recover Hacked Website Browser

The best way to know whether your website got hacked or not is by opening your website in some modern browsers like in the latest Edition of Chrome or Mozilla Firefox. Browsers are now playing a primary role to safe guard the interest of their users and therefore, if they find something unusual about a website, they immediately blacklist it. So, if you bump on a hacked website, you will be greeted with the following caution – ‘Warning: visiting this site may harm your computer’.

Google Warning

How to Recover Hacked Website Google

You need to make a Google search with the domain name of your website and if it shows some warning signs against the search snippet like – ‘This Site May Harm Your Computer’, it means your website is compromised. It is flagged by Google as it might contain some malicious programs.

Irrelevant Content Keywords

If you think that there is something wrong within your website, you need to login to Google Webmaster Tools and then go to > Google Index > Content Keywords. If you find some unusual keywords in this segment, it means your website got hacked.

Strange Website Cache

Sometimes your website may look fine and may operate without any hiccup but that does not mean that it is clean. You might not find any junk codes or something like that but you will have a feeling that your website security has been compromised. In that case, you need to check your website from the perspective of a search engine bot and this can be done by making the following search in Google cache:[URL]

For example, if we want to check the cached version of MotoCMS, we will make a Google search by entering the following information

cache:http://www.motocms.com

How to Recover Hacked Website Cache

What it does is it shows a snapshot of the page as appeared on a specific time when the search engine bit was crawling the web page. It might show a completely different version of a page than what the browser might be showing. If you are lucky enough, it will show you junk codes or spammy links on the page that are otherwise invisible when check on browser.

Unusual Google Site Search Results

Sometimes as we have mentioned earlier hackers add hundreds if not thousands of spammy pages to a website. Now you might even fail to locate these pages on your hosting account. The easiest way to find out whether additional pages have been added or not is by making a search in Google with the following search string site:[url]

Go through all the pages and if you find any irrelevant pages, it means your website’s security is compromised.

Google Safe Browsing Alerts

How to Recover Hacked Website Safe Browsing

This is nifty tool that gives you a detail record of a website’s malware history for the past 90 days. Usually Safe Browsing alerts webmasters in case their sites have been hacked. Although, if you don’t want to wait you can check everything yourself by opening this URL

http://www.google.com/safebrowsing/diagnostic?site=example.com

and replace the – example.com with your domain name and you will get all the details that you want.

How to Recover Hacked Website

Now in the second stage, we need to figure out how to recover hacked website. Of course, the process is not simple and may require a sort of technical expertise. Here we are trying to give you some tips that might help you in the recovery process:

  • Contact the Hosting Service Provider;
  • Take Your Website Offline;
  • Use Google Webmaster Tools;
  • Upload Website Backup;
  • Use Fetch as Google Bot;
  • Clean Everything;
  • Ask Google for Reconsideration.

Contact the Hosting Service Provider

In the very first stage, you need to contact your web hosting service provider. Most often web hosting service providers do help webmasters to recover. So, you should not be worried at all. However, if you need some extra help or you find it tough to understand what your hosting company is asking you to do, you should check out StopBadware community forum or Google Webmasters forums to get some help.

Take Your Website Offline

Since your website is compromised, it makes sense to take it down so that it does not contaminate the PCs or websites of other people who are visiting your web page. A 503 response is the best option here. It will signal the search engines that your website is temporarily unavailable and some work is going on.

Once your website is offline, you need to do some work on the account management section. You need to change the passwords of CMS, users accounts, FTP, database and more. If you find any extra user account, make sure that you have deleted them because that account is probably was used by hackers to get into the system. The new passwords should be strong.

Use Google Webmaster Tools

We always recommend website owners to create a Webmaster Tools account as this tool helps webmasters to identify the problem and fix it. Sometimes, Webmaster Tools don’t send any malware notification email but that does not mean that everything is okay rather it is just the opposite. You need to login to Google Webmaster tools and go to Security Issues. There you will find all the information that you need to clean your website. Sometimes, it even shows the exact code that needs to be removed. It even gives you samples of URLs that might be infected.

Upload Website Backup

If you have a backup of your website which is hopefully unaffected, bingo! You can start uploading it after removing all the files from your web hosting account. However, if you don’t have any backup, you should contact your web hosting service provider to send you a backup of your website [probably a month earlier]. We recommend you to create backup of your website automatically at least once per week, so you can keep your website data safe and upload it when needed. Read more of our recommendations on website backup.

You need to check the index file carefully and look for some suspicious code therein as in majority of cases hackers inject malicious code in the index file. Check some other important files like header, footer, article etc and once you are sure that they are not infected, you need to upload them and make your website live.

However, if you don’t want to upload the backup then you have to go through each single file manually and delete malicious codes therein, if any. This will take longer and the accuracy is questionable in this process.

Use Fetch as Google Bot

You need to check some pages of your website by using Google Webmaster Tool’s Fetch as Google Bot feature. This tool helps you see how Google bot is actually seeing your website. So, if Google bot finds any unusual elements like spammy links etc. on your website, you will also get to see it.

Clean Everything

You need a fresh start and so, you need to upgrade every software applications or plugins that you are using. Remove third party plugins that don’t look good. Scan the data with some premium antivirus program.

Ask Google for Reconsideration

Once you are confident that all the files of your website are clean, you can proceed to consideration process. If your website were affected by phishing, you just need to ask Google for reconsideration by filling out the form.

However, if it were a malware attack, in that case you need to login to Google Webmaster Tools and make a reconsideration request. You need to explain what you have done as to convince the reviewer that you have cleaned up the website properly.

So, these were signs to help you figure out whether your website is hacked or not. Use our simple tips on how to recover hacked website and take care of your site!

Leave a Reply

Your email address will not be published. Required fields are marked *

Author: Michael Evans
There are a lot of topics Michael can cover. But web design and development are his favorite ones. He likes all IT-related stuff and can share his experience with you. Check out his latest posts on our blog.