Tip:
Highlight text to annotate it
X
Hi, I'm Maile Ohye.
I'm a member of Google's Webmaster Support team.
You may be watching this video because you recently
learned that your site has been hacked,
also known as being compromised.
It's likely that you received a hack notice in search results,
notification in your browser, a message from a search engine,
or an email from a friend.
Whether you run a large multinational business
site, a government site, or your personal blog,
having your site compromised is one of the hardest predicaments
we, as site owners, will ever face.
The good news is that recovery is certainly possible.
In fact, a nonprofit organization
called StopBadware reports that their tools and information
have helped over 130,000 websites become de-blacklisted
with the malware warning removed in the last three years.
In tandem with groups like StopBadware,
my Webmaster Support team and I hope
to help you recover your hacked site.
There are two primary approaches to recovery,
doing it yourself if you're tech savvy,
or finding trusted experts if you
feel the technical tasks are outside your scope.
If you're not sure which approach to take,
the next step in our Help for Hacked Sites
can help you determine which route is most appropriate.
It may not be easy, but once you,
either by yourself or with the aid of your support team,
can identify the vulnerability, fix the problem,
and complete the review process, your site
may return online even more robust.
Now, that we all understand that recovery is possible,
let's back up for a moment and talk
about what it means for a site to be hacked.
Let's journey into the past and imagine your site happily
providing good content or a great service to users.
Unfortunately, while the site seems perfectly healthy,
in reality, it has a vulnerability.
A hacker then creates a software program
that can exploit this vulnerability on many sites
throughout the web.
Your site may be only one of the thousands affected.
Like an infection that can enter through a small wound
and then spread to your entire body,
once a hacker has found a way into a site
by exploiting a vulnerability, you
must assume they can now perform any action on the site,
like adding spammy text or even malicious software.
Some of the more common ways that a hacker can invade
a website include exploiting out of date or insecure software,
stealing login credentials, or installing malicious software,
called malware, on your personal computer that then steals
login credentials when you access your website.
Being hacked means that by using a technique such as those just
mentioned, someone who never authorized, a cyber criminal,
has compromised your site.
Why would someone want to do this?
For many cyber criminals, the motivation is financial.
Two common financial strategies involve
hacking a site to add spammy content
and hacking a site to distribute malware.
Let's discuss them both, starting
with the spam strategy.
Let's say you have a great site about boating
and you install on your site a fun plug-in,
or add-on software, that you think visitors might like.
Meanwhile, a far less scrupulous site owner, the hacker,
is out to make money in any way possible
from her pharmaceutical e-commerce website that
sells prescription drugs.
Rather than work hard to build a legitimate business
that customers appreciate, thereby bringing
positive reviews and merited links, this site owner
chooses another path, hacking into innocent sites
and adding links and text herself.
To do this, the hacker learns about a specific vulnerability
found in a website plug-in.
Unfortunately, this is the same plug-in installed on your site.
She then writes a program to scan the web,
looking for unsuspecting sites that
installed this vulnerable plug-in.
Once her program comes across your site,
it becomes the next target.
Her software breaks into your site
and adds spammy text and links to her pharmaceutical website.
Because the hacker needs the good reputation of your site
to make the scam effective, often, great care
is taken so the crime goes unnoticed.
The spammy links and text might be hidden.
Your site may function normally.
The site owner may be completely unaware they've
been victimized.
However, when a search engine like Google
visits your site, just as we visit many sites
on the public web to process the site's content for search
results, our algorithms may notice that something is awry.
For example, a reputable site that
has many pages about boating but then links
to a spammy pharmaceutical site looks like trouble.
Alternatively, and even worse than adding spammy content,
the hacker may have added code to distribute malware.
Malware is malicious software, like a software virus or worm.
Being hacked with malware can be especially harmful
because not only is your site affected,
but the malware code enables the cyber
criminal to use your site as a host
for also infecting your visitors' computers.
Once her malware is installed on various users' computers,
cyber criminals, again motivated by money,
can perform rogue actions like stealing login credentials
for online banking or financial transactions.
Because being hacked, either with malware
or with spammy content, can be dangerous to users, at Google,
we use a variety of automated tools
to detect the common signs of hacked sites
as quickly as possible.
It's extremely unlikely that your site was a false positive.
When we detect something suspicious,
we'll add a notification to our search results
to alert you, as well as protect searchers.
We'll also do our best to contact you
via your Google Webmaster Tools account.
In addition, we'll often send emails
to relevant addresses that might reach the right contact,
regardless of whether they have a Webmaster Tools account.
While we try to contact site owners as quickly as possible,
it's still tough to hear the diagnosis
that your site has been hacked.
The positive news is that with this knowledge,
you can take steps toward treatment, both for your site
and the safety of your visitors.
And once the problem is fixed and the review process
completed, the Warning label will
be removed from search results.
Your visitors can safely view all of your great content
once again.
How long does the recovery process take?
The amount of time depends on the technical expertise
of the site's recovery team, as well as the size of the site
and the extent of the damage.
Once a site is cleaned of hacked content, which
is by far the most difficult part,
the review process to remove user-facing warnings
requires at most a day or so for malware and phishing,
and possibly several weeks for spam.
Spam reviews often require more time
because they can involve manual investigation
or a complete reprocess of the hacked pages.
This video, Overview of a Hack Site,
completes the first step of a multi-step recovery process.
Next is to determine the best approach to remedy your site,
whether that's using your own technical skills
or garnering help from specialists.
We'll discuss these options in our next step
in Help for Hacked Sites.
See you there.