How to use Google Alerts to find out if your site gets hacked
Every month thousands of websites get hacked into and have hidden links inserted into the pages by people wanting their spam sites to rank highly in the search engines.
Most SEO companies, including mine, see a good number of hacked websites, usually after the site owner contacts us wanting to find out why their Google traffic has suddenly dropped for no apparent reason.
Matt Cutts has stated that 2008 will be the year hacking and SEO collide:
2008 will be the year that hacking and search engine optimization (SEO) collide in a major way. By the end of the year, a nontrivial fraction of blackhat SEO will involve illegally hacking sites for links or landing pages.
One webhost will get a significant black eye as hundreds or thousands of customers’ websites are hacked. The growth of illegal-blackhat SEO will leave traditional blackhats with a difficult choice: risk doing something illegal or sit out.
Google doesn’t give you a warning when they see lots of links to black hat sites – they just stop sending traffic to the pages that contain them. If the hacker has only added the code to a few of your pages the traffic drop can be quite small and it becomes almost impossible to diagnose the problem.
Clearly what we need is some kind of easy to use method for site owners to get a notification as soon as these links are added. Because the hackers often hide the links from everybody apart from Google it’s clear that we need to leverage the Google spider to do the work for us.
Luckily Google Alerts allows us to create advanced search queries so we can set up an alert to monitor our websites for any terms that might appear when a hacker takes control. Of course we can’t monitor every term but it is a very good starting point. I must thank Vin from Digital Agencies for tipping me off about this trick.
To get started we need to think of a few likely spam terms that people might like to inject in our site and then use them to make up a search query:
viagra OR cialis OR levitra OR Phentermine OR Xanax site:blogstorm.co.uk
Next simply go to Google Alerts and enter the query above into the “Create a Google Alert” box and you will get an email whenever Google spots one of your chosen spam words on your site.
Post category: Search Engine Optimisation Tweet
Patrick Altoft is Director of Search at Branded3, a Leeds SEO & Digital Agency specialising in SEO, Web Design, Development & Social Media.
Comments
Read the 88 comments below, or add your own!
This is such a nice tip thanks Patrick – setting up straight away
Unlike most SEO tips it is really easy to do.
really,
It does not work as you can not mark a particulare site that you want to track those keywords on. All you can do is add those keywords to an alert. Now, Regardless if thousand and thousand of websites add the word like Viagra to their site, you will have hundreds and hundreds of alert to go through to see if one of them is your website. Ya great tip Patrick!
Sir Nitti what do you think the site: command does in the search query?
Please think before you make sarcastic comments.
Fantastic post again Patrick, I’m going to add you too my blogroll.
Sometimes I find hacked posts and notify the owner of the blog. However, most of the times owners just don’t reply.
Maybe you should insert some casino related terms to
(check source, ctrl+f “casino”) An example of a blogger that doesn’t reply to mail!. But hey, that’s his own mistake.
Awesome tip. Wish I had thought of it first!
Good tip Patrick. You’ve just pushed me to release the application we created to help with this problem too. It uses Google’s new Safe Browsing API and can send out alerts via email and RSS.
http://serpguard.com
Matt Cutts has stated that 2008 will be the year hacking and SEO collide.
Great tip Patrick, for sure I will blog about this article later
Great idea!
thanks a lot for the tip – my site was hacked just three days ago.
the hackers included some no index for the search engines and injected lots of spammy URLs.
since than I wondered how I can make sure to react faster in the future if this happens again – so, thx again for this useful tip!
I will give this article lot’s of “social love”
Nice post and a useful tip. I think you also need to use a file compare tool fairly regularly. There are plenty of free ones out there. Also keep your eye on which query keywords are being used to hit your pages.
Great idea, I have been using alerts to keep informed about other things and places for link building – never thought of it for this.
Never been hacked yet – but way below most peoples radar so far.
Thanks so much for this tip, I will put it to good use. I am about to revamp several of my websites and I will set up google alerts for each one as I go along. Two thumbs up!
Great tip. Happened to me a while ago and only through sheer luck did I find the spammy terms before too much damage happened. Thanks!
GAH! How did I not think of this on my own?!?! I LIVE by Google Alerts, and my site had been hacked for exactly this reason. I went through all necessary security thingies, but this is such a great solution that I could kiss you mate… ‘cept that we’re both blokes and all…
Maybe a hearty “thanks” would be more appropriate?
Thanks for the tip. I’ve been using Google Alerts more and more often recently. It’s a really handy tool and this tip just made it better.
Good Tips, one should always be aware of what is going on with their site and should check it quite often.
JT
If you are going to trust Google Alerts to protect/inform you of when you site has been hacked, you’ve already lost the game.
When exactly will Google index that specific page that contains the bad data? At which point will Google Alerts service do its run and notice your search terms and report them to you?
Google Alerts is meant to be an “email me these search results on weekly basis”-kind of service. It does not guarantee it will ever send you any notification.
If you want to keep your site safe, keep your eye on it and take necessary precautions to secure if from bad things ever happening.
Thanks for the tip and the interesting feedback comments, some valid points to consider.
So glad I saw this today. I’ve noticed some people reaching my site over the last couple of days with a search for Viagra, and Google searches have disappeared. Read your post, found the code, deleted it and changed my login. They had tucked the code into my WordPress theme files!
Will Google automatically add me back?
Maybe not, you should submit a reinclusion request.
So I received a Google Alert today for the search terms you listed above but I can’t find any reference to any of the spam words on the post. Am I missing something or does Google Alerts work of cached version (I believe this post was one of the posts that got hacked previously)?
This is the post in question Any insight you might have would be immensely appreciated…
Useful tip. I’ve been using Alerts to monitor rogue comments (via mail on my Nokia), but this one beats that too. The only problem happens when hackers read this tip and decide not to use any of the above tips
Thank you for the tip – i’ll use it asap.
This actually was a good tip. Thanks!
Hey! Thanks for this nice tip. I really want to be on guard against hackers in my sites.
I totally disagree with the suggestion that Google Alerts would be helpful. There are better things to do than set up Google alerts for possible hacked search term / link insertions on a site — for terms like Viagra or Cialis. What other search terms might be inserted? And who’s to say a hacker would even use meaningful search terms to meet their end?
A better defense is intrusion detection by file compare. If a file on your site gets touched when it was suppose to be left alone, then look into. Run a file compare if needed.
Alternatives could also be to get a truly secure host provider… one that rely on real security pros; or better, run your own secure server with software that monitor host file system changes (i.e. IPS, Tripwire, OSSEC, etc.).
If you’ve got something valuable enough to justify the expense, get the right protection.
If those aren’t doable options, Google Alerts could be a viable cheap safety net against such attacks – albeit gaps big enough to drop an elephant through. Just don’t get lulled into a false sense of security just because you think you’ve got Google Alerts looking for potential black hat seo attacks.
Last, what’s also important is the real likelihood of a black hat seo search term / link insertion attack vs. real threats situations like rootkit compromised servers, shopping cart sql injection, cross site scriting / forgery, web session hijacks, etc.? Matt Cutts could be more helpful by giving real Google stats and findings on the real threat than dispensing unsubstantiated predictions.
And that’s all I have to say…
Doug
@Doug
You make some good points. I’m sure the total number of cracked sites exceeds the number of sites exploited for this purpose. Google hasn’t released any figures but they are working in partnership with StopBadware.org, who reports 132,638 urls in their database.
Installing tripwire, upgrading your server environment would all be more effective anti-hacking methods than this tip – but it is still useful as an additional step.
The real issue here is how many of these malware infections have been a result of WordPress or other Open Source software. We have drastically reduced the diversity of web production software out there, so once an exploit is discovered it can be applied to many thousands of sites.
I’m not knocking OS but reducing this diversity greatly increases the need to make the most commonly used programs *very* secure. That is where the most effective pressure can be applied IMHO.
For example, I’m surprised that none of the third-party plugins that provide extra security have not already been integrated into the core WP code. Although it is good that they have forced users to adopt a more secure password.
The tip is much useful thanks for your valuable ideas!!!
We agree – we believe SEO and spam will fully collide this year as well as we keep seeing an increased number of good sites effected by this. This tip is an awesome one!
Great tip-have set it up. Will have a read of the rest of your site ASAP.
This is awesome Patrick. I’ve just started using the service 2 days ago, after I got *cough again *cough hacked.
@Robbert: thanks for letting me know about the issue. problem is I never got your e-mail, another reader told me all about it. I just sent you an e-mail via your website’s contact form. Cheers
-Tibi
Interesting post! Just found your site and am very impressed with it.
I fear that Hacking is (as Matt Cutts says) going to be a major problem. I think perhaps a post on what should be done to Hackers if they get caught should be an interesting topic for future posts.
Good advice and I have added several word alerts. I understand this isn’t foolproof but every like thing helps. Thank you for post this.
Okay I’m confused now, Google Alerts Page says “Google Alerts are email updates of the latest relevant Google results (web, news, etc.) based on your choice of query or topic.”
But your postabove states “you will get an email whenever Google spots one of your chosen spam words on your site”. So now I’m getting an email on all post around the Internet on the words I entered so I can go and look at the posts. The post aren’t at my site though? Could you explain this further? Thanks
I was recently hacked, so this is a great tip.
Many thanks.
thx for the great stuff
Good gravy, this is an awesome tip. Whomever you are: “Patrick”? Tip jar is missing.
Excellent tip Patrick. I use Google Alerts for all sorts of things and this will surely become one of them. This not the most thorough way to defeat these types of attacks, however it is an easy, cost effective way of monitoring the potential clandestine on-goings of your site. Happy SEOing everyone.
Brilliant tip Patrick. So simple and elegant a solution.
This is how I found out that my blog had been hacked. Now I just need to figure out how to get Google to let me back in!
Very good tip. I never knew this. Thanks for your information.
Google Alerts can save you a lot of time, and also keep you up to date on what’s going on in your niche.
A very basic question on this as I am a newbie:
If I use WordPress to build my site, how does it get hacked if I have a unique ID and password for the admin page?
This is scary stuff. I hope all Webhosting providers improve their security and logging. This way any potential breaches can be thwarted and investigated.
thank for sharing
Thanks very much, Patrick. Just initiated my own alert.
I hope you’re well.
There certainly are some interesting ideas here which I will be adding to my toolset.
Google also provides notification to webmasters when it detects that a webpage is a danger to visitors due to malware. Make sure you have Google Webmaster Tools set up for your site to ensure you will get this notification.
thanks for me it great
A very good tip, hopefully it won’t happen, but it’s a great way of getting a notification should it occur! Cheers Patrick!
Wow, great tip! I may incorporate that for my site!
Thanks!
Great tips, I’ve been in the industry for 5 years and still learn something new everyday
This is a very interesting and informative blog post, thanks for the info.
Is there a list of the latest spam words/phrases doing the rounds?
Would be good to use this with Google Alert.
Good article!
Wish I had taken this advice sooner, Patrick. They’re getting very devious with their attacks now: http://www.askshane.org/daily-tips/devious-wordpress-hack-using-wp_remote_fopen.php
This is real useful information and ” A Must Use Thing”
10 + for this
But how to use it, I am not clear of.
Google is developing more than I can follow. Thanks for the things who are most important.
You are right to warn people about this, but it looks like some of your readers could learn more about how to use Google Alerts correctly. Here is a free Google Alerts tutorial:
http://www.alertrank.com/google-alerts-tutorial.html
I hope this helps.
Very good editorial pieces on this site. Is anyone out there really up on their affiliation marketing? I would like to ask some questions.
Thanks for the post Patrick as have been seeing a massive increase in spam replies on my blog, off to set up an alert now.
Another type of hack that webmasters should watch for is a phishing scam using URLs meant to resemble your site. I’ve written up a complete procedure for this on my blog:
http://www.alertrank.com/mrgooglealerts/2009/05/12/protect-against-phishing-scam/
The basic idea is to set up Google Alerts for two patterns:
site:yourbrand.*
site:yourbrand.*.*
I am using google alerts to knwo about my blog posts mentioning somewhere are .
That’s very hackish method and will only catch this kind of spam. If you want comprehensive monitoring, I suggest using a real app for that…
For example sucuri.net offers free real time monitoring of any web site (and domain) against defacement, hacking, blacklisting, etc…
Thank you for great post!
This is a great tip and so easy to follow. I know if I can do it anyone can. Thanks for making it so simple.
This is flat out genius! I had never thought of using the alerts this way.
I may be coding challenged but I never really understood how someone could inject links etc onto another site through hacking. Don’t hosts provide better security than that?
RTW there are plenty of ways to inject links into other sites. Search for XSS for example.
Thanks, very useful tip
An excellent explanation. Thanks!
I’m linking to this from my site as well (nice Google karma).
Best Wishes,
Jim
http://hackrepair.com
google alerts is a great wat for linkbuilding as well..
thanks for your article
good article for all sites owners.
I found this when trying to protect my sites from further attack as I have just had my first experience of a virus taking down all my sites for over a week
. Thanks for sharing as its a great way to prevent, not cure!
I must need Google Alert. I will use it.
Google alerts offer many useful features, but this is by far and away one of the more practical as a real world solution. Hackers are a problem that are not going to go away, as their desire to destroy is almost a strong as our desire to create and build. Be vigilant people and we will beat them
blogsearch function of Google is great as well for linkbuilding.
This is a great tip – many thanks for passing this on ….
I find Google alerts to be adequate for what it is, however have found your post highly insightful. @ RTW They do provide a lot of security, especially ones who put a Codex on.
Love it!
But what if the hacker is using millions of other spammy keywords.
The better option is to always alert and have all the security updates in place and change the passwords frequently.
Those links usually happen when people download pirated themes or scripts . Same things is valid for open source programs and tools which can contain hidden link-backs or back-doors if not downloaded from their official web sites. Thank you for the tip.
Good tips. Sadly this also happens when downloading templates for wordpress. The programmers often hide links back to their sites in div’s that are 900px to the left or right of the screen, so although the link is not seen by the user, it is seen by Google, and without taking the time to look at the source code of each webpage to see if this is happening, it was virtually impossible to quickly find these…until now
Well, finally I have found the solution. At least some keywords don’t show up Cialis no more.
You should go to webftp and find the files that contain Drugstore and eval (gzinflate(base64_decode(.
Delete the files if the files are not wordpress file and remove the virus line in wordpress file such as wp-config.php.
You could read the detail here:
http://agusnizami.wordpress.com/2011/05/27/cialis-found-on-wordpress-google-search-and-the-solution-to-remove-the-virus/
Now, THAT is an interesting tip! Obviously the best is to make sure that your security is flawless, but as a last line of defense this is really excellent.
Better late than never – appreciate the tip Patrick. Just setup the Google alert now. Just one question – After entering the search query do you enter site:(site) or insite:(site) ?
36 trackbacks
June 26, 2008 at 10:19pm
June 26, 2008 at 11:35pm
June 27, 2008 at 1:39am
June 27, 2008 at 1:40pm
June 27, 2008 at 2:43pm
June 28, 2008 at 12:31am
June 28, 2008 at 1:37am
June 28, 2008 at 1:32pm
July 3, 2008 at 9:26pm
July 4, 2008 at 8:08pm
July 30, 2008 at 1:20pm
July 30, 2008 at 2:45pm
August 14, 2008 at 7:20pm
August 22, 2008 at 10:31am
September 1, 2008 at 12:53pm
September 19, 2008 at 2:16pm
September 21, 2008 at 8:35am
September 28, 2008 at 3:26pm
November 10, 2008 at 12:55pm
November 11, 2008 at 8:42pm
November 19, 2008 at 7:30am
January 13, 2009 at 12:06am
January 28, 2009 at 2:49am
March 19, 2009 at 3:10pm
April 8, 2009 at 11:46pm
May 21, 2009 at 3:47pm
July 13, 2009 at 2:55am
September 15, 2009 at 10:09am
September 30, 2009 at 9:17pm
October 17, 2009 at 7:58am
November 25, 2009 at 8:56pm
January 18, 2010 at 2:50pm
February 2, 2010 at 6:54am
March 2, 2010 at 1:37pm
March 7, 2010 at 1:27am
September 24, 2010 at 10:39pm