Hacking is one of the prime problems web users face now a days. Hence, when a site is hacked assessing the site and getting into the cyber criminal’s mind to know his ultimate intention is very important. Hacking is done for the following reasons:
- For financial gain – By adding new visible spammy advertisements, concealed contents to manipulate rankings
- For phishing purpose or
- Using a deceptive technique called ‘Cloaking’ by adding contents which cannot be detected by the user. It is like using two different sets of contents linked in to the same URL.
You can easily investigate the damage and find out the hacker’s motive. The investigation is divided in three parts;
- Reviewing the URL examples in the webmaster tool: The examples are for phishing and security issues and therefore are categorized separately. First technique is to check more details in security issues, starting with code injection examples followed by compact injections. The second technique is to perform a Google search for the cached version of a hacked URL (cache :). Using this method, sometimes Google is successful to store the last clean pages of your site. The third technique is to use the ‘Fetch as Google’ feature in Webmaster tools. This feature reveals contents that are otherwise a hidden text. The fourth method is use one of the two tools- Wget and cURL.
- Performing a ‘site:’ search on Google: use this option to find specific URLs related to your site. You can also add additional queries to the ‘site:’ search. If the first page is clean, it is recommended to go through all the pages to realize the damage.
- Taking a closer look to your file system: assessing your file system for damage is more or less like checking your site for any hacking, spam or Phishing pages or malware.