FAQ for hacked sites

This article brings together answers to the questions about hacking we at Google hear most often.

Why did my site get hacked?

Hackers have different motives for compromising a website. Examples include:

  • Financial gain through web spam: Placing spam links on your website or redirecting your website's traffic to other sites.
  • Stealing sensitive information: Copying files containing customer data like credit card numbers, personally identifiable information, or login credentials.
  • Communicating a political or social message: Defacing a website as a form of hacktivism, to emphasize a point of view and cause change.
  • Malware: Injecting malicious code through scripts or iFrames that pull content from another website that tries to attack any computer that views the page.
  • Thrill-seeking or vandalism: For no particular reason other than the thrill of invading and vandalizing your site.

How do I know I've been hacked?

Examples of common signs that your website has been attacked include the following:

  • Unusual traffic spikes, especially from unrelated search terms.
  • Visitors reporting malware.
  • Newly created accounts with administrator privileges.
  • Suspicious new pages added to your site.

How did I get hacked?

There are many possibilities, including the following:

  • Software vulnerabilities.
  • Leaked or guessed passwords.
  • Unauthenticated administrator pages.
  • Unsanitized database queries.
  • Unnecessary open ports.
  • Exploiting a human weaknesses through social engineering like phishing or impersonation of a trusted authority.

Eliminating or mitigating these vulnerabilities is extremely important.

Where can I go if I have additional questions?

The Google Search Central Help Community has an active group of Googlers and technical contributors that can help you with additional feedback. Also, most major Content Management System (CMS) providers have detailed documentation on how to resolve hacked cases. You can also seek help from a trusted security professional.

How can I reproduce the warnings displayed to the users of my site?

Safe Browsing displays warnings based on the user's browsing context. As a site owner, you might not be able to reproduce the warnings in your own browsing. The Search Console Security Issues report will tell you whether the issues Safe Browsing has seen with your website have been addressed.