SK’s Technology & Social Blog

I was inspecting the traffic to one of my customer’s website in the past few days and observed that it was only making 3-5 visits a day and I found this quite strange. So I make a decision to check Google analytics installed on that website to see how much traffic that website was receiving.

Not surprisingly, I check it and the website was only getting 3-5 visitors a day as opposed to 100+ organic search traffic.  Initially I thought the website might has for some reason gotten nuked by Google and Yahoo, but then realized that the website is still in top 3 results for the targeted keywords, in search rankings.  My next move was to click on the website link, and there it is - the moment every webmaster worries a lot.

The website was hacked by someone that forwarded all search engine traffic to another site so as to download a virus and then make an effort to sell you software to get rid of that virus. I have run across similar sorts of viruses before. I wasn’t able to understand why I couldn’t access the website straight from the search engines. However, if I type the name of the website directly in to my browser I had no problems.  Time for some troubleshooting skills!!!

I’ll go through the steps I did for troubleshooting then:

1. Login to your control panel and find when your files were last modified, if any file was modified, check to see if they added a Meta redirect.  Ex: “meta refresh=meta http-equiv=’refresh’ content=’0; url=http://www.anysite.com/” 
2. Verify the last time that someone logged into your control panel (previous to your current login). Distinguish if you remember logging in then.
3. Verify the last time somebody uploaded something via FTP (Ahaan!!!) - This was where I noticed the issue.
4. Verify if your domain is pointing to your name server and see if any 301 redirects have been added.
5. Verify if there is anything weird in your .htaccess file, this was my issue. Someone used my FTP server to overwrite my .htaccess file with their own which simply said “if it is any of these search engines: “listed the search engines”, redirect to their website”, I won’t show the actual code because I don’t want to spread the knowledge around.  Once you see that your .htaccess is redirecting elsewhere, simply empty it out.

Now you have fixed your problem temporarily, but what else can you do to avoid this thing happending again???  

1. Check to see if your .htaccess file is public by typing http://www.example.com/.htaccess, it should return a “403 access denied” error.  If it doesn’t, that is a big issue, change it to a hidden passworded file in your control panel.
2. Change the passwords for your FTP accounts.
3. Change the password to your control panel.
4. Contact your web host to find a way to better secure your websites in the future (and most likely their own servers as well, they will want you to report these things)

Then all you have to do is go around ranting and raving about how much money you lost and how much time it took to fix the problem, and then continue on with your day.

Website security is a big issue, the best place to learn more about it is a web hosting forum.  If your website gets hacked it is very possible that people will report it to spam watch sites and the search engines and you could easily lose all the time you spent on search engine optimization.