By Patrick Altoft 6 years ago in SEO

How to use Google Alerts to find out if your site gets hacked

Every month thousands of websites get hacked into and have hidden links inserted into the pages by people wanting their spam sites to rank highly in the search engines.

Most SEO companies, including mine, see a good number of hacked websites, usually after the site owner contacts us wanting to find out why their Google traffic has suddenly dropped for no apparent reason.

Matt Cutts has stated that 2008 will be the year hacking and SEO collide:

2008 will be the year that hacking and search engine optimization (SEO) collide in a major way. By the end of the year, a nontrivial fraction of blackhat SEO will involve illegally hacking sites for links or landing pages.

One webhost will get a significant black eye as hundreds or thousands of customersâ€™ websites are hacked. The growth of illegal-blackhat SEO will leave traditional blackhats with a difficult choice: risk doing something illegal or sit out.

Google doesn’t give you a warning when they see lots of links to black hat sites – they just stop sending traffic to the pages that contain them. If the hacker has only added the code to a few of your pages the traffic drop can be quite small and it becomes almost impossible to diagnose the problem.

Clearly what we need is some kind of easy to use method for site owners to get a notification as soon as these links are added. Because the hackers often hide the links from everybody apart from Google it’s clear that we need to leverage the Google spider to do the work for us.

Luckily Google Alerts allows us to create advanced search queries so we can set up an alert to monitor our websites for any terms that might appear when a hacker takes control. Of course we can’t monitor every term but it is a very good starting point. I must thank Vin from Digital Agencies for tipping me off about this trick.

To get started we need to think of a few likely spam terms that people might like to inject in our site and then use them to make up a search query:
viagra OR cialis OR levitra OR Phentermine OR Xanax site:blogstorm.co.uk

Next simply go to Google Alerts and enter the query above into the “Create a Google Alert” box and you will get an email whenever Google spots one of your chosen spam words on your site.

By Patrick Altoft. at 10:16AM on Thursday, 26 Jun 2008

Patrick is the Director of Strategy at Branded3 and has spent the last 11 years working on the SEO strategies of some of the UK's largest brands. Patrick’s SEO knowledge and experience is highly regarded by many, and he’s regularly invited to speak at the world’s biggest search conferences and events. Follow Patrick Altoft on Twitter.

comments

http://seogadget.co.uk Richard Baxter

This is such a nice tip thanks Patrick – setting up straight away
- http://www.blogstorm.co.uk Patrick Altoft
  
  Unlike most SEO tips it is really easy to do.
  - Sir Nitti
    
    really,
    
    It does not work as you can not mark a particulare site that you want to track those keywords on. All you can do is add those keywords to an alert. Now, Regardless if thousand and thousand of websites add the word like Viagra to their site, you will have hundreds and hundreds of alert to go through to see if one of them is your website. Ya great tip Patrick!
  - http://www.blogstorm.co.uk Patrick Altoft
    
    Sir Nitti what do you think the site: command does in the search query?
    
    Please think before you make sarcastic comments.
http://www.pingpongpie.com Chris Angus

Fantastic post again Patrick, I’m going to add you too my blogroll.
http://www.informationeel.nl Robbert

Sometimes I find hacked posts and notify the owner of the blog. However, most of the times owners just don’t reply.

Maybe you should insert some casino related terms to

(check source, ctrl+f “casino”) An example of a blogger that doesn’t reply to mail!. But hey, that’s his own mistake.
http://treatmentsearch.co.uk rishil

Awesome tip. Wish I had thought of it first!
http://nickwilsdon.com Nick Wilsdon

Good tip Patrick. You’ve just pushed me to release the application we created to help with this problem too. It uses Google’s new Safe Browsing API and can send out alerts via email and RSS.

http://serpguard.com
http://sunnybeachrealestate.net/ sunny beach

Matt Cutts has stated that 2008 will be the year hacking and SEO collide.
http://www.navinpoeran.nl Navin Poeran

Great tip Patrick, for sure I will blog about this article later
http://www.aroxo.com Matt

Great idea!
Tom

thanks a lot for the tip – my site was hacked just three days ago.

the hackers included some no index for the search engines and injected lots of spammy URLs.

since than I wondered how I can make sure to react faster in the future if this happens again – so, thx again for this useful tip!

I will give this article lot’s of “social love”
- http://millerpages.co.uk KeithM
  
  Nice post and a useful tip. I think you also need to use a file compare tool fairly regularly. There are plenty of free ones out there. Also keep your eye on which query keywords are being used to hit your pages.
http://www.deadflyseo.com/ Leslie

Great idea, I have been using alerts to keep informed about other things and places for link building – never thought of it for this.

Never been hacked yet – but way below most peoples radar so far.
Pingback: News About Tech from all around the world » SearchCap: The Day In Search, June 26, 2008()
Pingback: PPC Blog » 123 Reg Hacked()
http://www.biznotebuyer.com Buy Business Note

Thanks so much for this tip, I will put it to good use. I am about to revamp several of my websites and I will set up google alerts for each one as I go along. Two thumbs up!
http://www.adampieniazek.com/ Adam Pieniazek

Great tip. Happened to me a while ago and only through sheer luck did I find the spammy terms before too much damage happened. Thanks!
Pingback: How-to automatically discover your site has been hacked using Google Alerts()
http://www.jexanalytics.com.au Judd Exley

GAH! How did I not think of this on my own?!?! I LIVE by Google Alerts, and my site had been hacked for exactly this reason. I went through all necessary security thingies, but this is such a great solution that I could kiss you mate… ‘cept that we’re both blokes and all…

Maybe a hearty “thanks” would be more appropriate?
http://www.creativecaravan.co.uk Creativecaravan

Thanks for the tip. I’ve been using Google Alerts more and more often recently. It’s a really handy tool and this tip just made it better.
Pingback: Site Upgrade()
http://www.ULtimate-Anonymity.com JIm Jones

Good Tips, one should always be aware of what is going on with their site and should check it quite often.

JT
Pingback: Weekly Round up » Self Made Minds()
tt

If you are going to trust Google Alerts to protect/inform you of when you site has been hacked, you’ve already lost the game.

When exactly will Google index that specific page that contains the bad data? At which point will Google Alerts service do its run and notice your search terms and report them to you?

Google Alerts is meant to be an “email me these search results on weekly basis”-kind of service. It does not guarantee it will ever send you any notification.

If you want to keep your site safe, keep your eye on it and take necessary precautions to secure if from bad things ever happening.
http://www.dianestafford.co.uk Diane

Thanks for the tip and the interesting feedback comments, some valid points to consider.
http://www.mmwords.com Mark

So glad I saw this today. I’ve noticed some people reaching my site over the last couple of days with a search for Viagra, and Google searches have disappeared. Read your post, found the code, deleted it and changed my login. They had tucked the code into my WordPress theme files!

Will Google automatically add me back?
- http://www.blogstorm.co.uk Patrick Altoft
  
  Maybe not, you should submit a reinclusion request.
Pingback: links for 2008-06-27 « Sigidisig()
Pingback: Link-Fest for Friday June 27th 2008 | SEOpsCentre()
http://www.adampieniazek.com/ Adam Pieniazek

So I received a Google Alert today for the search terms you listed above but I can’t find any reference to any of the spam words on the post. Am I missing something or does Google Alerts work of cached version (I believe this post was one of the posts that got hacked previously)?

This is the post in question Any insight you might have would be immensely appreciated…
http://www.techzilo.com Sumesh

Useful tip. I’ve been using Alerts to monitor rogue comments (via mail on my Nokia), but this one beats that too. The only problem happens when hackers read this tip and decide not to use any of the above tips
Pingback: antonolsen.com » Blog Archive » links for 2008-06-28()
http://www.o1t.de Ruth

Thank you for the tip – i’ll use it asap.
http://www.gunnarandreassen.com Gunnar Andreassen

This actually was a good tip. Thanks!
http://gfanatic.com Rhea – Google Fan

Hey! Thanks for this nice tip. I really want to be on guard against hackers in my sites.
Doug Davidson

I totally disagree with the suggestion that Google Alerts would be helpful. There are better things to do than set up Google alerts for possible hacked search term / link insertions on a site — for terms like Viagra or Cialis. What other search terms might be inserted? And who’s to say a hacker would even use meaningful search terms to meet their end?

A better defense is intrusion detection by file compare. If a file on your site gets touched when it was suppose to be left alone, then look into. Run a file compare if needed.

Alternatives could also be to get a truly secure host provider… one that rely on real security pros; or better, run your own secure server with software that monitor host file system changes (i.e. IPS, Tripwire, OSSEC, etc.).

If you’ve got something valuable enough to justify the expense, get the right protection.

If those aren’t doable options, Google Alerts could be a viable cheap safety net against such attacks – albeit gaps big enough to drop an elephant through. Just don’t get lulled into a false sense of security just because you think you’ve got Google Alerts looking for potential black hat seo attacks.

Last, what’s also important is the real likelihood of a black hat seo search term / link insertion attack vs. real threats situations like rootkit compromised servers, shopping cart sql injection, cross site scriting / forgery, web session hijacks, etc.? Matt Cutts could be more helpful by giving real Google stats and findings on the real threat than dispensing unsubstantiated predictions.

And that’s all I have to say…

Doug
http://nickwilsdon.com Nick Wilsdon

@Doug

You make some good points. I’m sure the total number of cracked sites exceeds the number of sites exploited for this purpose. Google hasn’t released any figures but they are working in partnership with StopBadware.org, who reports 132,638 urls in their database.

Installing tripwire, upgrading your server environment would all be more effective anti-hacking methods than this tip – but it is still useful as an additional step.

The real issue here is how many of these malware infections have been a result of WordPress or other Open Source software. We have drastically reduced the diversity of web production software out there, so once an exploit is discovered it can be applied to many thousands of sites.

I’m not knocking OS but reducing this diversity greatly increases the need to make the most commonly used programs *very* secure. That is where the most effective pressure can be applied IMHO.

For example, I’m surprised that none of the third-party plugins that provide extra security have not already been integrated into the core WP code. Although it is good that they have forced users to adopt a more secure password.
http://tkada.com/ tkada.com

The tip is much useful thanks for your valuable ideas!!!
http://www.searchengineoptimizationjournal.com Search Engine Optimization Journal

We agree – we believe SEO and spam will fully collide this year as well as we keep seeing an increased number of good sites effected by this. This tip is an awesome one!
Pingback: How to use Google Alerts to watch for your site being hacked | The Wardman Wire()
http://brennybaby.blogspot.com Richard Brennan

Great tip-have set it up. Will have a read of the rest of your site ASAP.
http://www.lostartofblogging.com Tibi Puiu

This is awesome Patrick. I’ve just started using the service 2 days ago, after I got *cough again *cough hacked.
@Robbert: thanks for letting me know about the issue. problem is I never got your e-mail, another reader told me all about it. I just sent you an e-mail via your website’s contact form. Cheers

-Tibi
http://www.drabdesign.com Drabdesign

Interesting post! Just found your site and am very impressed with it.

I fear that Hacking is (as Matt Cutts says) going to be a major problem. I think perhaps a post on what should be done to Hackers if they get caught should be an interesting topic for future posts.
http://www.myrecycledbags.com RecycleCindy

Good advice and I have added several word alerts. I understand this isn’t foolproof but every like thing helps. Thank you for post this.
http://www.myrecycledbags.com RecycleCindy

Okay I’m confused now, Google Alerts Page says “Google Alerts are email updates of the latest relevant Google results (web, news, etc.) based on your choice of query or topic.”

But your postabove states “you will get an email whenever Google spots one of your chosen spam words on your site”. So now I’m getting an email on all post around the Internet on the words I entered so I can go and look at the posts. The post aren’t at my site though? Could you explain this further? Thanks
Pingback: Warning webmasters ! Possible new virus - Bloggeries Blog Forum()
http://www.howaboutawii.com Dan H

I was recently hacked, so this is a great tip.

Many thanks.
http://sites.google.com/site/edhardybychristianaudigier/ Christian

thx for the great stuff
http://www.weightlossinfo.us tony dee

Good gravy, this is an awesome tip. Whomever you are: “Patrick”? Tip jar is missing.
J. Scott

Excellent tip Patrick. I use Google Alerts for all sorts of things and this will surely become one of them. This not the most thorough way to defeat these types of attacks, however it is an easy, cost effective way of monitoring the potential clandestine on-goings of your site. Happy SEOing everyone.
http://www.asemus.org Jonk

Brilliant tip Patrick. So simple and elegant a solution.
http://holaisabel.com Isabel

This is how I found out that my blog had been hacked. Now I just need to figure out how to get Google to let me back in!
http://www.unsecuredloanshelp.com Louis

Very good tip. I never knew this. Thanks for your information.
Google Alerts can save you a lot of time, and also keep you up to date on what’s going on in your niche.
luboff

A very basic question on this as I am a newbie:

If I use WordPress to build my site, how does it get hacked if I have a unique ID and password for the admin page?
Pingback: Ways to Find Out if Your Site Has Been Hacked or Hijacked()
Pingback: How to Migrate Blogger Powered Blogs to Wordpress | Shaun Low()
http://www.vmoptions.com VMOptions

This is scary stuff. I hope all Webhosting providers improve their security and logging. This way any potential breaches can be thwarted and investigated.
http://www.cfr-cluj.info Cfr-Cluj

thank for sharing
http://www.davidairey.com David Airey

Thanks very much, Patrick. Just initiated my own alert.

I hope you’re well.
Pingback: Blogs Are Growing Target for Malware and Phishing Attacks()
http://www.liamhennessy.com Liam

There certainly are some interesting ideas here which I will be adding to my toolset.

Google also provides notification to webmasters when it detects that a webpage is a danger to visitors due to malware. Make sure you have Google Webmaster Tools set up for your site to ensure you will get this notification.
http://www.naz.net naz.net

thanks for me it great
Pingback: Let Google keep an eye on hackers (from Business Marketing Online)()
Pingback: How to Migrate Blogger Powered Blogs to Wordpress()
Pingback: The DaveN Blog Hack Raises Important Questions For Google()
Pingback: Keep an eye on your site with Google Alerts | EveryDayTutor()
Pingback: Why WP Needs a Compare Cache Against Post Plugin « SEO - Yack Yack SEO()
http://www.zath.co.uk Zath

A very good tip, hopefully it won’t happen, but it’s a great way of getting a notification should it occur! Cheers Patrick!
Pingback: 5 Questions You Can Answer with Google Webmaster Tools()
Pingback: FUD about hacked WordPress blogs()
Pingback: HearVox News » Google Alert for Hacked Site()
http://www.photosforsouls.com Jonathan Woodruff

Wow, great tip! I may incorporate that for my site!

Thanks!
Pingback: 7 SEO blogs and 21 useful articles | David Airey Â» graphic designer, logo designer()
http://www.reviewsacai.com Acai Berry Reviews

Great tips, I’ve been in the industry for 5 years and still learn something new everyday
Pingback: Test A Domain For Hidden Hacked Spam With JavaScript Bookmarklet | Online Sales()
http://www.adaptatech.co.uk DVD authoring

This is a very interesting and informative blog post, thanks for the info.
Tony

Is there a list of the latest spam words/phrases doing the rounds?

Would be good to use this with Google Alert.

Good article!
http://www.askshane.org/ Shane

Wish I had taken this advice sooner, Patrick. They’re getting very devious with their attacks now: http://www.askshane.org/daily-tips/devious-wordpress-hack-using-wp_remote_fopen.php
http://www.internal-external-hemorrhoids-pictures.com/ Daniel Pile

This is real useful information and ” A Must Use Thing”

10 + for this
Pingback: Comments Using Google Alerts For The Internet Marketer | Rob Malon [dot] Com()
http://www.vaishravana.com Chinese Translation

But how to use it, I am not clear of.
http://www.ergonomische-werkplek.nl/c86/stahulp/zadelkrukken Zadelkruk

Google is developing more than I can follow. Thanks for the things who are most important.
Pingback: 12 Defensive Steps To Secure Your Sites & Income()
http://alertrank.com/mrgooglealerts Adam Green

You are right to warn people about this, but it looks like some of your readers could learn more about how to use Google Alerts correctly. Here is a free Google Alerts tutorial:
http://www.alertrank.com/google-alerts-tutorial.html

I hope this helps.
http://www.maps4pets.com/ Top Dog

Very good editorial pieces on this site. Is anyone out there really up on their affiliation marketing? I would like to ask some questions.
http:www.reselldigitalproducts.com Jason

Thanks for the post Patrick as have been seeing a massive increase in spam replies on my blog, off to set up an alert now.
http://alertrank.com/mrgooglealerts Adam Green

Another type of hack that webmasters should watch for is a phishing scam using URLs meant to resemble your site. I’ve written up a complete procedure for this on my blog:
http://www.alertrank.com/mrgooglealerts/2009/05/12/protect-against-phishing-scam/

The basic idea is to set up Google Alerts for two patterns:
site:yourbrand.*
site:yourbrand.*.*
http://computersservicing.blogspot.com/ venkat

I am using google alerts to knwo about my blog posts mentioning somewhere are .
Pingback: Ebiquity Google alert tripwires triggered()
dd

That’s very hackish method and will only catch this kind of spam. If you want comprehensive monitoring, I suggest using a real app for that…

For example sucuri.net offers free real time monitoring of any web site (and domain) against defacement, hacking, blacklisting, etc…
Pingback: Google alert setting to find if your site is hacked()
Pingback: Wordpress SEO: Wordpress Security Why it Matters to SEO()
http://www.bangpass.com/t1/pps=netkam/ Scaltyfault

Thank you for great post!
Pingback: Christian Traffic Exchange » Comments Using Google Alerts For The Internet Marketer()
Pingback: Wordpress SEO: Wordpress Security Why it Matters to SEO | Internet, Marketing, Enterprenuership()
http://www.bruceswedal.com Bruce

This is a great tip and so easy to follow. I know if I can do it anyone can. Thanks for making it so simple.
http://www.authoritydirectory.com/ Auth

This is flat out genius! I had never thought of using the alerts this way.
http://ravetheweb.com/ RTW

I may be coding challenged but I never really understood how someone could inject links etc onto another site through hacking. Don’t hosts provide better security than that?
- http://www.blogstorm.co.uk Patrick Altoft
  
  RTW there are plenty of ways to inject links into other sites. Search for XSS for example.
http://www.gengtang.net wordpressseo

Thanks, very useful tip
Pingback: 7 Things to Keep in Mind When Assessing the Security Risk of Using WordPress as a CMS | Free WordPress Website Help | Ask WP Girl | Boulder, Colorado()
http://tvcnet.com Jim

An excellent explanation. Thanks!
I’m linking to this from my site as well (nice Google karma).
Best Wishes,
Jim
http://hackrepair.com
http://www.aannemersinfo.nl/ aannemer

google alerts is a great wat for linkbuilding as well..
henry

thanks for your article
http://www.teachers4uonline.com henry

good article for all sites owners.
Pingback: SEO ROI » How In-House SEOs Can Add Value Beyond Search()
Pingback: New Wordpress Hacking Strategy Using Cloaking to Target Google IP Addresses : Beginning Network()
http://www.nintendowiifitconsole.co.uk/ Wii Accessories

I found this when trying to protect my sites from further attack as I have just had my first experience of a virus taking down all my sites for over a week :-(. Thanks for sharing as its a great way to prevent, not cure!
Pingback: Google finally adds hacking notifications to Webmaster Tools()
Pingback: Google Alerts « IT stuff 4 u()
http://jobforblogger.blogspot.com forlan

I must need Google Alert. I will use it.
http://www.deeho.co.uk Deeho SEO

Google alerts offer many useful features, but this is by far and away one of the more practical as a real world solution. Hackers are a problem that are not going to go away, as their desire to destroy is almost a strong as our desire to create and build. Be vigilant people and we will beat them
http://www.presadifinica.net Presa di finica

blogsearch function of Google is great as well for linkbuilding.
http://www.chotrul.com mark carter

This is a great tip – many thanks for passing this on ….
http://www.technologyblogged.com Technology Jakk

I find Google alerts to be adequate for what it is, however have found your post highly insightful. @ RTW They do provide a lot of security, especially ones who put a Codex on.
http://www.petsahead.co.uk Jonathan

Love it!
Pingback: Comments Using Google Alerts For The Internet Marketer | URSTAFF()
http://www.zervidesk.com/ ZerviDesk Systems India

But what if the hacker is using millions of other spammy keywords.

The better option is to always alert and have all the security updates in place and change the passwords frequently.
http://www.theskykid.com skykid

Those links usually happen when people download pirated themes or scripts . Same things is valid for open source programs and tools which can contain hidden link-backs or back-doors if not downloaded from their official web sites. Thank you for the tip.
http://www.jaywhale.com Jay

Good tips. Sadly this also happens when downloading templates for wordpress. The programmers often hide links back to their sites in div’s that are 900px to the left or right of the screen, so although the link is not seen by the user, it is seen by Google, and without taking the time to look at the source code of each webpage to see if this is happening, it was virtually impossible to quickly find these…until now
http://media-islam.or.id Agus Nizami

Well, finally I have found the solution. At least some keywords don’t show up Cialis no more.
You should go to webftp and find the files that contain Drugstore and eval (gzinflate(base64_decode(.
Delete the files if the files are not wordpress file and remove the virus line in wordpress file such as wp-config.php.

You could read the detail here:
http://agusnizami.wordpress.com/2011/05/27/cialis-found-on-wordpress-google-search-and-the-solution-to-remove-the-virus/
http://www.seo-translator.com WebsiteTranslation

Now, THAT is an interesting tip! Obviously the best is to make sure that your security is flawless, but as a last line of defense this is really excellent.
http://www.netcars.com/ Louis Rix

Better late than never – appreciate the tip Patrick. Just setup the Google alert now. Just one question – After entering the search query do you enter site:(site) or insite:(site) ?
http://tanketal.se Karin

Thanks
both for the tip and the easy to follow explanation
It will not prevent but it is great to get an early alert
http://www.ervaringen.nl Mike

I was looking for a tool like this for a while. Its impossible to check all my websites manually for hack activity.
http://calldenverhome.com/ Frank

Recently had this problem with one of my blog sites that we got hacked, and by the time it all got fixed with the alert it was too late. For the past couple months we have tried a number of different tactics to rebound from google penalizing this type of spam link.

Finally we got a domain change and that has fixed it so that the blog is rebounding from a steep dive. It was a lot of work to get that blog set back up though. If any of you guys gets plagued by a hacker, act IMMEDIATELY on the spam alert. Otherwise change the domain quick.

Just a Friendly piece of advice if you get hacked
http://www.dadiehost.com/ Dadie Host

Patrick Altoft, you deserve praise keep up the good work, will look forward for your future work!