We were hacked. Bet the thought of it gives you shivers. It sure did me, and more!
As a web designer I use many tools to monitor my site and stats. I signed up for Google Webmaster Tools and was horrified to see a list of keywords that were pornographic AND not on my site. The first question, of course, was where on earth were these coming from.
The next step was to go through every page on the server and check for files / folders that appear suspicious. My main site was fine. What was not fine were archived folders (2) outside of my main site.
I downloaded one of the pages to view the code and saw that there was a script underneath. On further research (Google search) I discovered that these pages were simply jumping off points, due to the script, to actual pornographic sites. But there was my url listed with these awful pornographic words – in Google’s search index The Cat site.
What I Did Once Found
I removed the files. I created a 400, 403, 404 page stating “PLEASE NOTE: WE HAVE HAD A PROBLEM RECENTLY OF FILES BEING UPLOADED TO OUR WEBSITE THAT WERE NOT CREATED BY THIS COMPANY AND CONTAIN OFFENSIVE MATERIAL. IF YOU ARE LOOKING FOR THESE FILES, THEY NO LONGER EXIST.”
Seeking Extra Resources
My next step was to go to upload an htaccess file loaded with all of words. So we went through all the keywords we had (don’t do this on a full stomach folks) and added to the list and put it up.
How Did This Happen?
It appears that malware has been downloading to unsuspecting websites with a software update.
What Can You Do To Check Your Site?
A good place to start is Google Webmaster Tools and Google Analytics because (increasingly) Google is using the Google Webmaster Tools to inform webmasters of problems with their sites. If you see strange page names being accessed and keywords that do not relate to your site you very well may have a problem. If this is the case contact your hosting company AND check every file in every folder.