• Skip to main content
  • Skip to header left navigation
  • Skip to site footer
  • About Chris Garrett
  • Blog
  • Services
  • Contact
  • Websites
    • Maker Hacks
    • Retro Game Coders
    • D6 Combat
    • Healthy Foodie
    • York Next Generation Gaming Club
Chris Garrett

Chris Garrett

Build your business by sharing what you know

My Search Results were Hacked (How to Detect and Fix it)

Home » Blog » My Search Results were Hacked (How to Detect and Fix it)

Had your Google search result hijacked? There is a new website hack going around (well, new to me). Here is how to tell if you are hacked, and what to do to fix it!


TL;DR

If you just want to get to the punchline, the TL;DR is the hack targets your robots.txt file. Make sure it is clean and the permissions are set correctly.

For a while, my Maker Hacks site was doing well referring new customers to my favorite laser engraver via my Glowforge review.

Then all of a sudden, they stopped coming in.

Now, obviously, this is completely normal, search results pages change all the time, so I didn’t think anything of it until someone wanted the URL and out of laziness I did a Google search rather than grab the link directly from my blog … and I saw this weird thing:

That explains why my referrals dropped

Initially, I blamed Cloudflare or SiteGround’s caching. I mean, the page itself was fine.

Fortunately, my friend Hakan had seen this hack before.

Has my site been hacked?

If everything on your site looks fine but you are worried your search results were hijacked, you need to see what Google sees.

To check your search results, go to Google and enter:

    Site: http://your-site.com

Then see how your search results look.

Ugh 🙁

How to fix Google Search Results After a Google Search Hijack Hack

In my robots.txt there was a line inserted that tells search robots where to find an additional site map.

On my site they direct bots to check “/.well-known/acme-challenge/style/theme/upload/temp/temp/18.xml”

Deleting that entry, and setting the file to read-only (chmod 444, or remove write access using FTP), seems to have cleared it up, as well as nuking the entire “/.well-known/” folder.

Download the BizBudding Blogging Guide

Download the BizBudding Get Started Blogging PDF guide PLUS get my blogging advice in future newsletters

Download the Getting Started Guide

It Gets Worse: Check All Your Sites

Once one website in a hosting account has been compromised, you can not trust any of them. You need to check every site your account has access to.

Unfortunately, all the sites on my hosting account, including this one, were impacted, which makes me believe one of them (they are not all mine) had a bad plugin, insecure theme or other vulnerability.

So I have asked that the other sites get their own host, and have signed up to Sucuri so they can keep an eye out rather than have to check all the time myself!

Category: DevelopmentTags: Featured Articles, seo

Copyright © 2023 · Chris Garrett ·
All Rights Reserved

Powered by Mai Theme

  • Blogging
  • Marketing
  • Business
  • Productivity
  • Writing
  • Development
  • Reviews
  • News