Had your Google search result hijacked? There is a new website hack going around (well, new to me). Here is how to tell if you are hacked, and what to do to fix it!
TL;DR
If you just want to get to the punchline, the TL;DR is the hack targets your robots.txt file. Make sure it is clean and the permissions are set correctly.
For a while, my Maker Hacks site was doing well referring new customers to my
Then all of a sudden, they stopped coming in.
Now, obviously, this is completely normal, search results pages change all the time, so I didn’t think anything of it until someone wanted the URL and out of laziness I did a Google search rather than grab the link directly from my blog … and I saw this weird thing:
Initially, I blamed Cloudflare or SiteGround’s caching. I mean, the page itself was fine.
Fortunately, my friend Hakan had seen this hack before.
Has my site been hacked?
If everything on your site looks fine but you are worried your search results were hijacked, you need to see what Google sees.
To check your search results, go to Google and enter:
Site: http://your-site.com
Then see how your search results look.
How to fix Google Search Results After a Google Search Hijack Hack
In my robots.txt there was a line inserted that tells search robots where to find an additional site map.
On my site they direct bots to check “/.well-known/acme-challenge/style/theme/upload/temp/temp/18.xml”
Deleting that entry, and setting the file to read-only (chmod 444, or remove write access using FTP), seems to have cleared it up, as well as nuking the entire “/.well-known/” folder.
Download the BizBudding Blogging Guide
Download the BizBudding Get Started Blogging PDF guide PLUS get my blogging advice in future newsletters
It Gets Worse: Check All Your Sites
Once one website in a hosting account has been compromised, you can not trust any of them. You need to check every site your account has access to.
Unfortunately, all the sites on my hosting account, including this one, were impacted, which makes me believe one of them (they are not all mine) had a bad plugin, insecure theme or other vulnerability.
So I have asked that the other sites get their own host, and have signed up to Sucuri so they can keep an eye out rather than have to check all the time myself!