Risks of hacking for a website

In the forum of Webmaster World, a long thread presents a summary of the various methods used by hackers to attack websites and divert traffic to their advantage.

Piratage

It is therefore necessary, from time to time, to check a number of points on the server with an FTP client.
I present also some tools to detect most of malware.

Hijackings, symptoms and solutions

Malicious script

Once the attacker has reached to obtain the access code to your site, you may expect a malicious script (a malware), hidden in one of your pages, the homepage more often, thanks to an iframe tag.

Against this, visit the Google webmaster tools. This type of attack is detected and displayed in the diagnosis section. It is also reported in results by search engines, simply search for you own site.

Robots.txt

This file can be modified by a competitor. He will prevent robots from search engines to index your pages!
It's easy to check it, type the URL of the robot from the browser:

    http://www.example.com/robots.txt 

There is only one robots.txt file (if any) and it is read at the root of the site by crawlers.

Cloaking

This hideous name refers to the act of placing content invisible to users, but seen by search engines. The goal is for a hacker to place promotional links to a doubtful site, and it is very damaging for SEO and the trust factor by Google and other search engines.

The parade is to use the Link Checker at command line with the -v option to display all external links or the Xenu Link Sleuth software.

.htaccess

This configuration file of the Apache server is very powerful because it gives full control on redirects and access to files.
An attacker can use it to redirect visitors to its own site. The effect will be visible as a decline in traffic.

We can not verify it from the browser, use an FTP client (like FreeFTP) to retrieve the file locally and view its contents. It must conform to the local copy or the copy provided by default with a CMS.

AdSense code replaced

The access to your pages also allows the attacker to replace the Adsense code in the scripts of your own pages. You will see an inevitable drop in income but if the attacker is smart, this may be difficult to detect.
Once a hacker is able to enter your website and change something in your files, he can start to change the client code on you ads and make incomes with your traffic. I have read such complaints in forums: "My incomes suddenly decrease, they are near zéro! what happens?".
The answer is: verify the code client on your ads.

The Adsense administering panel provides functions to impeach ads with your client code to be displayed on other websites, but there is not mean to empeach ads with client code of others to be displayed on your website (for now).

If the hacker is dumb, he does change the code on all ads to make a maximum of money and he will be discovered quickly, but if he is smart it may by more difficult to detect the hacking.
Suppose the thief enters on you website each night, when you are sleeping, change the Adsense client code with some script (they are very capable to write such scripts when a lot of money is at the end of the road) and at the aurora, comes again to your website and changes again the code to restore your client code. You will observe a drop in revenues but never you will know where is the origin of that.
To protect you against such hacking, a free PHP scripts is provided on Scriptol.com, under the Mozilla license: Adsense Checker can automatically check the AdSense code on all pages of your site.

Added scripts

The hacker may add scripts or change existing scripts on your site. The purpose of these malicious codes may be to use the site to send mass spams, or collect bank information from users of a commercial site.

Here again we have an open source PHP script to perform the checking: Script Checker. This program is aimed against smart hackers that could store some scripts on your website to change the content when they need. All the scripts on the site are compared with the original sources on a local directory on your computer. And also scripts (or other files) that are found on the site and not in the local source directory are also detected. Once again, nothing is written on the site.

If you are using a CMS, you must have a local copy of the code of it, downloaded from the author's site, to compare with the code online on the site.

With this two tools you should be able to protect your website against hackers. Run them from time to time, at different hours and any hacking will be surely detected.

Hacking DNS

This can happen with dedicated hosting or on a shared server. It may reditect a domain name to the IP of another site that was made to imitate the original.
Here too the result will be immediately visible in the form of reduced traffic, or drop in sales if the hacking is very selective.

You can make a report on the DNS with the online service DNS report.

Conclusion

Most hackings are simply detected by looking at the site. Others are in the source code and require checkers to verify them.
In any case, when in doubt, a precautionary approach is required: change the password ... Once the malware removed.

Reference Webmaster World, the complete discussion.