{"id":1151,"date":"2021-07-21T06:36:13","date_gmt":"2021-07-21T11:36:13","guid":{"rendered":"https:\/\/www.knownhost.com\/kb\/?p=1151"},"modified":"2022-03-11T12:32:29","modified_gmt":"2022-03-11T18:32:29","slug":"how-to-know-if-your-sites-been-hacked","status":"publish","type":"post","link":"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/","title":{"rendered":"How to know if your site&#8217;s been hacked"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 ez-toc-wrap-right counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #212121;color:#212121\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #212121;color:#212121\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#signs_youve_been_hacked\" >Signs You&#8217;ve Been Hacked<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#unexpected_listings_when_spot-checking_search_results\" >Unexpected Listings When Spot-Checking Search Results<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#google_alerts_you\" >Google Alerts You<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#diagnosing\" >Diagnosing:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#notes\" >Notes:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#web_hosting_company_alerts_you\" >Web Hosting Company Alerts You<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#diagnosing-2\" >Diagnosing:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#complaints_about_email_not_being_received\" >Complaints About Email Not Being Received<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#diagnosing-3\" >Diagnosing<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#website_stops_responding\" >Website Stops Responding<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#diagnosing-4\" >Diagnosing:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#website_pages_redirect_unexpectedly\" >Website Pages Redirect Unexpectedly<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#diagnosing-5\" >Diagnosing:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#you_receive_a_ransom_message_%e2%80%93_hacker_says_youre_hacked\" >You Receive a Ransom Message &#8211; Hacker Says You&#8217;re Hacked<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#diagnosing-6\" >Diagnosing:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#diagnosing-7\" >Diagnosing:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#more_things_you_can_do\" >More Things You Can Do<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#check_for_hacked_site_data_leaks\" >Check for Hacked Site Data Leaks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#diagnosis\" >Diagnosis:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#stay_updated_%e2%80%93_patchman\" >Stay Updated &#8211; Patchman<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#proactive_monitoring\" >Proactive Monitoring<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#csflfd\" >CSF\/LFD<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#absorb_what_is_useful\" >Absorb What is Useful<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#handy_tools\" >Handy Tools<\/a><\/li><\/ul><\/nav><\/div>\n\n<p>The moment every site owner dreads &#8211; learning that their site has been hacked. Given the number of automated hacking tools in circulation, it&#8217;s no wonder that there aren&#8217;t more sites suffering this fate. If you&#8217;re wondering whether or not your site has been hacked, then read on to learn about some of the most common signs and symptoms and how you can confirm whether or not you&#8217;ve been hacked.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"signs_youve_been_hacked\"><\/span>Signs You&#8217;ve Been Hacked<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"unexpected_listings_when_spot-checking_search_results\"><\/span>Unexpected Listings When Spot-Checking Search Results<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Regularly taking a few minutes to spot-check how your site looks in search results is a prudent practice for site owners. Automated rank-checkers are one good way of staying on top of pages moving up or down in rankings, but there&#8217;s more.<\/p>\n\n\n\n<p>It&#8217;s a good idea to invest a couple of minutes on a regular basis to just visit Google and enter the following in the search box: site:knownhost.com (replacing knownhost.com with your own domain).<\/p>\n\n\n\n<p>If you notice some odd pages that you don&#8217;t recognize in the results, particularly ones with nonsensical titles or descriptions, you know that further investigation is required.<\/p>\n\n\n\n<p>Pop the site into Google Safe Browsing and see if it reveals anything (again replace with your own domain):&nbsp;<a href=\"https:\/\/transparencyreport.google.com\/safe-browsing\/search?url=knownhost.com\">transparencyreport.google.com\/safe-browsing\/search?url=knownhost.com<\/a><\/p>\n\n\n\n<p>You may also notice that the Google search results pointing to your site may have warning messages by the&nbsp;URL&nbsp;such as, &#8220;This site may be hacked&#8221; or &#8220;This site may harm your computer&#8221;.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"google_alerts_you\"><\/span>Google Alerts You<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>There are plenty of reasons to sign-up for Google Search Console, including the fact that you can login and check the Security Issues section of your dashboard to find example URLs which Google has flagged as likely being hacked. Email alerts mean you don&#8217;t have to login quite as often.<\/p>\n\n\n\n<p><strong>Cloaking<\/strong>&nbsp;&#8211; is where assorted site users see different content. Most often this is done to serve hacked content to Google but normal content to human visitors so that Google will display the hacked page titles and meta descriptions in search results.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"diagnosing\"><\/span>Diagnosing:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Google reported issues means checking the URLs in alerts and the Security Issues section of Search Console as well as using the&nbsp;<a href=\"https:\/\/www.youtube.com\/watch?v=Pe_-TkdbXN0&amp;list=PLKoqnv2vTMUOnQn-lNDfT38X9gA_CHxTo&amp;index=5\">URL Inspection Tool<\/a>&nbsp;in Search Console as well to look for problems (even when you don&#8217;t see them in your own browser).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"notes\"><\/span>Notes:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>don&#8217;t ignore the alerts after visiting URLs reported by Google and not seeing any problems, since hackers frequently use cloaking techniques<\/li><li>Google isn&#8217;t the only search engine that gets targeted or that offers tools for managing issues &#8211;&nbsp;<a href=\"https:\/\/www.bing.com\/toolbox\/webmaster\">Bing Webmaster Tools<\/a>&nbsp;is another place to get signed up<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"web_hosting_company_alerts_you\"><\/span>Web Hosting Company Alerts You<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>It&#8217;s not great to receive an alert that your web hosting account has exceeded resources, particularly when you later find that it wasn&#8217;t because of the&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Slashdot_effect\">Slashdot Effect<\/a>, but rather due to the site being hacked.<\/p>\n\n\n\n<p>If you&#8217;ve found that bandwidth, memory, CPU cycles, I\/O or other monitored resources have been exhausted, it&#8217;s time to quickly find the culprit.<\/p>\n\n\n\n<p>Regularly logging in to cPanel and glancing down at your resource consumption on the dashboard homepage will give you a chance to notice issues before they become account-busters!<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"diagnosing-2\"><\/span>Diagnosing:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>If you have multiple domains in the account, login to cPanel and check Metrics \u2192 Bandwidth to find which ones are using the most, then check Metrics \u2192 Visitors and select that domain report. If you only have one domain, go straight to Metrics \u2192 Visitors and select the report.<\/p>\n\n\n\n<p>This report will be showing you what resources are being requested most recently. When you see a flurry of activity around something you didn&#8217;t create, it&#8217;s time to act.<\/p>\n\n\n\n<p>KnownHost customers can contact technical support for assistance in this situation. You&#8217;re not alone.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"complaints_about_email_not_being_received\"><\/span>Complaints About Email Not Being Received<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Email spam is just as much a threat as web pages and both are part of your online presence. If ecommerce order confirmation or acknowledgement\/thank you emails aren&#8217;t being delivered (or people are complaining about not receiving them anyway), that&#8217;s a sign of email deliverability issues.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"diagnosing-3\"><\/span>Diagnosing<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>When domains or IP addresses are reported for sending spam, real-time spam blacklists can flag a sender, resulting in companies, network providers and internet service providers stopping email getting to the intended recipients. Which blacklist is determined by who reported the spam and how.<\/p>\n\n\n\n<p>The key is finding whether you&#8217;re on a blacklist so that you can stop the spam and notify the blacklists that you&#8217;ve fixed the problem.<\/p>\n\n\n\n<p>UltraToolbox and MxToolbox are free online tools that let you check multiple blacklists in one fell swoop. Links to both are below in the Handy Tools section.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"website_stops_responding\"><\/span>Website Stops Responding<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Distributed Denial of Service (DDoS) attacks can paralyze a website through the flood of requests being launched from assorted devices simultaneously. Sites can freeze, go offline and become open to compromise.<\/p>\n\n\n\n<p>See&nbsp;<a href=\"https:\/\/www.knownhost.com\/ddos-protection\">how KnownHost protects customers from DDoS attacks<\/a>, read more about&nbsp;<a href=\"https:\/\/www.knownhost.com\/blog\/ddos-protection-resources\/\">how DDoS attacks work<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/www.knownhost.com\/blog\/know-getting-hit-ddos-attack\/\">how to know if it&#8217;s a DDoS attack<\/a>&nbsp;responsible for the server not responding.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"diagnosing-4\"><\/span>Diagnosing:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>If your site is not responding and you can&#8217;t get logged in to check resources and logs, contact KnownHost support immediately. DDoS attacks are taken very seriously. Don&#8217;t forget to check out the above guide on how to know if it&#8217;s a DDoS attack.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"website_pages_redirect_unexpectedly\"><\/span>Website Pages Redirect Unexpectedly<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>When people trust a website thanks to a long, successful relationship, they&#8217;re likely to click on links throughout the site without even giving them a second thought. That&#8217;s what hackers are hoping to capitalize on when they change links in the site so they point to some advert, spam, malware or other unsavory destination.<\/p>\n\n\n\n<p>Running a regular crawl of your website can help you identify broken links (internal and external), 404 pages and bad redirects.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"diagnosing-5\"><\/span>Diagnosing:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>When you or the crawler notice that your links aim somewhere offsite, that&#8217;s one way of uncovering a hack. Another is when you look at analytics, like Google Analytics, and see that the time on page and other metrics are very different from a week, month or year ago.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"you_receive_a_ransom_message_%e2%80%93_hacker_says_youre_hacked\"><\/span>You Receive a Ransom Message &#8211; Hacker Says You&#8217;re Hacked<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>In a high percentage of cases, this isn&#8217;t true at all, but rather an attempt to extort money from you via social engineering. Checkout our explainer about&nbsp;<a href=\"https:\/\/www.knownhost.com\/kb\/blackmail-email-scams\/\">blackmail email scams<\/a>&nbsp;on the KnownHost blog.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"diagnosing-6\"><\/span>Diagnosing:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>It probably isn&#8217;t a scam if you find that your email password has been changed without your consent, if you&#8217;re seeing password reset notifications, or unexpected emails in your sent folder.<\/p>\n\n\n\n<p>Two-factor authentication is getting to be must-have technology as are unique, strong passwords.<\/p>\n\n\n\n<p>On the other side of the coin, ransomware has gone wild in the last couple of years. Organizations large and small are suffering from data being stolen or getting locked out of their systems with demands for payment to unlock them (or return the data).<\/p>\n\n\n\n<p>These are the times when you&#8217;ll be glad you&#8217;ve got regular, complete backups and a disaster recovery plan that includes wiping and reinstalling everything.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"diagnosing-7\"><\/span>Diagnosing:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>If confidential information has been included, you can verify the authenticity of the ransom demand. If your website has been defaced, email database spammed, system passwords changed or other key assets control lost, it&#8217;s likely you&#8217;ve got a real issue.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"more_things_you_can_do\"><\/span>More Things You Can Do<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"check_for_hacked_site_data_leaks\"><\/span>Check for Hacked Site Data Leaks<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>It&#8217;s entirely possible that some of your data has been stolen by hackers who accessed databases of sites you&#8217;ve used. Some of these breaches have occurred on huge sites like Dropbox, LinkedIn, tumblr, Adobe, Trillian, Bitcoin Talk and too many more to list.<\/p>\n\n\n\n<p>Using the same password on multiple sites is one way that hackers can use leaked login details for additional hacking of someone&#8217;s online presence. If your primary email gets compromised then password resets at many sites can be done by hackers, exponentially increasing their impact.<\/p>\n\n\n\n<p>If you&#8217;re using the same password for your hosting account admin pages, cPanel, databases or other critical systems as one used on a breached site, the risks to your site are tremendous.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"diagnosis\"><\/span>Diagnosis:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Check&nbsp;<a href=\"https:\/\/haveibeenpwned.com\/\">sites which have acquired leaded breach data<\/a>&nbsp;and run your email addresses through the checker to see which sites, if any, have your profile details.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"stay_updated_%e2%80%93_patchman\"><\/span>Stay Updated &#8211; Patchman<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>A huge percentage of hacks occur because content management systems haven&#8217;t had security patches applied in a timely manner.<\/p>\n\n\n\n<p>If you opt for Patchman with your hosting account, automatic patching will be done for common apps like WordPress, Joomla, Drupal and osCommerce.<\/p>\n\n\n\n<p>Besides checking for vulnerabilities and malware, Patchman checks for any outdated software on your account. For a couple of dollars per month,&nbsp;<a href=\"https:\/\/www.knownhost.com\/blog\/patchman-now-available\/\">Patchman<\/a>&nbsp;is high-value protection.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"proactive_monitoring\"><\/span>Proactive Monitoring<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>VPS and dedicated hosting customers should definitely consider choosing proactive monitoring for their account.<\/p>\n\n\n\n<p>By receiving&nbsp;<a href=\"https:\/\/www.knownhost.com\/kb\/proactive-monitoring\/\">automatic alerts about all the monitored resources<\/a>, you&#8217;ll never be caught unaware of an issue. Equally important, the system also automatically opens a ticket with tech support so that the situation gets rectified quickly.<\/p>\n\n\n\n<p>Check out our blog coverage of the&nbsp;<a href=\"https:\/\/www.knownhost.com\/blog\/15-ways-proactive-monitoring\/\">15 ways proactive monitoring works<\/a>&nbsp;for more details.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"csflfd\"><\/span>CSF\/LFD<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Combining a Stateful Packet Inspection (SPI) firewall with intrusion detection and login activity monitoring, ConfigServer Security &amp; Firewall (CSF) with Login Failure Daemon (LFD) is more than just monitoring and alerts.<\/p>\n\n\n\n<p>LFD features automated IP blocking of detected attackers, login brute force attempts, port scanners and loads more. It&#8217;s a&nbsp;<a href=\"https:\/\/www.knownhost.com\/kb\/introduction-to-csf-lfd-notifications\/\">great open source security measure<\/a>&nbsp;for VPS users.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"absorb_what_is_useful\"><\/span>Absorb What is Useful<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Visit the KnownHost blog, forums and wiki and brush up on your security knowledge including best practices in securing your sites and hosting account, key terminology, how to protect and where to turn for more details or assistance.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Blog &#8211;\u00a0<a href=\"https:\/\/www.knownhost.com\/blog\/cat\/security\/\">www.knownhost.com\/blog\/cat\/security\/<\/a><\/li><li>Forums &#8211;\u00a0<a href=\"https:\/\/www.knownhost.com\/forums\/forums\/security.31\/\">www.knownhost.com\/forums\/forums\/security.31\/<\/a>\u00a0<\/li><li>Knowledge Base &#8211; https:\/\/www.knownhost.com\/kb\/?s=security<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"handy_tools\"><\/span>Handy Tools<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Google Hacked Sites Troubleshooter &#8211;&nbsp;<a href=\"https:\/\/support.google.com\/webmasters\/troubleshooter\/6155978?hl=en\">support.google.com\/webmasters\/troubleshooter\/6155978?hl=en<\/a><\/p>\n\n\n\n<p>Google Search Console Security Issues Report &#8211;&nbsp;<a href=\"https:\/\/search.google.com\/search-console\/security-issues\">search.google.com\/search-console\/security-issues<\/a><\/p>\n\n\n\n<p>Google Safe Browsing Transparency Report &#8211;&nbsp;<a href=\"https:\/\/transparencyreport.google.com\/safe-browsing\/search\">transparencyreport.google.com\/safe-browsing\/search<\/a><\/p>\n\n\n\n<p>IsItHacked Multi-Hack Checker &#8211;&nbsp;<a href=\"http:\/\/isithacked.com\/\">isithacked.com<\/a><\/p>\n\n\n\n<p>MxToolbox Blacklist Checker &#8211;&nbsp;<a href=\"https:\/\/mxtoolbox.com\/blacklists.aspx\">mxtoolbox.com\/blacklists.aspx<\/a><\/p>\n\n\n\n<p>Sucuri SiteCheck &#8211;&nbsp;<a href=\"https:\/\/sitecheck.sucuri.net\/\">sitecheck.sucuri.net\/<\/a><\/p>\n\n\n\n<p>MxToolBox Blacklist Check &#8211;&nbsp;<a href=\"https:\/\/mxtoolbox.com\/blacklists.aspx\">mxtoolbox.com\/blacklists.aspx<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The moment every site owner dreads &#8211; learning that their site has been hacked. Given the number of automated hacking tools in circulation, it&#8217;s no wonder that there aren&#8217;t more sites suffering this fate. If you&#8217;re wondering whether or not your site has been hacked, then read on to learn about some of the most [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[94],"tags":[221,220,223,165,222],"class_list":["post-1151","post","type-post","status-publish","format-standard","hentry","category-common-issues","tag-compromised","tag-hacked","tag-malicious","tag-malware","tag-spamming"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to know if your site&#039;s been hacked - KnownHost<\/title>\n<meta name=\"description\" content=\"Do you thing your site has been hacked? In this guide we will show you how to find out if your website has been compromised or not.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to know if your site&#039;s been hacked - KnownHost\" \/>\n<meta property=\"og:description\" content=\"Do you thing your site has been hacked? In this guide we will show you how to find out if your website has been compromised or not.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/\" \/>\n<meta property=\"og:site_name\" content=\"KnownHost\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-21T11:36:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-11T18:32:29+00:00\" \/>\n<meta name=\"author\" content=\"Jonathan K. W.\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jonathan K. W.\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-to-know-if-your-sites-been-hacked\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-to-know-if-your-sites-been-hacked\\\/\"},\"author\":{\"name\":\"Jonathan K. W.\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/3db6e20d1f33519cd68fe0ba1230a48b\"},\"headline\":\"How to know if your site&#8217;s been hacked\",\"datePublished\":\"2021-07-21T11:36:13+00:00\",\"dateModified\":\"2022-03-11T18:32:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-to-know-if-your-sites-been-hacked\\\/\"},\"wordCount\":1734,\"keywords\":[\"compromised\",\"hacked\",\"malicious\",\"malware\",\"spamming\"],\"articleSection\":[\"Common Issues\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-to-know-if-your-sites-been-hacked\\\/\",\"url\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-to-know-if-your-sites-been-hacked\\\/\",\"name\":\"How to know if your site's been hacked - KnownHost\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/#website\"},\"datePublished\":\"2021-07-21T11:36:13+00:00\",\"dateModified\":\"2022-03-11T18:32:29+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/3db6e20d1f33519cd68fe0ba1230a48b\"},\"description\":\"Do you thing your site has been hacked? In this guide we will show you how to find out if your website has been compromised or not.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-to-know-if-your-sites-been-hacked\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-to-know-if-your-sites-been-hacked\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/how-to-know-if-your-sites-been-hacked\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to know if your site&#8217;s been hacked\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/\",\"name\":\"KnownHost\",\"description\":\"KnownHost provides a comprehensive webhosting knowledge base to help answer many of your common webhosting and linux questions.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.knownhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/3db6e20d1f33519cd68fe0ba1230a48b\",\"name\":\"Jonathan K. W.\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g\",\"caption\":\"Jonathan K. W.\"},\"sameAs\":[\"https:\\\/\\\/www.knownhost.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to know if your site's been hacked - KnownHost","description":"Do you thing your site has been hacked? In this guide we will show you how to find out if your website has been compromised or not.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/","og_locale":"en_US","og_type":"article","og_title":"How to know if your site's been hacked - KnownHost","og_description":"Do you thing your site has been hacked? In this guide we will show you how to find out if your website has been compromised or not.","og_url":"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/","og_site_name":"KnownHost","article_published_time":"2021-07-21T11:36:13+00:00","article_modified_time":"2022-03-11T18:32:29+00:00","author":"Jonathan K. W.","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jonathan K. W.","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#article","isPartOf":{"@id":"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/"},"author":{"name":"Jonathan K. W.","@id":"https:\/\/www.knownhost.com\/kb\/#\/schema\/person\/3db6e20d1f33519cd68fe0ba1230a48b"},"headline":"How to know if your site&#8217;s been hacked","datePublished":"2021-07-21T11:36:13+00:00","dateModified":"2022-03-11T18:32:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/"},"wordCount":1734,"keywords":["compromised","hacked","malicious","malware","spamming"],"articleSection":["Common Issues"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/","url":"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/","name":"How to know if your site's been hacked - KnownHost","isPartOf":{"@id":"https:\/\/www.knownhost.com\/kb\/#website"},"datePublished":"2021-07-21T11:36:13+00:00","dateModified":"2022-03-11T18:32:29+00:00","author":{"@id":"https:\/\/www.knownhost.com\/kb\/#\/schema\/person\/3db6e20d1f33519cd68fe0ba1230a48b"},"description":"Do you thing your site has been hacked? In this guide we will show you how to find out if your website has been compromised or not.","breadcrumb":{"@id":"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.knownhost.com\/kb\/how-to-know-if-your-sites-been-hacked\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.knownhost.com\/kb\/"},{"@type":"ListItem","position":2,"name":"How to know if your site&#8217;s been hacked"}]},{"@type":"WebSite","@id":"https:\/\/www.knownhost.com\/kb\/#website","url":"https:\/\/www.knownhost.com\/kb\/","name":"KnownHost","description":"KnownHost provides a comprehensive webhosting knowledge base to help answer many of your common webhosting and linux questions.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.knownhost.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.knownhost.com\/kb\/#\/schema\/person\/3db6e20d1f33519cd68fe0ba1230a48b","name":"Jonathan K. W.","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f432b99e6651fe8d1deb57a285bd84e806f1c9ae8b4c6c585d7e3a0b33789ad9?s=96&d=mm&r=g","caption":"Jonathan K. W."},"sameAs":["https:\/\/www.knownhost.com"]}]}},"_links":{"self":[{"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/posts\/1151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/comments?post=1151"}],"version-history":[{"count":0,"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/posts\/1151\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/media?parent=1151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/categories?post=1151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.knownhost.com\/kb\/wp-json\/wp\/v2\/tags?post=1151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}