Home/Allgemein/Hacked? How to identify spam on your website

Hacked? How to identify spam on your website

The own website flooded with spam – an unbearable condition. How do you identify spam caused by a hacking attack? We will show you a way how we identified spam on a WordPress installation.

Identifying spam on a website

Spam on a website describes the condition when unwanted, normally electronically transfered messages are placed at the own WWW-adress. Specific example case: you find subpages on your website you did not create. Those pages hyperlink to other websites, mostly Viagra- or other advertising pages. Your website was hacked.

Recognising suspicious sites through XOVI

By accident a www-site revealed itself on XOVI by skyrocketing. The following illustration shows the website indexation, strong growth of the OVI, keywords and rankings.


Screenshot: XOVI Suite

The illustration is deceiving – the (negative) strong OVI increase


Screenshot: XOVI Verlauf OVI, Keywords, Rankings

Observing keywords clarifies the perdition


Screenshot: XOVI Keywords

The suspicious spamsites were identified at the /stranger and /teaching paths. Thematically the keywords do not match at all with the affected website. The contaminated website had 11.800 pages at Google Index.

Overlooking Google Webmaster Tools for the case above illustrates the increase of clicks and impressions which indicates that in a short period of time a lot of new pages of the attacked www-site were admitted amongst the search results of Google (subscripted at the top 100). Keywords such as impotence treatment from the tube, slidenafil dosage body weight, purchasing Voltaren Resinat without recipe, slidenafil Ratiopharm 100mg non-prescription or other rubbish are only same examples of needless clicks on the www-site.


Screenshot: Google Webmaster Tools

Immediate action is indispensable: Now it is working again.


Screenshot: Google Webmaster Tools

If you want to protect your WordPress site from malware or check your site on spam we gladly help you with help and advice. Call us at 0049 711 62 041 511. Affected people should react quickly and adopt measures. Following provisions can be done immediately.

1. Check if your website is contaminated with spam

Type the following into the Google search window:


According to the results and the amount of results you can see if contaminated subsites were placed on your website. A small website e.g. with 40 pages will exhibit several thousand pages if contaminated.

Here the example from the UPON website: site: 206 results indicates that the website doesnt contain any suspicious spam sites as the UPON website currently contains 206 pages.


Screenshot: Google Suche (site:

2. Delete suspicious schedules from your server

If you are affected you need to server access. With FileZilla you can access your FTP Server. The contaminated pages in the folder mentioned above have tob e deleted here and your system shifted onto a secure version.