What is Content Injection?
Content injection is also referred to as Content spoofing. This means that a hacker has added spammy links or text to your website pages. Hackers present a faked and modified website to the users as if it were authorized, when the user searches for queries the content that is delivered to the user is different from what was presented to the search engine, this also referred to as cloaking. The intent is typically to gain traffic over on other website which has good traffic.
How to confirm that my website is hacked by content injection?
Check your webmaster security regularly if your website is hacked by any hacking methods and it will notify here and suggest you to how to resolve the issue.
Use Fetch as Google in the webmaster tools as the benefit of using this is when you render your page, you can see the page on your site as how the Google machine sees it. This is helpful since many hackers make changes to website that are able to be perceived only to Google machines
In Search bar type site:www.domainname.com the results title and description may not be yours but website URL is yours , that it will redirect to the hackers website.
How to solve?
1. One of the foremost thing to do is to have a “clean” backup of your website, so you can restore it from that.
2. You can also check all .htaccess files, index.php files and any include files or theme files that you may be using. This will depend on which platform you are running the website which includes wordpress, joomla, osCommerce, etc.
3. Also, check above your web directory (usually above public_html, httpdocs, html, etc) for an .htaccess file that will override anything in your web directory.
4. Evacuate any code that you find in your "genuine" records that matches any of the the below :
a. “eval(base64_decode(…..”
b. “edoced_46esab…”
c. “getMama…”
d. “115,99,114,105,112,116….”
e. “document.write(‘
5. Look for any php files in any image, css, upload, download, etc directories that would not normally have a php file in them. Check the document substance for base64 strings and which points to it being a php shell, for example, "FilesMan", "c999sh". If you find any file matches with this, Then DELETE THEM.
6. Change your cPanel and FTP passwords.
7. If your site is not secured then you can have a HTTPS site to avoid this kind of hacking in future.
8. Go to webmaster tool and fetch as google all your pages.
Conclusion
Content injection attacks are very common and they are a serious threat. As long as we are aware of the problem and are prepared to solve it as fast as possible with the right methods, we can manage and handle this issue. The above mentioned methods should be able to resolve the situation as a quick fix. It is recommended that you keep a check on your websites on a regular basis to monitor them for any suspicious activity.