Once a domain has been authenticated (either by email or placing the file on the server) - Hacked or Not will perform a number of scans gathering as much information as possible so it can determine if the website is Hacked Or Not.
Scans are performed over a period of time so we don't cause any problems with your server such as high server load.
On the first scan - we gather the following from the websites home page:
- What CMS the website is using
- What version the website is using
With this scan - Hacked or Not gets the following:
- All Internal and External URLs (from the home page)
With those links - Hacked or Not performs a number of tests looking for any content that shouldn't be there such as;
- payday loans
- poker/gaming sites
With this scan - we look for any files that we call 'known hacker files'. Over the years we have encountered a large number of hacker files that we have added to our database of 'known hacker files'. Unfortunately CMS's route the majority of requests through their 'index.php' and don't send out the correct 404 headers - for that reason, Hacked or Not doesn't rely solely on this scan to determine if the site is hacked.
When Hacked or Not performed Step 2 - a number of URLs are stored for Hacked or Not to scan - those links are then scanned at this stage. We look for the same 'bad content' and any HTML differences from what a human visitor sees compared to an automated crawler bot such as GoogleBot.
This step takes all the data that Hacked or Not has gathered within the previous steps and makes a judgement whether the website is Hacked or Not.