Baidu snapshot hijacking tutorial, sharing of real cases of Baidu snapshot hijacking!

Maybe some friends still don’t know what “Baidu snapshot hijacking” means? Then let me explain to you first: Baidu snapshot hijacking means that the search engine captures the snapshot of a normal website, but after entering the website by searching for keywords, another kind of content is displayed. To put it bluntly, the website seen by people and the website seen by the search engine are different.

Baidu snapshot hijacking tutorial, sharing of real cases of Baidu snapshot hijacking!

Recently, one of my clients came to me for urgent help, saying that his website had been hacked. After opening the website, the content had been tampered with and displayed gambling information. There is no problem opening it by directly entering the domain name in the address bar. But when I searched the keyword "Hongxiang Building Materials" on Baidu, I found that it was just as he said. After entering, all I saw were gambling advertisements.

At first, the original title and description were displayed in the search results:

The search results seemed normal, but when I clicked on it, I found that the website domain had jumped to a website full of gambling ads:

This is the most typical case of Baidu website hijacking. In fact, don’t panic if your website is hijacked by Baidu snapshots. This problem is not that complicated to solve. Let me tell you how I solved it.

Once a website encounters a snapshot hijack, the first reaction is to systematically check the website code. Once suspicious code is found, it will be diagnosed and detected immediately and a decisive action will be taken. I checked the source code and found a very unusual piece of code on the website:

After careful analysis, I confirmed that this code was added by the hacker, so I quickly deleted it, and the website returned to normal. Here I want to remind everyone that after deleting these junk codes, we must clear the browser history or press Ctrl+F5 to force refresh the browser to see the effect. The reason why I want to emphasize this as a reminder is because I have suffered losses. As for what the losses were, you can imagine it yourself: I checked over and over again and did not find any problems. In the end, I suddenly realized that it was because of the browser cache.

As for how we can quickly find the files where hackers have implanted attack codes, I will tell you a simple method, which is to check the modification time of the website files, some files with the most recent modification time that you have not touched, then you can look for them here. You can also download several other files separately and then use the editor to search globally, so that we can easily find the specific files with implanted codes.

In addition, if there are some suspicious files in the root directory of the website, and you can be sure that you did not actively add them, then you must check these files carefully. Furthermore, it is best to set our website backend login password and server password to a more difficult level to avoid being easily hacked.

Although the Baidu snapshot hijacking of the website has been resolved, it was discovered too late. Baidu also updated the snapshot while I was checking to solve the problem. Of course, this can only be regarded as Baidu's snapshot cache, so the following situation appeared:

After the problem was solved, there was no problem entering the website through Baidu search keywords. The website has returned to normal, and all that remains is to restore the Baidu snapshot. I have also made a Baidu snapshot complaint about this issue, and I believe the website will be fully restored in the near future.

Therefore, in order to avoid this problem, we'd better pay more attention to our own websites and take it as a warning. Do a good job in protecting the website security. At the same time, we also hope that webmaster friends will not maliciously attack other people’s websites, because it is not easy for everyone!