When I am doing research for competitor link profiles, I often see some websites which have been hacked by other blackhat SEO agencies which have inserted some code to provide links for other websites.
Normally the webmasters will not notice they have been hacked by looking at the website. The webpage layout will be the same as usual and just some hidden JS code will be inserted in the homepage.
Baidu will actually send an email to alert webmasters if Baidu thinks the site is hacked. The email will be sent to the email address that is used for the domain registration. Those blackhat SEO agencies normally use a tool to help them hack a group of websites.
Once they successfully hack the website, they will upload content and links that will benefit them. Baidu also gives 8 recommendations to all the webmasters to stay away from such trouble as follows:
1. If you use any open-source, change the default names. The blackhat SEO agencies normally use tools to scan files to figure out what technology you use.
2. Change the default usernames and passwords for admin. Use combinations of numbers, letters, and special characters for the password.
3. Keep updated with your website’s technology provider, download and install those new patches and security updates.
4. Close or restrict any unnecessary upload function.
5. Check if the website has any SQL security hole.
6. Check the server log regularly and see if there have been any suspicious visits to non front-end pages.
7. Check if there are any suspicious changes applied to files or pages.
8. Backup the website regularly. The website can be restored immediately once you find your website is hacked.