Often when your rankings go down you look at many causes, but XSS (Cross Site Scripting) isn’t usually one of them. If you have a free form text area, like a search box on your site, and your server’s security hasn’t been updated in awhile, you could be vulnerable to an attack.
A great way to check to see if you have had any hidden links injected into your site is to do searches in Google. The five I do are:
site:domain.com porn
site:domain.com casino
site:domain.com XXX
site:domain.com viagra
site:domain.com sex
Note: The above five are the most common terms used by spammers, but be sure to sub your domain for “domain.com”.
If the search results come back with content you didn’t put into your site, you’ve fallen victim.
Here’s what to do:
1) Contact Your Host: request a security upgrade, which can often mean an upgrade of CPanel.
2) Change Your Password: never use a word found in the dictionary.
3) Remove the hidden links from your page(s).
4) Submit a re inclusion request to Google through your Google Webmaster account.
Hope this helps you.
