Sadly, it is not uncommon to hear of a site that has recently been hacked. Google frequently has to deal with sites that get hacked and code gets injected into the site. If that happens, Google sometimes has to delist the site from showing in their index, because it harms the quality of their search results.
This has happened with Jennifer Convertibles, where I documented each step on the process and what exactly happened. It was a great learning experience and I was happy to share it with everyone. But it has also happened to our friends, including Search Engine Journal, DigitalPoint Forums, Google, ShoeMoney, WebWorkShop and even Al Gore. Sometimes we even think that some hacks are fake are are keen link building hack ideas, but in that case, it was not.
So what does Google recommend? Googler, Berghausen, gave one user this advice:
- You're running Apache. Check all your .htaccess files for code that doesn't belong there. Get rid of it.
- Look for scripts [usually php] that you did not write. Get rid of those, if you can. Sometimes permissions get hacked in unfriendly ways, so you may need to contact your host for help. Make sure to look for hidden files and files whose names start with ., too.
- Call your webhost and have them check the directories above your site for sketchy files if you are on virtual hosting.
- If you are running a CMS, image gallery, forum, or any other open source CGI application on your site, make sure it's up to date. Hackers often take advantage of known security holes in open source software by attacking sites that have not kept their CMS up to date.
- You're also running cpanel. Have your host make sure it too is up- to-date. cPanel hacks can be nigh impossible to clean up with normal login permissions, so you will almost assuredly need your host's help to get rid of the injected scripts if this is the case.
I also have a post on How to restore your Google rankings after a hack.
Forum discussion at Google Groups.