Earlier this year I commented on Matt Cutts SEO hacker prediction:
"Would you notice if a strange link appeared somewhere inside your website? How long would it take you to see it? Hacking is a reality for everyone in our industry at one time or another but this is one that could be difficult to detect."
Well, his prediction was right on target. But if this happens to you, you will not notice any of the links the hackers install on your website -- they are invisible. Our Drupal sites were hit a couple weeks ago and it has cost us plenty of time and energy to disinfect these websites.
Here is how it was done:
<div style="display:none"><a href="http://www4.army.mil/otf/eCal.php?id=-106...26970743E/*&q=buy-vi*a*gra.htm">buy v*ia*gra</a>
etc...
So if the links are invisible, what will you notice? If you are running adsense, you'll notice advertisements for the products mentioned in the anchor text above. If you happen to be looking at your code, you may see hundreds of links like the one above on any given page.
How can you protect yourself?
- use a website monitoring service that checks your code for v*ia*gra and ci*a*lis
- keep the operating software on your servers perfectly up-to-date
- register with Google's Webmaster tools and review it regularly
Although we were not notified by Google Webmaster tools, Matt Cutts says that they try to alert webmasters when they know you've been hacked. Here is a video of the presentation he made on the topic:
Job board software and technology is an important subject and one I will cover again. I know a job board owner who sold his business partly because of technology frustrations and another whose business failed when the servers crashed and there was no backup.
