Earlier this year I commented on Matt Cutts SEO hacker prediction:
"Would you notice if a strange link appeared somewhere inside your
website? How long would it take you to see it? Hacking is a reality
for everyone in our industry at one time or another but this is one
that could be difficult to detect."
Well, his prediction was right on target. But if this happens to you, you will not notice any of the links the hackers install on your website — they are invisible. Our Drupal sites were hit a couple weeks ago and it has cost us plenty of time and energy to disinfect these websites.
Here is how it was done:
<div style="display:none">
<a href="http://www4.army.mil/otf/eCal.php?id=-106…26970743E/*&q=buy-vi*a*gra.htm">buy
v*ia*gra</a>
etc…
So if the links are invisible, what will you notice? If you are running adsense, you’ll notice advertisements for the products mentioned in the anchor text above. If you happen to be looking at your code, you may see hundreds of links like the one above on any given page.
How can you protect yourself?
- use a website monitoring service that checks your code for v*ia*gra and ci*a*lis
- keep the operating software on your servers perfectly up-to-date
- register with Google’s Webmaster tools and review it regularly
Although we were not notified by Google Webmaster tools, Matt Cutts says that they try to alert webmasters when they know you’ve been hacked. Here is a video of the presentation he made on the topic:
Job board software and technology is an important subject and one I will cover again. I know a job board owner who sold his business partly because of technology frustrations and another whose business failed when the servers crashed and there was no backup.
{ 3 comments }
It’s a brave new world we live in. I appreciate the looking out for the little guy. I deal with Job board software and technology on a daily and the aggravation. Now, we have to deal with hackers inside our websites opens up a new set of worries to think about. We need to constantly stress how important security issues are to companies that work online.
** ejs ** thanks Alex!
from Helping hacked sites:
Last night, I discovered that dozens of DNN dotnetnuke sites have been unknowingly hacked and then blessed with hidden links, many of which point to the current #1 site (in Google) for the search phrase “download movies.” Google had brought it to our attention by emailing a website owner notifying him that his site was about to be removed from Google for having an invisible link on it. The scale of this one particular SEO hacking job is pretty crazy. I’m sure that position (however long they’ve been at the top for related terms) has been worth a fortune. Makes you wonder how many other sites are out there which are being secretly milked.