Several incidents have been reported in online forums lately regarding legitimate sites being hacked to promote pornographic content or pharmaceutical drugs. The M.O. of the hackers is to add offensive content to credible sites and then build links for these pages with appropriate keywords (in order to boost ranking and drive traffic to these pages) – which is intelligent and “SEO” friendly. What they are attempting here is to leverage the credibility of authentic sites to probably avoid Google Spam filters. And even though they would be eventually detected by Google; their objectives have already been met.
Ultimately, such incidents pose security and branding concerns and will also impact your ongoing campaign as WMT detects it almost immediately (as seen from the “Keywords relevant to your site” and “Links to your site – Anchor Text” reports). Not only does it skew the general content theme of your website but it also creates a very negative user experience.
Also, in case of Apache servers, it has been noticed that in some instances the hackers modify the .htaccess files (the files used to configure redirects) to add unauthorized redirects to sites containing offensive content which is hard to detect without expert tech support. Now this will bear a direct impact on your incoming traffic as visitors who attempt to land on such pages will be taken to the malicious site. There have also been cases where redirects specific to search bots and search referrers have been setup; which means that the hackers have intentionally attempted to divert your search traffic.
As a precautionary measure, I’d advise all of you to check if your site has any suspicious content and then change all passwords (FTP/CMS/cPanel) immediately (even if nothing is found).
What to do in case you find that your site has been hacked:
- Visit the Google SafeBrowsing diagnostics page for your site (http://www.google.com/safebrowsing/diagnostic?site=www.example.com) (replace www.example.com with the URL of your own site) to see specific information about what Google’s automatic scanners have found regarding occurrence of Malware
- Search if your site has been reported to have malware on Clearinghouse
- Scan your website files using an up-to-date AV program
- Clean up your content; remove any additional pages that were created, delete any extra lines of code and analyze your .htaccess files for presence of unwanted rules
- Update all access passwords
- Check if any additional FTP/CMS users (unauthorized) have been created and remove them
- For resources specific to WordPress, Joomla, Drupal sites read this knol article
- For examples of popular malicious scripts and how to deal with them see Stopbadware.org
- For those who can afford more secure hosting options, I would urge them to go ahead and purchase them. Also using SFTP in place of FTP does help