Hackers Are Smarter: SEOs, Be Prepared

Apr 5, 2013 • 8:32 am | comments (18) by twitter Google+ | Filed Under Google Search Engine Optimization
 

hackerIt is no secret that hacking is a major issue, in fact, Google has told us they spent most of 2010 working on making sure hacked sites do not influence Google's search results.

The thing is, hackers adapt, they change, they get smarter and the rest of the world is playing catch up.

I've seen some pretty crazy things done by hackers, some smart things. I've seen basic stuff like link injection. I've seen things like content development, redirection, user agent based canonicals, and much more.

But what is even scarier is that I've seen things where hackers don't change anything. All they do is add code to gain access later and to more and more sites. They will basically leave a key to access what they want, when they want. So while you may remove the specific link injection or redirection, they can always come back later and do more and worse because they have the key.

goodroi posted a thread at WebmasterWorld about him noticing more and more industries falling to hackers by looking at what ranks in Google's search results. He wrote:

Recently I came across a good mainstream term that was spammed so bad it reminded me of some super spammed adult serps.

How did this hacker take more than half of the first page of results? The hacker didn't just drop some outbound links on the page. The hacker dynamically inserted large amounts of text that was themed to their outbound links. The hacker also rewrote all internal anchor text to make them themed as well. They basically re-themed the entire website. After they re-themed one site, they then re-themed several other hacked sites and formed a pretty nice interlaced network.

I find it interesting to see a really smart hacker at work. This time I found it more interesting to follow Google's response to this hacker. For some reason Google has not removed these sites from the serps. They are not even flagged as compromised sites unless you do a site: search.

I find it upsetting, as do most of you. It happens and you can only do so much to protect yourself. Monitor, lock down, add more and more security, patch, update, monitor, etc. They will almost always be one step ahead, so praying doesn't hurt. :)

Forum discussion at WebmasterWorld.

Image credit to BigStockPhoto for hacker

Previous story: Google On Developing For Google Glass
 

Comments:

Josh Zehtabchi

04/05/2013 01:25 pm

This is very common with WordPress sites. A good take away would be to always keep your CMS, Apache, PHP and MySQL versions on the latest most secure versions.

Pano Kondoyiannis

04/05/2013 01:37 pm

If they want nothing stop it from attack, everything is balance between time, money and desire.

Barry Schwartz

04/05/2013 04:33 pm

If it was as simple as keeping those versions updated, it is not. That is a fundamental pre-requisite.

keaner

04/05/2013 05:25 pm

or you know use a real CMS like Joomla :). But yes as Barry said, not that simple

Josh Zehtabchi

04/05/2013 05:26 pm

I'm a moderator and developer on the Joomla project and I can tell you Joomla falls in the same danger as WordPress. IMHO, they're more proactive about it. But that's just my 2 cents.

keaner

04/05/2013 06:13 pm

are you josh? Whats your joomla developer name on the forums and what branch are you in?. I have been a member for about a billion years. I was more referring to the fact that wordpress is a kids tool and Joomla is a real framework with real power :)

Josh Zehtabchi

04/05/2013 06:17 pm

I agree, but I hate to be a fanboy ;-) It's all in my profile, I don't want to be the attention wh**e or hijack the thread. V2interactive = username.

keaner

04/05/2013 06:21 pm

noted, thx :)

shelbypanayotou

04/07/2013 12:15 am

my neighbor's mother makes $79 hourly on the laptop. She has been out of work for 6 months but last month her pay was $12546 just working on the laptop for a few hours. Read more on  Fab99.c­om

Jogos_Online

04/07/2013 11:29 pm

WordPress doesn't have anything to envy as a framework to Joomla, it's even more powerful and has much more cleaner code :)

Soni Sharma

04/08/2013 05:04 am

Even Big sites are not safe now days... keep latest updates. change password after some time. Do not use free or nulled codes for your websites.

David

04/08/2013 08:45 am

Couldn't agree more with what you said here @google-27532f4180d16b3e5f31ad60772f319f:disqus Had my fair share of WP hacks :)

Urban Media

04/08/2013 09:22 am

Really, I didnt realise Worpress was so prone to hacking. Thanks for sharing that.

StevenLockey

04/08/2013 03:39 pm

Expression Engine 2 is fairly secure, but more expensive. Its also very powerful, we use it and it works well once you get to know the system, its a PITA till you learn it well however and get the right add-ons.

keaner

04/08/2013 07:05 pm

haha, typical wordpress user. :)

Don Dikaio

04/17/2013 03:13 am

I'll second that Steven, I've used Wordpress, Joomla and ExpressionEngine and EE is remarkable more flexible, it's an open canvas. The only thing I wish it had was or more intuitive, cleaner control panel design. As for Hackers, Barry is exactly right but multiply it by hundreds or if not thousands of hacked projects. I reported a laundry list of hacked sites to Google that where all sites that were receiving links were ranked on the first page of Google, many of which for the same keyword. It's been about 6 months now and now penalty for any of the sites. Google does not catch all spam and reporting is seems like a waste of time. What someone needs to do is build a site that allow people to submit and display either hacked sites or just pure web spam for the open public, if enough traffic is generated to the sites I'm sure the spam would be removed sooner then submitting a single spam report that doesn't receive the attention that a highly trafficked site would.

rankyacomau

04/22/2013 01:47 am

Thanks Barry, we too get to see many hacked sites just for sole purpose of SEO backlinks, where is Google's manual spam team when the SERP's are cluttered with some websites who are practicing high ranking with hacking tactics?

Spook SEO

02/18/2014 11:15 am

first of all it is a great post and thanks for informing us that how many hackers are walking ahead of us. If we want to be safe and secure than we have to take all security measures like update our programs time to time and changing passwords etc.

blog comments powered by Disqus