It is no secret that hacking is a major issue, in fact, Google has told us they spent most of 2010 working on making sure hacked sites do not influence Google's search results.
The thing is, hackers adapt, they change, they get smarter and the rest of the world is playing catch up.
I've seen some pretty crazy things done by hackers, some smart things. I've seen basic stuff like link injection. I've seen things like content development, redirection, user agent based canonicals, and much more.
But what is even scarier is that I've seen things where hackers don't change anything. All they do is add code to gain access later and to more and more sites. They will basically leave a key to access what they want, when they want. So while you may remove the specific link injection or redirection, they can always come back later and do more and worse because they have the key.
goodroi posted a thread at WebmasterWorld about him noticing more and more industries falling to hackers by looking at what ranks in Google's search results. He wrote:
Recently I came across a good mainstream term that was spammed so bad it reminded me of some super spammed adult serps.
How did this hacker take more than half of the first page of results? The hacker didn't just drop some outbound links on the page. The hacker dynamically inserted large amounts of text that was themed to their outbound links. The hacker also rewrote all internal anchor text to make them themed as well. They basically re-themed the entire website. After they re-themed one site, they then re-themed several other hacked sites and formed a pretty nice interlaced network.
I find it interesting to see a really smart hacker at work. This time I found it more interesting to follow Google's response to this hacker. For some reason Google has not removed these sites from the serps. They are not even flagged as compromised sites unless you do a site: search.
I find it upsetting, as do most of you. It happens and you can only do so much to protect yourself. Monitor, lock down, add more and more security, patch, update, monitor, etc. They will almost always be one step ahead, so praying doesn't hurt. :)
Forum discussion at WebmasterWorld.
Image credit to BigStockPhoto for hacker