As we kick off 2016, it seems hackers have made a resolution to be more aggressive this year.
Recently, there have been reports of more and more hacked and spam content appearing in Google search engine results pages (SERPs). We are even seeing a revival of old-school tactics such as bait-and-switch content hacks. Google has said this increase in spam content is not related to its recent algorithm updates.
As an account manager at Elite SEM, I’ve also noticed more attacks on my clients’ sites. Most recently, one of my clients received a malware warning in Google Search Console.
The strange thing about this warning is that Google did not provide any sample links or information that would help to identify where the malware was on the site. The warning would also disappear and reappear in Google Search Console every two days or so, and Bing Webmaster Tools did not report a malware issue. Very strange.
Using the Google Transparency Safe Browsing Diagnostic Tool, I was able to get a bit more insight into the malware issue. As you can see, Google’s tool highlighted that there is an issue with “Uncommon downloads.”
I had the client contact their hosting provider for help and asked their developer to do a security audit, as well as run a security scan of the site. They checked server logs and recent content and files added to the site but were unable to identify the issue. Eventually, the warning in Google Search Console just disappeared.
Extreme Hacking Example: Quench Water
Just last week, I came across a hacked site in the SERPs for a Canadian water service, Quench Water.
It has to be one of the worst hacked sites that I have ever seen. As you can see below, Google has placed a “This site may be hacked” warning on the site listing in the SERPs.
I decided to take a peek and see what was happening here. When I clicked on the result, I was redirected to spam content, then redirected to porn and gambling content. Eventually, my last click test took me to an affiliate link, which returned a 503 error. Here is a screenshot of the redirect path and destination page.
Right away, I knew this had to be some sort of malware. I decided to dig a bit deeper and run a Sucuri site check. The results showed the site was indeed infected with malware.
As you can see from the screenshot above, the malware detected is MW:JS:GEN2, and here is the definition Sucuri provided:
So at this point, things are looking pretty bad; however, they are about to get a lot worse. I decided to do a “site:” search to see what else might be happening. This revealed that hackers had completely taken over the site with porn content. There are pages upon pages of porn content in the site. Here is an example:
I decided to click on one of the results to see if I would be redirected, but it actually loaded the content on the same URL. The adult content lives off the root domain.
As mentioned earlier, this is one of the worst site hacks I have ever seen — definitely something you do not want to happen on your site!
Due to the period of time this site has been sitting with the hacked warning, it seems no one at Quench Water is monitoring the site security, search visibility, SEO and overall site health.
I also noticed they are running an outdated version of WordPress, so I assume any plugins they are using are not updated, either.
Taking Steps To Keep Your Site Safe
So what can you as a site owner do to prevent something like this happening to your site? Here is a list of preventative measures:
- Be Vigilant. You must keep an eye on your website every day from a health, SEO and usability standpoint. This may require having a dedicated person in-house or hiring an agency. You may also want to run a daily security scan on your site.
- Google Search Console And Bing Webmaster Tools. Ensure your site has been added to both Google Search Console and Bing Webmaster Tools. Both platforms provide site health diagnostics that will help you to easily monitor what’s happening to your site. It will also help you to resolve and expedite site recovery issues.
- Software Updates. One of the common issues that leads to sites getting hacked is outdated software. Ensure your platform, plugins, add-ons and so on are all updated on a frequent basis.
- Passwords. Passwords like “website1234” or “password1234” are not gonna cut it. Strong, unique, long passwords help prevent hackers from being able to guess your login. A strong password contains a combination of letters, numbers and symbols.
- Hosting Provider. Select a well-known hosting provider who offers quality security benefits and support.
- Site Backup. In the event there is a site breach, you need to ensure all your data is backed up and stored elsewhere so you can revert back to previous site versions. Also leverage secure firewalls that are regularly updated.