Welcome to WebmasterWorld Guest from 54.205.96.97

Google's Three Tips To Find, Fix and Prevent Hacking on Your Site

   
12:35 pm on Feb 28, 2014 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



A worthwhile read for every webmaster, especially as this problem is not going to go away.

It will affect your rankings, traffic, and reputation.

One common way hackers take advantage of vulnerable sites is by adding spammy pages. These spammy pages are then used for various purposes, such as redirecting users to undesired or harmful destinations. For example, we’ve recently seen an increase in hacked sites redirecting users to fake online shopping sites.link [googlewebmastercentral.blogspot.com]
6:58 pm on Feb 28, 2014 (gmt 0)

WebmasterWorld Administrator goodroi is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Unfortunately too many business owners ignore their websites to the point that they do not even realize when their sites are hacked. That level of ignorance and/or apathy is hard to address.
7:21 pm on Feb 28, 2014 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Some hacks are very subtle; I've seen single words and short phrases sparingly inserted into body text on large, busy sites, and on these occasions it only stood out because the links were off-topic.

How many of the links we see every day on sites could be hacked but just is highly sophisticated - enough to pass for normal?
7:43 pm on Feb 28, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



It is a bit happy-clappyish and misses an important point. Many hacked sites tend to have links inserted that are only visible to search engines (not human visitors) to ramp up the PR of the spammer's sites. Most website owners use a web developer to build their sites and the site might even have remained hacked for over a year because the owner considers the site just brochureware. And based on working on monthly websurveys that detect this kind of thing, the spammers sometimes update the links they use. Perhaps the people behind Google's webmaster blog should really talk to the people in Google's spam department.

Regards...jmcc
7:48 pm on Feb 28, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



How many of the links we see every day on sites could be hacked but just is highly sophisticated - enough to pass for normal?
But you don't see the injected links - they are hidden "off page" with CSS. Some of the out of place spam/hacked keywords I've seen in pages tend to be possible evidence of a failed hack or a crude attempt at clickbait SEO. The iffy links might be IDN versions of legitimate sites but most of the injected links tend to use the luxury product name or designer in the domain name. Then there are the injected links to problem ccTLDs that should not exist in most sites outside those countries.

Regards...jmcc
8:09 pm on Feb 28, 2014 (gmt 0)

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I'm gonna test these new forum rules and point out (as I have repeatedly pointed out to Google/Matt) that all you have to do is search for "fast shipping" and you'll find a boatload of hacked sites - page after page of them.
9:28 pm on Feb 28, 2014 (gmt 0)

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



netmeg - IMO, that's an excellent example. I don't think we should dwell on example searches here, but, yes, this one is OK. It makes a strong point.

In the serps I see, after about the first three results, the results become very spotty, as you say, for page after page.

It's sad that poorly funded and not very sophisticated non-profits seem to get hacked most often. I've contacted a few hacked sites just to alert them, and many of them don't have staff or resources to address the problem... probably don't have a clue what Webmaster Tools is... and it's very hard to explain that these are hacks that Google sees but the webmasters won't, unless they come in via Google.

It's also very unlikely that they'd look for their sites via the hacked target phrases. FWIW, in the example search above, I'm not seeing the "This site may be hacked" message on some very obviously hacked sites.
9:52 pm on Feb 28, 2014 (gmt 0)

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Exactly.
10:21 pm on Feb 28, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



It's also very unlikely that they'd look for their sites via the hacked target phrases. FWIW, in the example search above, I'm not seeing the "This site may be hacked" message on some very obviously hacked sites.
The problem is that Google cannot tell a good link from a bad one.

Regards...jmcc
11:21 pm on Feb 28, 2014 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



all you have to do is search for "fast shipping" and you'll find a boatload of hacked sites


That's the mystery with G. Any fool can see "boatloads" of hacked sites but G seems intent on using complicated methods to find them. Possibly the sheer volume means that it has to be an automated process but automated processes will only find a tiny fraction of them.
2:13 am on Mar 1, 2014 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



But you don't see the injected links - they are hidden "off page" with CSS.

But they still stand out like a sore thumb when you view source. I'm talking about hack links that might pass a manual review - and on big sites with more than one person responsible for content management, no-one knows who put them there.
The problem is that Google cannot tell a good link from a bad one.

Yup. But can you blame them when some might fool humans too?
3:54 am on Mar 1, 2014 (gmt 0)

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



The point is, not only are they obviously hacked, and not marked as hacked, but that they actually *rank* for hack-related stuff.
6:36 pm on Mar 1, 2014 (gmt 0)

WebmasterWorld Administrator goodroi is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Google needs to do better. Not because it is their responsibility. IMHO I place most of the responsibility on the business owner to monitor & protect their own website or outsource this vital process.

Google needs to do a better job to protect their search results to keep their users happy. Of course it is much easier to blame Google then actually implement a change that can screen through billions of pages while quickly serving billions of search results that are as relevant as possible to a worldwide audience while there is a small army of hackers that have networks of spambots exploiting the non-stop flow of newly discovered security holes.

A few times I have contacted small business owners that had their sites hacked to tell them about it so they could clean it up and secure their site. Hackers had used these off-topic sites with strong trust & quality signals to rank in profitable serps that I was working in. Most of the time the business owner was clueless and thought I was part of the problem and not someone trying to educate them about their hacked site.

There is no easy solution to this. IMHO there will always be business owners that do not fix their security holes. There will also be smart hackers that will keep evolving and staying one step ahead of Google. Thus making it very hard for to erase the hackers without high levels of innocent casualties.
8:04 pm on Mar 1, 2014 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



The education aspect for all the webmasters out there is immense. But who reads it other than a few (like us here at WW)? And because of this the hackers will continue to find fertile opportunities. G, on the other hand, has millions, if not billions, of examples of such harm being done that it would not be that dang difficult for them to send a notice of same to these clueless "webmasters".

That will NOT happen, however. G (or any other search engine) cannot be the "hacker police", though they can, and do, indicate in the serps "this site may be dangerous"... and that's after the fact... and the site owner may not even know it.

So, thanks for the article. Of course. No thanks for not stemming the tide of ugly. And what hubris to think that ALL the webmasters will even know this article exists?

A rant with no solution, freely admitted. Just needed to get it off my chest.
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month