Are the sites with the injected links hacked?

I would imagine so.

Scenario...

Professional looking, white hat site needs ranking boost so they hire an SEO compamy that boasts quick results.

SEO company takes money but instead of doing the real work, chooses black hat link injection to vulnerable CMS sites.

Voila, quick boost in ranking until SE algo catches the game and imposes penalty.

I've seen this done well enough (UK finance sector also) that the link added doesn't stand out like a sore thumb. They were noticeable but only because they were a little out of character for the text that surrounds them - and sometimes just plonked randomly in the middle of some text. You'd think that with the effort that goes into the hack (surely at least some) the perpetrators would do as little as possible to draw attention to the link - but then maybe it's different groups that hack and place. You can buy access to a certain amount of compromised sites, how clever you are in your use of them is up to you.

I wouldn't be surprised if there are people that place the links well enough so that they look totally natural and are undetectable except by the author of the page. If so, good luck to Google spotting that.

Without going into much detail, I can guarantee you that from the examples we have seen, no effort has gone into the hacks.

Agreed... doesn't take much effort to run a relatively inexpensive script aquired from the dark web & run it from drone accounts.

Hacking into a website to place a follow link hidden or not, this is improving there SERP position, this is what's happening?

Sounds a bit unlikely to me, I doubt any site that is sloppy enough to being hacked is going to be strong enough to improve any other sites, especially in the financial sector which is viciously competitive to get high in the SERP. I recall PPC prices of up to £15 back in 2004-6 for a mortgage co I looked after!

Is there not something else pushing them up?

Out of interest I would like to see the hacked sites you are referring too.

What bothers me is that this type of abuse is so easy to spot. The links are created within a javascript script, which prevents them from being visible on the page. I would have thought that Google could easily spot this but it doesn't seem to be a priority.

I'm in the UK, in the finance sector. Is this an issue elsewhere, in other countries too?

Yes. It is a major problem. The most common links are obscured using CSS rather than Javascript so that they don't appear on a user's visible screen area. Most of the ones that I see each month in the web usage surveys are on Wordpress or Joomla sites that have been compromised via a vulnerable plug-in or out-of-date CMS version.

Regards...jmcc

Eh? What exactly is the discussion here?

Apparently this is a "Major problem" that is pushing up sites in arguably one of the most competitive SERP positions. That is also "so easy to spot".....

Yet Google are totally blind to this activity which has been known for years?... Really?.. this is really what's going on with Google?

Come on people, you need to back this sort of talk up with some evidence, why not show us these hacked sites and the sites they are pushing up so as we all can see with our own eyes.

Come on people, you need to back this sort of talk up with some evidence, why not show us these hacked sites and the sites they are pushing up so as we all can see with our own eyes.

It's against the TOS. Take a good look around, you'll soon find some.

If you spend enough time crunching through link profiles you will see them. And you're only looking at links on sites that the link discovery bots from the paid crawlers like Majestic and Ahrefs are not blocked from. Some hosts block these bots at a server level.

One site that is ranking on page one in my niche for a very high traffic keyword has been hacked and in its footer there are hundreds of spam links (mostly those exam test result sites). This site has been like this for ages now and has been untouched by penguin.

First let me subtly remind everyone NO LINK DROPS IN THIS THREAD Why? Exposing sites often backfires causing a bunch of problems which can AND have hurt innocent webmasters ... so don't do it.

As for injected links, I wouldn't say it is new. Some of the variations are newer but injecting links has been around for years.

If you want to inject links it works best when you are subtle. Don't go for 100 footer links, go for swapping out specific keywords embedded in relevant content with links. If possible cookie users and only show the injected links on the first visit. This way if the site owner sees the links no longer appearing when they reload the page, they will think its was a temporary glitch and stop trying to remove your hack. Another variation is to only show the injected links if a user is coming from Google serps but this is becoming a little less popular due to http & https issues. But honestly you shouldn't inject links because a) you suck as a human & b) you have crossed the line into illegal stuff which means jail time.

If a webmaster wants to protect their site from injected links regularly scan your site for all outbound links. You should already be doing this to find any broken links to good sites from your real outbound links. Also pay attention to your Google's webmaster report which shows the top content keywords. Some hackers have started to upload massive amounts of full pages with themed content filled with embedded links. This will change the top content keywords for your site. Use incognito mode to search Google for your site (which you should already be doing to know how Google is showing your site to real users) Of course update your site whenever there is a new update. Don't use easy passwords and don't use any scripts or programs that you don't need. If your website is how you generate your weekly paycheck, take security as serious as you would for your online bank account.

I'll often find injected links when doing different research projects. If it's a straighforward site that appears unaware of the injected links, I'll send an email describing the link and the location in the code.
To date: I have received no "thank you's", how do we fix this, who the hell are you replies.

If I'd only been doing it for a month or two, yeah that would be normal. But, I've tried to make the web a better place for years. Still, just crickets.

And that is why I pretty much have understood that most websites and the people behind them don't really understand the web and/or their website interaction with the web.

World Wide Web, or Wild Wild West. Take your pick.

Walt Hartwell, I've had experiences similar to yours when letting sites know that they've been hacked. Quite often the victims are non-profit sites with a large public profile, but lacking adequate site maintenance. And, yes, sadly they are often not grateful. Sometimes the injected links are cloaked for Googlebot, so the links aren't visible unless you've come in via Google or view as Googlebot.

Here are two of our classic threads on various models of hacking, which provide good general overview and contain links to other references....

Understanding hacked sites that rank in Google
April, 2013
https://www.webmasterworld.com/google/4561487.htm [webmasterworld.com]

tedster's 2008 thread gives a hint how tricky some of these hacks are in terms of hiding what's been done. Combinations of cloaking for Googlebot and using cookies, eg, can make these very hard to track down...

How Hacked Servers Can Hurt Your Traffic
Dec, 2008
https://www.webmasterworld.com/google/3802274.htm [webmasterworld.com]

You nail it with the non-profits, Robert. While I will sometimes forage for links from large public profile sites, the links should be freely given or obtained, not injected. But they are certainly a target.

The ubiquity of Google in the US/EU markets that blinds posters to the reality that there are other search engines and other markets. Yandex, Baidu and a few others also spider these sites. Western hosters/registrars account for some of the dodgy domains that are being promoted in this way but many of the dodgy link domains are not hosted in North America or the EU. There are some new gTLDs that have been promoted by free registrations and heavily discounted registrations and this has added to the problem. Some of these gTLDs are heavily used in these injected link operations. If a .top appears in a US or EU website's link graph, it is almost certain that the site has been hacked. Most of the dodgy links are pushing drugs/counterfeit goods/etc. Spamhaus had a TLD badness rating based on spam e-mail. It might be possible to generate a TLD badness based on this kind of activity. It would be simple enough to correlate the links with hosters/registrars to identify these dodgy links with a simple algorithm.

The brochureware aspect of websites often means that a site owner pays a webdev for a site but then does not get a maintenance contract. The site owner tends to treat it like print advertising that only has to be updated once a year or so. The problem is that out of date plug-ins and CMS software have vulnerabilities. It is not uncommon to see sites repeatedly compromised with a new set of dodgy links on each monthly survey. (I run monthly web usage and categorisation surveys on various markets and TLDs each month. This gives me a somewhat better view of the problem than the average web developer.) Defacements are becoming rarer. The cynical view is that this kind of activity is a feature of the webscape and no amount of preaching about keeping plug-ins and software current is going to change it because website owners don't care.

Regards...jmcc