Your site is hacked!
Are you sure your site has not been hacked? And don’t tell me that you have checked and it looks fine in your browser.
You may say that you don’t even care since your site does not store any useful client data. If these are your kind of answers may I suggest that you had best start caring and satisfy yourself that your site is still in its original pristine state.
I have written about hacking several times now but each time it has been more as a warning to you as a user to keep your personal information safe. This time the issue is the safety and viability of your business. There is money in making your site a troll and very quickly destroying your reputation and in the end your business.
Before you rush off to find out what I mean by the term troll let me define it by analogy right now: Angling by drawing a baited line through the water. The angler is the hacker and the bait is your highly ranking site to benefit somebody else. But as always it is best to start at the beginning.
When I design sites I always, amongst other things, employ the services of Google to monitor a small swag of features of the site and advise of any errors or unusual changes to the site structure. Google does this by simply crawling a site at various but reasonably regular intervals. These advices are sent by email to the actual owner of the site. My clients usually refer such things to me to determine the required course of action.
A very useful data set updated by Google for example, are the search terms used to find the site which are checked by me if there is an opportunity to improve the site’s ranking. This means I usually visit this information every so often and indeed inspect all other records available in this manner.
This time I received a forwarded email from my client advising that Google was concerned by an unusually high broken links count for the domain. One does not expect broken links unless one is linking to an external site that has been changed without notice. Even that should only produce one or two broken links report. That unexpected warning was enough for me to start looking at the site. Testing it with a browser proved the site to appear normal.
Paying Google a visit produced a startling set of figures. This site had nearly 3000 external links with some 20,000 odd that were pointing back to the site. About 800 outbound links were broken. How was this possible as my design only had a total of some 29 links coded in? And what did it really mean?
There is one quick way to find out what Google knows about all your site pages. Just enter “site:yourdomain.com.au” into Google’s search box and you will see every page that is linked internally and externally to your site. Just omit the quotation marks when you type in the terms and substitute your own domain name for “yourdomain.com.au”. And that is exactly what I did to find that this site that had started life with only nine pages had blown out to the numbers quoted.
The answer was obvious. The site had been hacked. That means that somebody had defeated the login codes of user name and password. But what had they done, how and why?
Even though I had already guessed what was going on inspection of the site’s hosting server revealed a whole row of new directories each containing myriads of pages.
This hack is well known and is designed to promote “knock off” product sales using pyramid link structures. So we had finished up with mountains of pages promoting copy products under the guise of well known and high value brands such as Cellini, Nike, Prada, Boss and the list goes on but you get the idea. It also meant that some 3000 other honest sites around the globe had been dealt with in a similar manner.
The ploy is simple. Use a highly ranked site and give it pages that sell fake products.
The added landing pages are exceptionally well formed with hundreds of keywords describing the fake products. The back links in theory also improve the hacked site’s ranking and the sellers of the goods make a very nice living out of the scam as the scam pages lead back to their shopping carts.
However you, who run an honest and totally unrelated business, become a site known for peddling questionable goods and are therefore avoided by people who would have been your clients of the goods or service you normally traded in.
The clean up is very tricky. You can change passwords and delete all the foreign files on your server but there are some catches. The first of these is that hackers quite often insert scripted code into similar code used in your design. That code can give them future access without the need for passwords etc and that can be very difficult to find. Secondly our friend Google caches all these pages associated now with your site and to clear Google’s cache is tedious and time consuming especially when dealing with high volumes as is the case here.
The issue had raised with me the question of why and indeed how would the hackers choose this site as, despite its high ranking, it only had relevance in one location and was not global in the true sense of the word. Very much like your site. Using some sleuthing techniques to follow a string of IP addresses I quickly arrived in south-east Asia. No native would have ever thought of finding this particular domain. But by accident the site owner supplied the answer.
Their friend had been holidaying in that area, had forgotten their email address and promptly visited a web café to use their web site enquiry page to send their message via the usual contact page form. However the fundamental rule of emptying the browser cache was not followed thereby leaving this domain address cached in the browser.
I can only surmise that the hackers were trawling this café’s computers for likely sites used by foreign visitors. After all, tourists have the money to go shopping. This time two and two did appear to equal four.
There are many more aspects to talk about but these I will leave to your webmasters.
Just remember: Be careful out there. There is very little that is private anymore on the web. And monitor your web site as I have described lest it costs you your business.
