A Blog in Suburban Glory: Web Design Ideas and Inspiration

It's not necessarily easy to spot if a website has been hacked (or cracked to use the correct terminology).

A lot of website attacks amount to a malicious user breaking into a site through a security flaw and then defacing it. I've even heard of an attack where a cracker slipped into the victims site and then deleted everything – including the backup.

This is one reason why I back up my entire home directory at least once a week and then download the lot onto my own hard drive.

During the 2003 invasion of Iraq there were countless websites being broken into with pro or anti-war slogans subsequently left on their homepage.

However, there is another form of cracking that is called link injection.

What happens is that the offender finds a security hole in a website and then leaves links to their own website on one or more pages.

Why? In Search Engine Optimization (SEO) the number of links pointing to a website is very important. A long time ago in the 90s search engines like Google decided that the more incoming links to a website then the more important it was and the higher it should be ranked in their index – and the higher your website is in the Google index the more traffic you will receive.

The vast majority of webmasters and practitioners of SEO acquire their incoming links in a honest manner, but due to the sums of money available for reaching the number one spot for certain keywords (Viagra and porn for two) nasty people have been illicitly cracking open websites and inserting links via this criminal way.

They often find a vulnerable site by finding those that use outdated popular blogging scripts such as Wordpress and then exploit known vulnerabilities – which is why you must keep your software updated with the recommenced security updates.

I was at the brunt of a link injection attack a couple of months. I noticed it pretty much as it was happening as the offender left quite blatant links in the footers of my sites. It was a nuisance, but I got the problem sorted after a few hours.

It isn't always as easy to spot when your site has been at the receiving end of a link injection attack as a clever cracker will disguise their links.

The other day I was examining the website of some nearby web design companies and agencies. I was looking at the pages indexed by Google for BrightCherry and I noticed pages for Honda car parts listed.

Links such as this:

www.brightcherry.co.uk/reciva/recivahomepage2/images/bubble/hffvb/quarter-mile-time-honda-silverwing-scooter.html
www.brightcherry.co.uk/reciva/recivahomepage2/images/bubble/dhxtq/hood-1995-honda-accord-6-cylinder.html
www.brightcherry.co.uk/reciva/recivahomepage2/images/bubble/tpduf/buy-hydrocodone-without-prescription.html

That's weird for a web design site, I thought.

Clicking on these links then redirected me to hardcore porn sites.

It was immediately obvious that BrightCherry had been cracked open and an investigation of their code confirmed this. As an example from their homepage:

See the malicious link above. All the links (and there were a lot of them!) were hidden by a CSS command called display: none which hides content from the human eye but not from search engine robots.

In this case it seems that the attacked website was handcoded with PHP rather than it relying on an CMS script.

I was surprised though that that the website still had a PageRank of 5 as hacked sites are penalized by Google quite quickly – it must have just recently happened.

I emailed the webmaster to inform them of matters.

So you must keep a very close eye on your websites. Constantly check your Google Webmaster Console as they will inform you there if you are linking to dodgy places and do your best to keep your blogging or CMS script up to date with the latest security updates.

----------------

St Albans Web Design