Over the recent holidays I woke up one morning to an unwelcome present: one of my websites had been hacked!
Being the holidays, it took longer than normal to get help to fix the rest of the site. Finally, after two days, we were able to get everything fully functioning again. It was costly, both in terms of time, money and worry. But I breathed a sigh of relief.
Little did I know that the problems were not over … yet.
What the hackers wanted
Throughout it all, I kept wondering, 'Why would somebody hack my site?' It is purely a content site. The site databases contain no customer information, no credit card numbers, no confidential data of any kind. There is absolutely nothing of value for a hacker -- or so I thought.
At first I chalked up the incident to somebody's idea of a sick joke … mere vandalism.
Over the ensuing four days, I was soon to discover what the hackers had really done to my site. Deleted files and a messed-up design were just the tip of the iceberg.
Search engine boosting is the goal
The real purpose of the hacking was to boost search engine rankings.
The latest trend is that hackers hijack legitimate sites to use them to generate links to other sites to increase those sites' rankings. Even Al Gore's climate blog was victimized by hackers to boost search engine links.
In my case, a script had been loaded on the shared server that my site resided on, generating hundreds of hidden pages on my domain. These were pages that I had absolutely no idea were there until, looking at my Technorati.com account, I saw thousands of new links suddenly come in overnight from spam sites pointing to those pages on my domain. The anchor text in the links used words such as 'oxycontin' and 'cute ringtones' and similar junk that I knew could not be legitimate links to my site. The fake pages on my site were in turn automatically redirected to pharma, ringtone, and adult sites to boost those sites' link weight.
In addition, we found dozens of hidden links in the main pages of my site to ringtone, pharma, and adult websites. You could not see these links on my site's pages using a standard browser. Also, we found some rogue PHP code designed to generate even more hidden links if the first group were removed.
They also managed to insert bogus links in my blogroll and elsewhere in the site -- this time in plain view. Presumably links were scattered here and there among legitimate content with the hope they would be overlooked.
What it means for small business websites
You've heard of defensive driving? Well, welcome to the world of defensive Web publishing.
If you thought your site was safe just because you had nothing of value in it except some content, think again. Even small business websites and personal blogs are not immune from this kind of attack. Your site indeed does have value to hackers -- as a link-generating drone.
How to protect your website
The toughest part with hacking attacks is that you may not even be aware that your site was compromised. Or it may take a while (in my case, four days) to figure out the full extent of the damage.
Remember that you're not as helpless as you may feel. Taking these steps can help protect your site or blog:
- Educate Yourself -- The single best way to watch out for hacking activity is to know what to look for. Read up on hacking activity so that you can be a proactive site owner and spot suspicious activity or avoid it in the first place.
- Bolster security-- Arrange for regular backups of your site code and any databases. In the event of a hacking you probably will need to revert to an earlier backup. And remember, prevention is the best protection. Have your webmaster perform a security audit to check specifically for vulnerabilities. And observe good security practices as a site owner. Keep up to date with software upgrades, which often fix known vulnerabilities. Change passwords regularly. Limit access to your site – for instance, in the case of a blog, do not allow unknown users to register themselves as authors.
- Check your code regularly -- Occasionally check your site code. In your browser, Click on the 'View' menu, and then choose 'view source.' This will open up a little window where you can easily see your code. Look for links to sites you do not recognize. Look also for HTML code stating 'display:none' or using the word 'hidden.' Both codes mean what they suggest: that links are being hidden from casual view. Maybe there's a legitimate use for such HTML in your site – but then again, it may be the work of hackers.
- Check your link counts and standings -- Use tools such as Technorati.com or another link-popularity tool to keep tabs on inbound links. One telltale sign of a hacking: a huge jump in link counts seemingly overnight. Keep an eye also on your search engine traffic. If traffic dries up overnight, that may be another telltale sign. The search engines WILL penalize your site for having hidden links (Google doesn't know if you are a victim or if you inserted hidden links intentionally). Have your webmaster check your server logs regularly, too – or learn to do it yourself.
- Get qualified help -- I'd love to say that any reasonably intelligent business person can recover from a hacking. But most of us would be kidding ourselves. I never could have scoured the code and cleaned up the hackers' crud without the help of my skilled webmaster and telephone support of my Web host. Unless you are highly confident of your own technical skill, get qualified help.
Be a little paranoid – it's OK. It just may save you from a hacking or help you recover more quickly. For more information:
- To educate yourself to spot suspicious activity, read the white paper, Trends in Badware 2007: What Internet Users Need to Know.
- For those who have blogs, subscribe to: Blog Security.
- Symantec offers a helpful Security Response blog.
- To search to see if your site has been flagged by Google as compromised, visit: StopBadWare.org
Anita Campbell is a writer, speaker and radio talk show host who closely follows trends in the small business market at her site, Small Business Trends.