The security of websites, and the internet in general, gets a lot of attention in the media. Government agencies, large national businesses, and others have faced issues resulting from data breaches or embarrassing hacks. Though it's easy to focus on hacks in large, well-known websites, many website owners have hacked or otherwise compromised sites and don't even know it. In recent months, Google has changed its search algorithm to more aggressively filter out content from hacked websites and comment spam. This article will explain how many websites end up covertly compromised, how it affects SEO and what website owners can do to protect their pages from hacked spam.
What is Hacked Spam?
While it may sound like something served in a specialty Hawaiian cafe, hacked spam refers to content that spammers insert into a legitimate websites in order to promote a malicious or deceptive website. Search engines have evolved greatly over the last 20 years, and spammers had to get more and more creative in their attempts to draw traffic to their sites. So many spammers have resorted to using hidden links in the comment sections, or inserting hidden pages and pdfs into hacked legitimate sites as an avenue to promote links to spam websites.
This is dangerous because the links spread by spammers often lead to sites with malware that infects computers, phishing sites that try to trick consumers to giving up security data, sites that sell illegal or counterfeit drugs, and the list goes on. Since some comment sections allow users to enter website information, or place hyperlinks in the comment, there's an endless number of ways malicious parties can stick hacked spam onto a legitimate site.
Another problem happens with hackers make changes to a site covertly. It's easy to notice a site has been hacked when the hackers change the homepage. But some hackers break into sites and then add html pages or pdfs with malicious content and links. If the add page or pdf isn't shown on any links on the site, but still exist on the server, they will be indexed by search engines. This means many sites could be hacked and the owners not know it, unless they're checking the backend of their site frequently. Small business owners who don't mess with their site after it was initially set up are especially susceptible to this kind of covert activity. Earlier this year, the IT firm Sophos indicated they had found massive amounts of hacked spams on PDFs, despite Google's attempt to filter out this kind of content.
How Hacked Spam Affect SEO and Internet Marketing
Hacked spam has multiple negative effects on the internet marketing plan of a business. Sites that are noticeably compromised reduce the trust of people visiting the site. Shoppers become more wary of giving their credit card information to a site with hacked spam. Similarly, concerns over internet security make people less inclined to visit pages that have hacked content. And just in terms of professionalism, it never helps to have ads for erectile dysfunction medication (a common spam topic) in the comments section of an article for a business.
Hacked spam also affects internet marketing by hurting a website's SEO efforts. As one would imagine, Google and other search engines make an effort to find and remove compromised websites or pages with hacked spam from appearing in search results. In 2013, Google said hacked pages and content spam were the second leading cause of manual actions (i.e. SEO penalties) againsts websites.
In the past year and a half, Google has made updates to its algorithm to aggressively target hacked spam. Earlier this month, Google announced it would increase the sensitivity of its hacked content filters. This is by no means a small change, Google says the update will affect roughly 5 percent of searches. This translates into millions of pages that will see movement in their rankings as a result. And in some cases, where queries are especially susceptible to spam activity, Google will only show the most relevant search results, leading to a tremendous decline in the number of pages shown, legitimate or otherwise.
How to Protect Your Site From Hacked Spam
Hacked spam is a problem that affects just about every type of website on the internet. Any site with a comment section without a strong filter can become a target for hacked spam. Most spammers have tools that allow them to automatically fill in the comment section information and bypass basic protections like CAPTCHA's with images that are too easy to identify. Any site that only uses the basic CAPTCHA to determine who gets to comment is probably hosting comment spam already.
One tactic small website and blog owners can use is require all comments to be approved before they are posted on the site. This allows the website owner the chance to catch the less obvious pieces of comment spam. For example, a blog owner will get a generic comment about their blog post (e.g. "Thanks for posting this info. It's really helpful.") that seems benign enough. But after a closer inspection of the website in the commenter's info section, it becomes clear they comment is a venue to insert a link to spam website.
For larger websites with a lot of content, trying to review every comment can become tiresome, but there are tools to help. For example, installing or activating Akismet on a site will let a international database scan comments submitted to your site for the traits associated with spam comments or that were submitted from known spam IP addresses. Larger websites can also make change to their site structure to make their sites less attractive to comment spammers. Removing the website URL from the comment box or setting comment links to NoFollow, eliminates some of the incentive for hacked spam.
Protecting a site itself from being hacked still relies on strong passwords diligence. Make sure that no one with access to the site has a common password and it's good to set a maximum number of attempts before a login to an account is locked. Besides these best practices, website owners should monitor their websites for unusual traffic activity or the addition of unknown pages. Covert hacked spammers try to leave as little evidence of their additions as possible, so only by looking at traffic reports will be become clear if there is unusual traffic to an offsite address from an unusual page or pdf.
Protecting your site from hacked spam and content is important for a website owner. This importance is growing as consumers and search engines become more attuned to the tactics spammers are using to insert malicious content into legitimate pages. Though it takes time and effort root out hacked spam, it's an effort business owners need to take for the long-term health of their site and business.
For more things website owners should be doing in the near future, read this article on some SEO tricks for the holidays business owners should implement.