Results 1 to 5 of 5
  1. #1
    The Buzz's Avatar
    The Buzz is offline GPWA Gossip Hound
    Join Date
    February 2007
    Location
    Newton, MA
    Posts
    3,849
    Thanks
    345
    Thanked 1,632 Times in 990 Posts

    Default 15,000 sites hacked for massive Google SEO "poisoning campaign"

    According to multiple news reports, hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.

    The attacks were first spotted by Sucuri, A website security & protection platform, who said that each compromised site contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress.

    From Sucuri:

    Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines.

    PublicWWW results show nearly 15,000 websites have been affected by this malware so far. Our own SiteCheck scanner has detected these redirects on over 2,500 sites during September and October. According to data from our internal cleanups, the file structure of each affected website contains a great deal of infected files — nearly 20,000 detections in total.

    What makes this campaign especially unusual is that attackers are found to be promoting a handful of fake low quality Q&A sites.
    From Digital Informational World:

    The malicious code can tell whether or not a user is logged in through WordPress, and it redirects anyone who isn’t to the aforementioned site. More specifically, clicking on any links will redirect to a URL related to a Google search which will subsequently redirect users yet again to the final site.

    These hackers are doing this because of the fact that this is the sort of thing that could potentially end up giving them a leg up in the SEO domain, and this is creating a feedback loop wherein each newly compromised site exponentially increases the rate of growth. Excluding WordPress users helps these hackers stay under the radar by avoiding redirecting site admins who’d immediately take steps to rectify the issue and shut the whole scam down.
    Read more here: https://blog.sucuri.net/2022/11/mass...-campaign.html

    And here: https://www.digitalinformationworld....sites-and.html

  2. #2
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    29,667
    Thanks
    2,774
    Thanked 8,277 Times in 5,243 Posts

    Default

    Reading the sucuri report states that it was suspected it was initially a group trying to increased adsense revenue. They suspect it was the same group. This indicates google and EASILY see the real individuals behind, and could freeze all payments to their adsense accounts. The terms are pretty clear they can freeze accounts for even suspect of fraud which this clearly is.

    Google should also take steps to give manual penalties to the redirected url domains.

    Hopefully they can also study the results of this and take more steps to determine when this happens again. Likelihood of additional cases is very high.

    It gets back to the same thing though, weak passwords and nothing locked down and default wordpress login locations is likely one of the main things this group took advantage of.

    Rick
    Universal4

  3. #3
    iGamingWriter is offline Private Member
    Join Date
    August 2011
    Location
    Scotland
    Posts
    752
    Blog Entries
    8
    Thanks
    87
    Thanked 15 Times in 9 Posts

    Default

    Quote Originally Posted by universal4 View Post

    It gets back to the same thing though, weak passwords and nothing locked down and default wordpress login locations is likely one of the main things this group took advantage of.
    You're 100% right, but I also understand that a lot of WP users aren't web developers. Sure, they could use stronger passwords. But for many of them moving login locations away from default settings and keeping pluggins updated is way outside their skillset. I've had to help a few extended friends and family members out over the years and these are small businesses with low margins or personal sites. They can't afford to bring in pros to take care of the things they don't know how to do.

    And that's the rub - as long as you're going to allow anyone to throw up a website, you're going to have a quick and dirty site platform like WP. And as long as you have that, these mass vulnerabilities are always going to exist.

    None of the above is disagreeing with you at all. Just thinking out loud about the bigger picture problem here.

    Duncan
    Last edited by iGamingWriter; 29 November 2022 at 4:26 am.
    iGamingContent.co.uk - Content writing services by some of the most experienced and knowledgeable writers in the sector.

    BetBlocker.org - Responsible Gambling charity providing free blocking software to everyone.

  4. #4
    Nicole Goodwin's Avatar
    Nicole Goodwin is offline Public Member
    Join Date
    October 2022
    Location
    Wellington
    Posts
    63
    Thanks
    1
    Thanked 11 Times in 7 Posts

    Default

    Haven't heard of such massive attacks in a long time. Now it is easy to track, which pleases. But still, there are people who fall for the hook.

  5. #5
    Isabella Pritchard's Avatar
    Isabella Pritchard is offline Private Member
    Join Date
    November 2022
    Location
    Auckland, New Zealand
    Posts
    7
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by iGamingWriter View Post
    You're 100% right, but I also understand that a lot of WP users aren't web developers. Sure, they could use stronger passwords. But for many of them moving login locations away from default settings and keeping pluggins updated is way outside their skillset. I've had to help a few extended friends and family members out over the years and these are small businesses with low margins or personal sites. They can't afford to bring in pros to take care of the things they don't know how to do.
    Of course, security is not a strong point of Wordpress) But there are still plugins that reduce the likelihood of hacking and do not require hiring professionals. Some of these plugins prevent the possibility of password mining, others change the address of the page for the administrator. A good option is to install two-step authentication.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •