We got a call from a local business saying they received an email alert from their hosting provider stating that their website was infected by malware. We immediately performed a malware scan using Gravityscan and found several instances of spam links.
Spam links are links inserted into a website with the intent of manipulating search engine result pages (SERPS). The more inbound links a site receives, the higher the placement of the hacker’s target web site in the search results. Spam links are typically inserted into the database content in plain text. In this case, it was obscured through ambiguous code and inserted directly into added site files. You wouldn’t have known just by looking at the website because the spam links for Viagra were hidden, however Google saw a Canadian Pharmacy!
This is how the client website was showing up on Google.
Often, attackers will change links just enough to make removal tedious. The hosting company did a good job of identifying the malicious code so after we analyzed the site’s pages, we confirmed the malicious pages buried in different folders and removed them. We then initiated a new malware scan which confirmed no further vulnerabilities, and created a backup of the clean site on our end.
Although this did not cause permanent damage, it did affect the reputation of this website and it’s an inconvenience to have to wait for corrected search engine results or expedite a review by Googlebot by using Google’s Search Console.
How did it happen?
Simple passwords are 99.9% of the reasons why people get hacked. We suspect that hackers gained access through a simple FTP password so we immediately changed it.
Having a developer review your website on a regular basis will prevent this situation. Subscribing to our BASIC support subscription, will put your website on our production calendar for weekly malware scans, off site backups, Google Analytics reports and more.
Contact us today to review your website!
Sources