{"id":12685,"date":"2018-06-27T14:10:04","date_gmt":"2018-06-27T22:10:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/06\/27\/news-6453\/"},"modified":"2018-06-27T14:10:04","modified_gmt":"2018-06-27T22:10:04","slug":"news-6453","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/06\/27\/news-6453\/","title":{"rendered":"Red Hen website suffers SEO spam compromise"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Wed, 27 Jun 2018 21:11:28 +0000<\/strong><\/p>\n

If you’re thinking about checking out the website owned by the restaurant that asked White House press secretary Sarah Huckabee Sanders to leave the premises<\/a>, you might want to hold off. There’s some site compromise action afoot<\/a>.<\/p>\n

Although the homepage appears<\/em> to be acting in a perfectly normal manner, turning off scripts so you can see what’s happening under the hood provides a rather stark visual discrepancy.<\/p>\n

Visiting as normal:<\/p>\n

\"code<\/a>Click to enlarge<\/p>\n

Visiting with scripts turned off:<\/p>\n

\"scripting<\/a><\/p>\n

Click to enlarge<\/p>\n

Why yes, that’s a collection of Viagra spam text injected into the website with the aim of giving a search engine boost to the sites linked. What you’re seeing here is the otherwise “hidden” code leaking through onto the page; it actually resides in the HTML source like so:<\/p>\n

\"code\"<\/a><\/p>\n

Click to enlarge<\/p>\n

The sites hoping to get a search engine boost from the compromised restaurant page are pushing pharmaceuticals. Here’s the first example, a shopping portal for Generic Viagra:<\/p>\n

\"viagra<\/a><\/p>\n

Click to enlarge<\/p>\n

The second is for a prescription drug I’m not even going to attempt to pronounce:<\/p>\n

\"spam<\/a><\/p>\n

Click to enlarge<\/p>\n

Old hat<\/h3>\n

This is an absolutely ancient black hat tactic, most typically referred to as a form of SEO (Search Engine Optimisation) spam, or “Spamdexing.” Threat actors either use dirty SEO tactics to drive high traffic to their pages or they capitalize on already highly-trafficked targets by hiding their links in subtext. The most common forms down the years have tended to be one of the following:<\/p>\n

    \n
  1. Keyword stuffing, where lots of content-specific words are jammed into the text of an article to artificially drive traffic in ways that would otherwise make little sense.<\/li>\n
  2. Scraper sites, which pillage content from other places and occasionally remove things like the author or company name, hoping to make some ad-based revenue from the multitude of flashing banners hosted on their own website.<\/li>\n
  3. Hidden text, where a website is filled with content the same colour as the background and placed across multiple pages in an effort to boost links\/ranking for the linked sites in question. This can be content added deliberately by the webmaster, but it can also come about as a result of a hacked website.<\/li>\n<\/ol>\n

    A fourth variant of SEO poisoning would be where a hacker added malicious files to a site and drew visitors there through bogus search results, but services such as Google have been cracking down on this for years<\/a>.<\/p>\n

    The fallout<\/h3>\n

    While compromises of this kind may give a slight, fleeting edge to the scammers pushing their wares, it can do significant damage to the webmaster’s online business. Everything from page rank to general trustworthiness all take a nose dive in the eyes of Google, and it can be hard to get things back on track<\/a>.<\/p>\n

    In this case, the Red Hen site is running on WordPress, so it’s possible an exploit targeting the popular platform<\/a> or one of its plugins was used. It could even be down to something as basic as gaining access using default admin credentials, or a webmaster being caught up in a phishing scam. We couldn’t say for sure, though attacks on content management systems have been ramping up over the last quarter. Regardless of the break-in method, the site owners definitely have some cleaning up to do.<\/p>\n

    If you’d like to delve deeper into the art of SEO, we have a couple of links you can browse.<\/p>\n

    SEO poisoning: is it worth it<\/a>?<\/p>\n

    Google’s featured snippets abused by SEO scammers<\/a><\/p>\n

    A guide to website security<\/a><\/p>\n

    Otherwise, pay attention to search results when hunting around online. If you’re expecting to see a result for an eatery located in Lexington but instead find a webpage related to cars and written in Japanese\u2014someone is likely giving Google the slip by abusing its algorithms in order to boost phony results.<\/p>\n

    \"search<\/a><\/p>\n

    Click to enlarge<\/p>\n

    And if you do find your favorite restaurant is serving up Viagra instead of farm-to-table, you might want to do things the old fashioned way: Grab a leaflet and order takeout.<\/p>\n

    The post Red Hen website suffers SEO spam compromise<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

    https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    Credit to Author: Christopher Boyd| Date: Wed, 27 Jun 2018 21:11:28 +0000<\/strong><\/p>\n\n\n\n
    <\/a><\/td>\n<\/tr>\n
    A website belonging to an eatery currently making waves in the news has been compromised with SEO spam. We take a look at what’s happened, and explain what the hackers are up to.<\/p>\n

    Categories: <\/p>\n