Thursday, May 28, 2009

Fighting back against hacks and spam

(From Google Enterprise Blog)

Most webmasters would agree that hacking and spamming are a real problem, but many may not be aware of how vulnerable their websites might actually be. Even more importantly, many webmasters may not know where to go to find resources that can help them protect their site, or show them what to do if their site has been hacked or spammed.

I want to share some examples that might help build understanding of the problem and motives behind hacking and spamming, and also offer some online resources to help organizations avoid these problems as much as they can.

If we look at [ free ringtones], we will see a lot of examples of different educational institutions being exploited by hackers for their high traffic and well-known names. For aspammer , acquiring links from a high-traffic site can artificially give their sites more worth and manipulate search results in their favor.

An example we often see is hackers using an exploit in a sites database (SQL Injection) or in sites that have unchecked areas for user input (XSS). A way to look for this is to run the site: query mentioned above ( free ringtones) and take look at the URLs of the sites that show up. If you see some trailing parameter like [/?p=ringtones], then your site is most likely hacked. Here are some steps you can take to prevent your site from getting hacked:

  • One way to avoid SQL injection hacking is to escape all dangerous characters from input fields, with "dangerous characters" being those that can access and change the database behind your site.
  • For both SQL injection and XSS hacking, creating a layer between the user input data and your back-end systems creates a space where you can check inputs and make sure that a user is not entering malicious code.
  • Another potential exploit can occur if the root or any subdirectory of your site uses an open source CMS like Joomla or WordPress. In this situation, it is really important to make sure the CMS software is updated with every new release to make sure you are using the most secure version.

For more on hacking, check out this Google Webmaster Central Blog post:

Forums can also be points of access for hackers and spammers. Does your site have a forum? If so, do a quick site search on your forum section []. Do you see anything fishy in the snippets, like "freeringtones"? If your forum is not about ringtones , this may very well be a case of comment spam. Any sort of platform where users can freely post their own comments, including hyperlinks, is a target for comment spam – especially if your website ranks high in the search results. The main reasoning behind comment spam is aspammer wants to get as many people as possible to visit their site and spend money there. The spammer can post several links on forums, guestbooks, etc., pointing to their own site, to help artificially boost their ranking in search results. Here are some precautions you can take:

  • Every time a user wants to add a profile or comment on the forum, require them to complete a CAPTCHA. This creates an obstacle for automated software to generate profiles and comments.
  • Add spammy keywords like "free ringtones" and "online casino" to a blacklist to block comments like this from showing up.
  • Install a plug-in that automatically detects and blocks spam posted to the forum. Akismet is an example of this.

For more on comment spam, check out this Google Webmaster Central Blog post:

Staying aware of the latest spam and hacking trends, regularly monitoring the activity on your site, and being vigilant about updating your applications and plug-ins are key to keeping your website safe fromspammers and hackers. We've provided some Google resources here:

Webmaster Central Blog ( – Search for blog posts written by Googlers about how to secure your site.

Webmaster Central Channel on YouTube ( – See video tutorials on all things webmasters.

Webmaster Help Center ( – Find help articles on various webmaster concerns, including what to do if your site has been hacked.

Webmaster Help Forum ( – Chat with your fellow webmasters about past and present experiences with being spammed or hacked, and get a variety of perspectives on how to protect your site.

Webmaster Tools ( – If you're not already registered, this is a great way to monitor how your site looks on Google. You can see what kind of sites are linking to you, and the top queries users type in to get to your site.

In addition to the links provided above, it's also a good idea to seek out more knowledge that is specific to your web server, applications, and plug-ins.