Search Engine Optimization (SEO) Poisoning has became a serious problem as of recent and unfortunately it seems to be getting worst. Sucuri announced a couple of days ago that in the third quarter of 2016, approximately 37% of all website infection cases were related to SEO spam campaigns through PHP, database injections or .htaccess redirects. This now makes it the third highest infection trend according to Sucuri’s research. SEO poisoning can be extremely devastating to both large and small website’s credibility and reputation.
SEO poisoning is a Blackhat technique employed by hackers (or crackers) to abuse your rankings on Search Engine Result Pages (SERP). They do this by compromising vulnerable websites, usually with high ranking search engine positioning, and insert unwanted links and keywords into the SERP. Attackers can link their own malicious websites, or the websites of their clients, into these pages and thus divert your traffic to their properties. These unwanted links and keywords help the attacker’s websites rank higher in search engines, which under normal circumstances would not likely be ranked high, if at all, due to the spammy content (eg think spammy pharmaceuticals, etc). Essentially, SEO poisoning abuses and exploits the hard work you have put into optimizing your pages by redirecting your traffic to their spam.
The bad news is that the effects of SEO poisoning can be catastrophic for your website. Beyond damaging your reputation with users, you will usually drop your search engine ranking significantly on all major search engines including Google, Bing, Yahoo, etc. If, for example, your site is found on page one on search engines when users type of the relevant terms, then your search engine positioning can shift to page 10 or worst. At this point, if users are unlucky enough to stumble onto one of these pages, then they will likely receive notifications or warnings that the site has been compromised, which will only deter even more legitimate traffic. Finally, as a worst case scenario, search engines can outright blacklist you, meaning your site will not be served on search engines at all or users will be given a big red alert before entering the infected page.
Though it is a frightening prospect, the good news is that it can be fixed and any blacklist you might have can be removed. Sucuri has spent a lot of research into recognizing and addressing SEO poisoning and have found effective ways to remove it. They have also provided a step by step guide on how to remove Google blacklist and get back to restoring your SEO rankings. If you feel that your website has been infected it is important to contact Sucuri or ourselves as soon as possible. To prevent yourself from becoming a victim of SEO poisoning, it is important to adopt some good security practices that will secure your website. For example, be sure to use strong, unique passwords for WordPress and to regularly update your CMS with the latest version.