Tracking Down Rogue Spam Links
-
In Feb, 2015 www.mommyupgrade.com site received the following notification in GWT:
http://www.mommyupgrade.com/: Suspected hackingFeb 4, 2015
Google has detected that some of your pages may contain hidden text or cloaking, techniques that are outside our Webmaster Guidelines.
Specifically, we detected that your site may have been modified by a third party. Typically, the offending party gains access to an insecure directory that has open permissions. Many times, they will upload files or modify existing ones, which then show up as spam in our index.
Sample URLs:At that time, the site was checked by the host and site owner and any suspicious links removed. We thought the problem was resolved until a MOZ crawl on March 22 which highlighted a number of hack links again.This is the link format: http://www.mommyupgrade.com/?p=online-slots
All are related to gambling, casinos and slots.
To find the links, we downloaded the MOZ crawl report and found that all the links were referred from this page: http://www.mommyupgrade.com/how-to-make-rainbow-lollipop-cookies/
Searching that post shows no sign of links to the rogue pages.
I would really appreciate some advice on how to find the source of these links and delete them from this site once and for all. Also, please explain how it is possible for a post or page to refer to another page without that link showing up in the code? (Is this some black hat technique that I need to know about in order to protect my sites?)
Also... at the moment Google Webmaster Tools are not reporting any security issues for this site.
Any help appreciated.
-
You're welcome. I'm always amazed at the diversity of people that read and comment here. A lot of talented eyes are considering the questions for sure. Cheers!
-
@Ryan, that link is very useful and once we have the site clean we can use it regularly to check that no new issues presnt themselves.
@Richard, thank you for this information. It helps a lot.
Great community support. I wish I had asked this question days ago.Thank you MOZ.
-
There are some base 64 encoded URLs on the page. They show in the source code like below. That would be my guess as to what is creating the links, which are obfuscated for users. These types of attacks are usually called in your functions.php file or within a hacked plugin, or could actually be inserted into the css as well.
background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGgAAABoCAYAAAAdHLWhAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAACGRJREFUeNrsnb9rVEsUxyfrQ7AO+AOzAaPGqJhCTKFNSsXCvyBapRDhaZNCbR7pXvE6wcoqRFRiIqQIRlSIRRpBMMEkb/1RKGpUonZqRH3nu+9eifHu3jlzztydDXNgWAi5e89nPndu9s7OnLT8+PHDxAg3SrELoqAYUVAUFCMKihEFRUExtOMPzTd79uzZeno5RK2HWje1Tmplaq3JryxRe0GtQm2G2n1q0x0dHcuhdUwoLC0aD6oE00Uvx6gdpdbLPHyK2gS1cYJbCEBMUCwiQQSzmV5OUOujtk+Yyyy1YWpDBLfYADFBsjgLIqDD9HIqudo0Y5zaRQKbLFBOsCxOggion14GqO3y1Gf/UvuHwC4VICdoFrYgAvqTXv5a8cfSV+CP8CCBXfAoJ3gWlqCnT5/iavu7AKCVYGe3b9+uPpKahaXEADqc3ApEQO/evTPj4+O2v45zDSTn1pTDZkHOyF0QTixWgp48ebKZRtoparsw4lzb27dvzcjICPc4nPMUctCQI2FB7mAQ9AGbxUoQvekJasc05Hz+/Dl9T07DuU9oCHJlQSB3BUksllxBlUqli96wTyrn+vXr5suXLys7itv6kItEjoQlDTCARSjJmqVkccXB+D6JnNHR0V/kOApCDseEo8eZZWWABUwCSdYsdQUtLCyspzc6KpEzNjb2mxxHQWhHkZOLHCnL6gAT2ASSrFjyRtAhh/moaszPz5sbN25kyjlw4IDrIOhNcnIJZ5ZaOYMNjGD1xVLKuSX0uFwdc3Nz5vbt25lyjh8/bnbs2CG5f/c43t56JH9HkTNyz5IEVjD7YMkT1M09Ka6mO3fuZL4fANvb283Hjx8lgrodBXVLBCFn5J4lCQFmsGuz5N3iOpn3eSs5wugs+LifYSMJfaCZU94IKmuNnHK5bD58+CAZOWkrO46gssK5qwxgURpJZekIarUdOXfv3q0rR2HksHJSPC5zJNWThL6wHEmtUkFWMT09nfnznTt3assJJlJJYOT0CTfyBC3ZvMmZM2fMhg0bfvv548ePq88KHmaFizyuZoANjKsDfYE+0cgpT9ALm7N8/frVnD59OlNSvdufY7wo+DjWbQx9gL5An2jklCeoYnMWTCKmklpbW31LqhR8nLUcsKdy0klhaU55gmZsk04lDQwMmLa2Np+SZgo+zkoOmMHOkGOVU56g+5zkkdirV6/MyZMnfUq6X/BxVnLADHaGHKuc8gTho8gU54zfvn0zb9688SVpKsnJ6cMml4UjB8xg12apK2jv3r1YJTnBhcmTlDVHZxkTSU7scGWpl7NAjjWLzXMQFhDMakoqlZwev2aTXCThxJKVs1CONUvJ4srDuB52gcobScwYTnJxDgmLohwWi+2lPOR69SpJGk9y0IghyUhUkMNiKVleeVhffNH8v0qyaEk458UkB3FIWBTksFlYCxcfPXokWuy3bt06s2nTJjM1NVVzDitjKuQsAakvXOSyYEqnt7dXIseJhb30l8BEy2UhCU/c+C7fAmiQgLwt/eWwbNy40SwtLUnkOLE4LZ5Prj7vC859jJxmY3HefkJgXrdsEFBh209CZhFt4CIwL5uetD4QrAUWlS2QBKeybVD6nKMkKiiWFs1iSgTntPHWdfrGs6ggWFpitauwI9ZJiIJiREFRUIwoKEYUFAXFiIKioBhRUIwoaM2EasXFZNcye4Kxq6sruMnSUFhUJksJRmWKnuAWAhATFItIEMF4+ZKL4BYbICZIFmdBBOT1a2ICmyxQTrAsToIIqJCFFgR2qQA5QbOwBRFQoVUKCeyCRznBs7AEzc/PN6RK4e7du9VHUrOwlBhAKhUXFxcXzbVr12x/vVqlMDm3phw2C3JG7oJwYrESNDc3p1Jx8fXr12Z4eNipSiFy0JAjYUHuYJBWXOSwFFZxMZXT7BUXFSTpVlycnZ3t+v79ex8149qwd/Py5cu/7FJzeJ8+5CJ6OBGwpAEGsIBJ0CfWLN4rLuJqu3LlypqruAgmwUjSqbj48OFDUZVCAFy9elW14iJycpEjZVkdYAKbQJIVi7eKizMzM9VPPllyDh486DoIGlZxMStnsIERrL5YvFRcpCvD3Lx5M1NOf3+/oWeBpqu4iJyRe5YksIK5KSou4mqanMyeegJgR0eHef/+fdNVXETOyD1LEgLMYA+64iJ9MrGSI4yGVVy0kYQ+0MxJreJi3sjZtm1bdQths1dcBANYlEZSMRUXcdXcunWrrhyFkcPKSfG4zJFUTxL6wnIkFVNx8d69e9njt7NTW04wkUoCI6dPuKFScfH8+fOZxfwqlUp1asTDrHCRx9UMsIFxdaAv0CcaOalUXFxeXjbnzp3LlIQKuBMTE5r9EkTFRTBlVZxHH6Av0CcaOalUXPz06dNPSVkVF5UlNbziYi05YE/loE80clKruJhKGhwcrFbD9SipoRUXa8kBM9gZcqxyUq24iMSeP39eLQ3pUVLDKi7WkwNmsDPkWOXkpeLiy5cvfUlqWMXFPDlgLrzi4v79+50rLtaTJKm4mOTEDleWejkL5FizeK24WEvSWqi4KJSjV3GRLIsqLtYbSdzHjiQX55CwKMphsRRScVFBUjAVFxXk6FdcJNviiosCSdUqhUkO4pCwKMhhs7AWLj548EBccXHr1q3VL7j27NljOxVyloDUFy5yWfAv0I4cOSKR48TCXvpLYOKKi6heiO/yLYAGCcjb0l8Oy5YtW6pVIiUVF11YnBbPJ1ef9wXnPkZOs7E4bz8hMK9bNgiosO0nIbOINnARmJdNT1ofCNYCi8oWSIJT2TYofc5REhUUi2pBP4Jz2njrOn3jWVQQLLHiYuAR6yREQTGioCgoRhQUIwqKgmKox38CDACL7v6JnTZ+vgAAAABJRU5ErkJggg==)
-
You can also run a search like this to get at these pages: https://encrypted.google.com/search?hl=en&q=site%3Amommyupgrade.com inurl%3A%3F%3Dp
The root cause is a hack of your Wordpress installation, most likely a plugin. Here's a good discussion around how this takes place: https://wordpress.org/support/topic/someone-has-hacked-the-site-and-inserted-a-link
Recently a vulnerability was found in the Yoast plugin (see: http://thehackernews.com/2015/03/wordpress-seo-by-yoast-plugin.html ), so you'll certainly want to upgrade that and preferably set your updates to automatic.
Good luck!
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Is there a quick and easy way to check a website to see which outbound links open in the browser window and not in a new window?
I have just come across a few blogs on a website that have outbound links that open in the browser window (and therefore direct people off site to these links) (there are also other outbound links that open in a new window)- is there a quick and easy way to check which outbounds links open in a new window and which open in the browser window? Much obliged Liam
Content Development | | ZaddleMarketing0 -
How do I fix a broken link to a product category page in wordpress?
We are building a new site currently at http://67.222.109.48/~cheapnan/ I started doing some SEO after the developer I hired failed to do it even though it was in the agreement. I did our old site so I should be able to do this but I am new to wordpress. Now when i go to the products tab at the top of the page the first 2 have broken links, I checked the rest and there are 3 total that I need to fix. I am unsure how to access the navigation so I can fix the links. Please tell me where to look.
Content Development | | cheaptubes0 -
Link juice from subdomain
Does having a blog on a subdomain as opposed to an extension of the root domain add or subtract to improving SEO on the root domain? For eg : what's better, HTTP://blog.durbansouthtoyota.co.za Or HTTP://www.durbansouthtoyota.co.za/blog When the www is the actual main site. Thanks!
Content Development | | ZakD0 -
Need a referee on article links
I need a referee on an issue. I have hired a company that does a decent job of creating a social presence for our company and its web presence. But the main feature I hired them for was to create and cast articlesinto the social sphere with back links to our main site. This was based on a premise that backlinks still matter. Instead the articles and posts they create are 1) posted on a separate url blog page maintained by them (but branded similar to our brand term) and 2) casts out to other social sites with back links to their 'blog-type' site, not our main site. In essence its a blog off the main url with articles/posts touting our product but linking back to the off site blog. I have requested that all the articles created monthly by them and cast out into the social sphere containe anchor text appropriate hyperlinks to our main site, not the blog type site, and they are resisting. I am willing to make a switch if the premise of creating links to my main site still holds in the SEO world. Their assertion is that it doesn't. They are getting the blog site to rank for certain key words that we also are trying to rank for and the blog site does have links to our site on their site such as an "our website" button. And they do create a lot of social activity buzz with twitter, youtube etc for our brand name. In all i like what they do except in two months they have created 305 back links to the blog and our main site has only 8. When they report they show me all the words the blog site ranks for, as if the main site doesn't exist. But wouldn't best practice still be for them to create the backlinks to our main site, not the blog and worry more about how the main site is ranking, not the cast site? Or has the SEO world changed so much that it doesn't matter. I want to be fair but I am drwaing a line in the sand on this.
Content Development | | arainey0070 -
Setting up a blog for client, should I build external links to the blog
I have a new client in the holiday industry and want to setup a wordpress blog, we will be writing the first few blogs and linking back to the relevant site page. But I am wondering how I should promote the blog so that the links are more powerful back to his own site. Blogging is not my forte and doesn't come naturally so I really need some good advice to how I can start offering this service to my clients. Thanks
Content Development | | iprosoftware0 -
Does content have a shelf life for link building efforts?
Do you think that content (that doesn't have a date attached) has a shelf life? Especially content that is effectively timeless such as a quiz? I've noticed in my link building efforts that most links are achieved within the first couple of weeks, and that there seems to be a point of diminishing returns. Why do you think that may be?
Content Development | | nicole.healthline0 -
Should You Allow Off-Topic Links in Guest Posts
Hi Mozzers! Suppose you accept guest posts on your blog about marketing and a guest blogger wants to use the anchor text "outdoor clothing" in their bio. Is there a risk to my blog if I allow off-topic links in guest posts? Is there a risk that Google would consider guest post links as paid and apply a penalty? Thanks!
Content Development | | Charlessipe1 -
How important is linking out to relevant, authoritative sites?
As I write blog articles for my site I often come across a situation where I'm quoting something from another site, or using a piece of data from that other site to make a point. I know it's nice and courteous to link to the source when I do this but from a pure SEO point of view, does it matter? Is there any benefit to linking from my site to other sites that are related and authoritative on the subject I'm discussing? I know I'll bleed off a little link juice to that external site that would otherwise go towards my internal links on the same page, but are there other benefits to linking out to known good sites? Is that any kind of signal to Google that I'm playing in a good neighborhood?
Content Development | | scanlin0