Have visitors on your website ever complained about seeing spam links or ads for illegitimate products? Have you noticed any spam results while looking up your website on Google?
If so, you have fallen prey to a spam link injection attack.
Spam link injection is a form of cyber attack. It can create problems on your WordPress site. In fact, an attack can reduce the web traffic on your page by a great margin. You have to clean it up very soon. Otherwise, it will take a lot of time and effort to restore your website to its former glory.
If you’re not familiar with spam link injections, you should know that it is possible to stop these attacks. Also, there are some preventive measures you can take to stay on the safe side. Let’s learn more about these attacks.
What is WordPress Spam Link Injection?
Spam link injection is a cyberattack that involves hackers injecting harmful code or scripts into a website. This results in malicious redirects and SEO hijacking. They do this to promote their spammy site using other websites that rank well.
This attack can be done by:
- inserting redirects to spammy pages on your website
- running advertisements for illegitimate products on your website
- adding new pages on your website without your knowledge
Dealing with a hack can be messy. Surely, it takes a lot of effort to clean up the mess and get your website up and running again. Some of the after-effects of a spam link injection attack are:
- drop in web traffic
- fewer customers
- Tarnishes brand name
- drop in rank on SERP
How to Check For WordPress Spam Link Injection?
Let’s look at a few ways you can identify spam link injection attacks:
- Blacklisting by Google or other search engines. Indeed, search engines do a good job blacklisting suspicious websites. After cleaning up the website you can remove your website from the blacklist.
- Use an SEO spam detector to scan your WordPress site.
- Oftentimes, hosting services suspend the accounts of websites that contain spam.
- Use Google Analytics or simply look up your website on a search engine. If there is any spammy content, irrelevant keywords like viagra, or foreign language characters, you can confirm that you’re a victim of a spam link injection attack.
Common WordPress Spam Link Injection Attacks
1. Korean SEO Spam Attack
Korean SEO spam is a type of spam link injection attack that targets web traffic from Korea. Spammers introduce a doorway in your website that contains an array of redirects or spam rules. This way, they flood the target website with spam.
Undoubtedly, one of the telltale signs of such an attack is the presence of Korean characters on the affected site. Besides this, you can find phrases like “online gambling”, “travel call girl”, etc. Lastly, you can also find ads for illegitimate or illegal products on the website.
Source: Security Boulevard
To execute the attack, hackers first fetch the Korean spam content. This content is then cached. Also, this content is customized in such a way that it displays different content to different users.
The following are two fixes you can apply in this case:
Add this tag to the search result page:
- <meta name=”robots” content=”noindex”>
- Create a robots.txt file in the root folder. After this, insert this:
2. Japanese Keyword Hack
Japanese keyword hack is another type of WordPress spam injection attack. Spammers usually execute this attack to advertise shady or fake Japanese products on legitimate and high-ranking pages.
When you do a simple google search of your website and find Japanese language characters in the results you can be sure that your website has fallen prey to a Japanese keyword attack. Also, when this happens your website visitors may report seeing many illegitimate ads on your website.
Outdated CMS versions and third-party plugins provide easy entry points into your website. Spammers also take advantage of improper file permissions to execute their attacks.
After identifying a Japanese keyword hack, you need to clean it up immediately. However, before you do anything, backup your site. After this, scan for malware. Then go through the .htaccess file and recently modified files and verify the content. Don’t forget to check your uploads directory and sitemap.
3. Google Viagra and Cialis Hack
Lastly, let’s talk about a type of WordPress spam link injection attack called Google viagra and Cialis hack or pharma hack. Pharma hack involves spammers promoting illegitimate pharmaceutical drugs on high-ranking websites. They usually promote ads for the knock-off products of original branded drugs. Although a lot of products are advertised, the most common ones are viagra and Cialis.
If you receive complaints about illegitimate advertisements on your WordPress site, there is a possibility for a pharma hack. You can check for this attack by searching your website online on a search engine. Sometimes you might not get the pages that are infected using that search. In this case, try adding some keywords like “viagra” or “Cialis” along with your website name.
Some of the most common means that spammers use for pharma hacks are SQLi and XSS. The next major vulnerabilities they exploit are weak account or FTP passwords. Lastly, hackers exploit outdated or unsafe third-party plugins. You can remove the pharma hack by following the same procedure as the Japanese keyword hack.
Prevention is better than spending hours and hours cleaning up your website. And, it is certainly possible to take preventive measures against these WordPress spam link attacks. Here’s what you need to do:
- Install an iron-clad web application firewall(WAF).
- Make sure to set the right file and folder permissions.
- Use plugins like WP-hardening to harden your login page security
Being the victim of a spam link injection attack can be stressful. Besides this, it can create a lot of problems for your site. So, it is very important to identify the hack early on and remove it before it causes harm. Also, there are some preventative measures you can adopt to decrease your chances of receiving such an attack. Equipped with this information, you are ready to face a spam injection attack if it ever comes your way.