Tracking Down Rogue Spam Links
-
In Feb, 2015 www.mommyupgrade.com site received the following notification in GWT:
http://www.mommyupgrade.com/: Suspected hackingFeb 4, 2015
Google has detected that some of your pages may contain hidden text or cloaking, techniques that are outside our Webmaster Guidelines.
Specifically, we detected that your site may have been modified by a third party. Typically, the offending party gains access to an insecure directory that has open permissions. Many times, they will upload files or modify existing ones, which then show up as spam in our index.
Sample URLs:At that time, the site was checked by the host and site owner and any suspicious links removed. We thought the problem was resolved until a MOZ crawl on March 22 which highlighted a number of hack links again.This is the link format: http://www.mommyupgrade.com/?p=online-slots
All are related to gambling, casinos and slots.
To find the links, we downloaded the MOZ crawl report and found that all the links were referred from this page: http://www.mommyupgrade.com/how-to-make-rainbow-lollipop-cookies/
Searching that post shows no sign of links to the rogue pages.
I would really appreciate some advice on how to find the source of these links and delete them from this site once and for all. Also, please explain how it is possible for a post or page to refer to another page without that link showing up in the code? (Is this some black hat technique that I need to know about in order to protect my sites?)
Also... at the moment Google Webmaster Tools are not reporting any security issues for this site.
Any help appreciated.
-
You're welcome. I'm always amazed at the diversity of people that read and comment here. A lot of talented eyes are considering the questions for sure. Cheers!
-
@Ryan, that link is very useful and once we have the site clean we can use it regularly to check that no new issues presnt themselves.
@Richard, thank you for this information. It helps a lot.
Great community support. I wish I had asked this question days ago.Thank you MOZ.
-
There are some base 64 encoded URLs on the page. They show in the source code like below. That would be my guess as to what is creating the links, which are obfuscated for users. These types of attacks are usually called in your functions.php file or within a hacked plugin, or could actually be inserted into the css as well.
background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGgAAABoCAYAAAAdHLWhAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAACGRJREFUeNrsnb9rVEsUxyfrQ7AO+AOzAaPGqJhCTKFNSsXCvyBapRDhaZNCbR7pXvE6wcoqRFRiIqQIRlSIRRpBMMEkb/1RKGpUonZqRH3nu+9eifHu3jlzztydDXNgWAi5e89nPndu9s7OnLT8+PHDxAg3SrELoqAYUVAUFCMKihEFRUExtOMPzTd79uzZeno5RK2HWje1Tmplaq3JryxRe0GtQm2G2n1q0x0dHcuhdUwoLC0aD6oE00Uvx6gdpdbLPHyK2gS1cYJbCEBMUCwiQQSzmV5OUOujtk+Yyyy1YWpDBLfYADFBsjgLIqDD9HIqudo0Y5zaRQKbLFBOsCxOggion14GqO3y1Gf/UvuHwC4VICdoFrYgAvqTXv5a8cfSV+CP8CCBXfAoJ3gWlqCnT5/iavu7AKCVYGe3b9+uPpKahaXEADqc3ApEQO/evTPj4+O2v45zDSTn1pTDZkHOyF0QTixWgp48ebKZRtoparsw4lzb27dvzcjICPc4nPMUctCQI2FB7mAQ9AGbxUoQvekJasc05Hz+/Dl9T07DuU9oCHJlQSB3BUksllxBlUqli96wTyrn+vXr5suXLys7itv6kItEjoQlDTCARSjJmqVkccXB+D6JnNHR0V/kOApCDseEo8eZZWWABUwCSdYsdQUtLCyspzc6KpEzNjb2mxxHQWhHkZOLHCnL6gAT2ASSrFjyRtAhh/moaszPz5sbN25kyjlw4IDrIOhNcnIJZ5ZaOYMNjGD1xVLKuSX0uFwdc3Nz5vbt25lyjh8/bnbs2CG5f/c43t56JH9HkTNyz5IEVjD7YMkT1M09Ka6mO3fuZL4fANvb283Hjx8lgrodBXVLBCFn5J4lCQFmsGuz5N3iOpn3eSs5wugs+LifYSMJfaCZU94IKmuNnHK5bD58+CAZOWkrO46gssK5qwxgURpJZekIarUdOXfv3q0rR2HksHJSPC5zJNWThL6wHEmtUkFWMT09nfnznTt3assJJlJJYOT0CTfyBC3ZvMmZM2fMhg0bfvv548ePq88KHmaFizyuZoANjKsDfYE+0cgpT9ALm7N8/frVnD59OlNSvdufY7wo+DjWbQx9gL5An2jklCeoYnMWTCKmklpbW31LqhR8nLUcsKdy0klhaU55gmZsk04lDQwMmLa2Np+SZgo+zkoOmMHOkGOVU56g+5zkkdirV6/MyZMnfUq6X/BxVnLADHaGHKuc8gTho8gU54zfvn0zb9688SVpKsnJ6cMml4UjB8xg12apK2jv3r1YJTnBhcmTlDVHZxkTSU7scGWpl7NAjjWLzXMQFhDMakoqlZwev2aTXCThxJKVs1CONUvJ4srDuB52gcobScwYTnJxDgmLohwWi+2lPOR69SpJGk9y0IghyUhUkMNiKVleeVhffNH8v0qyaEk458UkB3FIWBTksFlYCxcfPXokWuy3bt06s2nTJjM1NVVzDitjKuQsAakvXOSyYEqnt7dXIseJhb30l8BEy2UhCU/c+C7fAmiQgLwt/eWwbNy40SwtLUnkOLE4LZ5Prj7vC859jJxmY3HefkJgXrdsEFBh209CZhFt4CIwL5uetD4QrAUWlS2QBKeybVD6nKMkKiiWFs1iSgTntPHWdfrGs6ggWFpitauwI9ZJiIJiREFRUIwoKEYUFAXFiIKioBhRUIwoaM2EasXFZNcye4Kxq6sruMnSUFhUJksJRmWKnuAWAhATFItIEMF4+ZKL4BYbICZIFmdBBOT1a2ICmyxQTrAsToIIqJCFFgR2qQA5QbOwBRFQoVUKCeyCRznBs7AEzc/PN6RK4e7du9VHUrOwlBhAKhUXFxcXzbVr12x/vVqlMDm3phw2C3JG7oJwYrESNDc3p1Jx8fXr12Z4eNipSiFy0JAjYUHuYJBWXOSwFFZxMZXT7BUXFSTpVlycnZ3t+v79ex8149qwd/Py5cu/7FJzeJ8+5CJ6OBGwpAEGsIBJ0CfWLN4rLuJqu3LlypqruAgmwUjSqbj48OFDUZVCAFy9elW14iJycpEjZVkdYAKbQJIVi7eKizMzM9VPPllyDh486DoIGlZxMStnsIERrL5YvFRcpCvD3Lx5M1NOf3+/oWeBpqu4iJyRe5YksIK5KSou4mqanMyeegJgR0eHef/+fdNVXETOyD1LEgLMYA+64iJ9MrGSI4yGVVy0kYQ+0MxJreJi3sjZtm1bdQths1dcBANYlEZSMRUXcdXcunWrrhyFkcPKSfG4zJFUTxL6wnIkFVNx8d69e9njt7NTW04wkUoCI6dPuKFScfH8+fOZxfwqlUp1asTDrHCRx9UMsIFxdaAv0CcaOalUXFxeXjbnzp3LlIQKuBMTE5r9EkTFRTBlVZxHH6Av0CcaOalUXPz06dNPSVkVF5UlNbziYi05YE/loE80clKruJhKGhwcrFbD9SipoRUXa8kBM9gZcqxyUq24iMSeP39eLQ3pUVLDKi7WkwNmsDPkWOXkpeLiy5cvfUlqWMXFPDlgLrzi4v79+50rLtaTJKm4mOTEDleWejkL5FizeK24WEvSWqi4KJSjV3GRLIsqLtYbSdzHjiQX55CwKMphsRRScVFBUjAVFxXk6FdcJNviiosCSdUqhUkO4pCwKMhhs7AWLj548EBccXHr1q3VL7j27NljOxVyloDUFy5yWfAv0I4cOSKR48TCXvpLYOKKi6heiO/yLYAGCcjb0l8Oy5YtW6pVIiUVF11YnBbPJ1ef9wXnPkZOs7E4bz8hMK9bNgiosO0nIbOINnARmJdNT1ofCNYCi8oWSIJT2TYofc5REhUUi2pBP4Jz2njrOn3jWVQQLLHiYuAR6yREQTGioCgoRhQUIwqKgmKox38CDACL7v6JnTZ+vgAAAABJRU5ErkJggg==)
-
You can also run a search like this to get at these pages: https://encrypted.google.com/search?hl=en&q=site%3Amommyupgrade.com inurl%3A%3F%3Dp
The root cause is a hack of your Wordpress installation, most likely a plugin. Here's a good discussion around how this takes place: https://wordpress.org/support/topic/someone-has-hacked-the-site-and-inserted-a-link
Recently a vulnerability was found in the Yoast plugin (see: http://thehackernews.com/2015/03/wordpress-seo-by-yoast-plugin.html ), so you'll certainly want to upgrade that and preferably set your updates to automatic.
Good luck!
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Building an Industry Resource List w Links to Competitors
Hi folks. I'm working on a B2B e-commerce site in a very commoditized space. It's very technical and longtail-- several thousand product pages and of those, over 1,000 landing pages per month, when visitors find products. Most items we sell are only bought once or twice per year. Many won't even be bought in a given year. So it's tough to invest a lot on a given page, but we chip away at it. We don't have many non-product pages. To date, we've grown with solid on-page SEO for products and good customer service. I'm adding a resource section to include helpful articles and definitions of technical terms. Also, since good sources of products can be so hard to find (we literally have customers like NASA googling for parts), I would like to build an industry guide of sorts. It would include manufacturers, master distributors, distributors and resellers (like our site). To be a good list, it only makes sense to include my competitors. It's likely very few people will actually ever see this page, but I figure more deep content with lots of highly relevant links is good for raising DA, especially because it could become a page others want to link to. I haven't found a comparable resource in the 4 years I've been working on this project. Any reason I should not do this? Any pitfalls I should be aware of? Thank you!
Content Development | | Mike_Sobol0 -
What if your content is getting social shares but no links?
Suppose you have a weekly blog article and sometimes your articles earn social shares (e.g. 23 +1's on Google Plus on one article but normally 3-5 social shares). One out of 10 earns an organic link from a random blog. Would you continue publishing these blog posts?
Content Development | | ProjectLabs0 -
How can I make a clickable header on Tumblr (with several links to click)
I would like to make a clickable header with several links to click, for example the possibility to click Facebook & Twitter icons to get redirected to my twitter and Facebook page. I know how to make the clickable image and get the html for it. But where in the HTML on tumblr should I insert it? Can I override the custom header with my HTML header somehow? Appreciate all the help I can get, Thanks.
Content Development | | Fisken0 -
My Guest Blog: Still A Good Link Building Resource?
In an effort to build some links, we want to really work on improving our blog content and exposure. We want to write two quality posts per week, and submit 1 quality guest post every 1-2 weeks. However, we're not sure how to go about submitting guest posts or who to submit them to? I found an all article from SEOmoz http://moz.com/blog/4-valuable-link-building-services but it's from 2010. Is myguestblog still a good source? Are there better ways of doing it? Also, is ever advisable to pay to submit a post? Some of the legal blogs (we're a law firm) have this option, but that strikes me as spammy or low quality links. Just to reiterate, we are striving to write high-quality useful content audiences will find beneficial, not just junk or salesmanship. If it takes longer than a week to write posts like that, that's fine. We just really need some specific advise on who we should be submitting our guest posts to and who we should avoid. Thank you all so much for any advice or suggestions, Ruben
Content Development | | KempRugeLawGroup0 -
How to encourage guest bloggers to link back
Hi, we have just started to allow guest bloggers on our site www.in2town.co.uk where we offer them two links within the articles, but what we would really like to do is to encourage them to link back to their articles. I am trying to find information on how we can encourage guest bloggers to link back and would love to hear your thoughts.
Content Development | | ClaireH-1848860 -
Keep or remove a link directory with 700 entries?
Hi, I've a site which has a link directory included. About 700 entries. Each entry has an own page with a title, description and of course a link to the extern site. The link is not marked as "nofollow". The site is only linking to similar / relevent other sites. Now the seo question: Keep the link directory as is? Add a nofollow to the links? Remove the link directory? (and about 700 pages) Best wishes, Georg.
Content Development | | GeorgFranz0 -
4XX (Client Error) Double URL Link Problem
Hi, I have a wordpres site and have 140 4XX (Client Error) errors such as: http://www.campervanhire.com/advertise/http:%2F%2Fwww.campervanhire.com%2Fadvertise%2F http://www.campervanhire.com/australia/camper-van-hire-australia/http:%2F%2Fwww.campervanhire.com%2Faustralia%2Fcamper-van-hire-australia%2F The bulk are all the same problem, different urls but all duplicated with %2F at the end. Not sure how they were generated or how fix this?
Content Development | | 360360
Any info would be great! Thanks in advance, Malcolm0 -
How important is linking out to relevant, authoritative sites?
As I write blog articles for my site I often come across a situation where I'm quoting something from another site, or using a piece of data from that other site to make a point. I know it's nice and courteous to link to the source when I do this but from a pure SEO point of view, does it matter? Is there any benefit to linking from my site to other sites that are related and authoritative on the subject I'm discussing? I know I'll bleed off a little link juice to that external site that would otherwise go towards my internal links on the same page, but are there other benefits to linking out to known good sites? Is that any kind of signal to Google that I'm playing in a good neighborhood?
Content Development | | scanlin0