Tracking Down Rogue Spam Links
-
In Feb, 2015 www.mommyupgrade.com site received the following notification in GWT:
http://www.mommyupgrade.com/: Suspected hackingFeb 4, 2015
Google has detected that some of your pages may contain hidden text or cloaking, techniques that are outside our Webmaster Guidelines.
Specifically, we detected that your site may have been modified by a third party. Typically, the offending party gains access to an insecure directory that has open permissions. Many times, they will upload files or modify existing ones, which then show up as spam in our index.
Sample URLs:At that time, the site was checked by the host and site owner and any suspicious links removed. We thought the problem was resolved until a MOZ crawl on March 22 which highlighted a number of hack links again.This is the link format: http://www.mommyupgrade.com/?p=online-slots
All are related to gambling, casinos and slots.
To find the links, we downloaded the MOZ crawl report and found that all the links were referred from this page: http://www.mommyupgrade.com/how-to-make-rainbow-lollipop-cookies/
Searching that post shows no sign of links to the rogue pages.
I would really appreciate some advice on how to find the source of these links and delete them from this site once and for all. Also, please explain how it is possible for a post or page to refer to another page without that link showing up in the code? (Is this some black hat technique that I need to know about in order to protect my sites?)
Also... at the moment Google Webmaster Tools are not reporting any security issues for this site.
Any help appreciated.
-
You're welcome. I'm always amazed at the diversity of people that read and comment here. A lot of talented eyes are considering the questions for sure. Cheers!
-
@Ryan, that link is very useful and once we have the site clean we can use it regularly to check that no new issues presnt themselves.
@Richard, thank you for this information. It helps a lot.
Great community support. I wish I had asked this question days ago.Thank you MOZ.
-
There are some base 64 encoded URLs on the page. They show in the source code like below. That would be my guess as to what is creating the links, which are obfuscated for users. These types of attacks are usually called in your functions.php file or within a hacked plugin, or could actually be inserted into the css as well.
background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGgAAABoCAYAAAAdHLWhAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAACGRJREFUeNrsnb9rVEsUxyfrQ7AO+AOzAaPGqJhCTKFNSsXCvyBapRDhaZNCbR7pXvE6wcoqRFRiIqQIRlSIRRpBMMEkb/1RKGpUonZqRH3nu+9eifHu3jlzztydDXNgWAi5e89nPndu9s7OnLT8+PHDxAg3SrELoqAYUVAUFCMKihEFRUExtOMPzTd79uzZeno5RK2HWje1Tmplaq3JryxRe0GtQm2G2n1q0x0dHcuhdUwoLC0aD6oE00Uvx6gdpdbLPHyK2gS1cYJbCEBMUCwiQQSzmV5OUOujtk+Yyyy1YWpDBLfYADFBsjgLIqDD9HIqudo0Y5zaRQKbLFBOsCxOggion14GqO3y1Gf/UvuHwC4VICdoFrYgAvqTXv5a8cfSV+CP8CCBXfAoJ3gWlqCnT5/iavu7AKCVYGe3b9+uPpKahaXEADqc3ApEQO/evTPj4+O2v45zDSTn1pTDZkHOyF0QTixWgp48ebKZRtoparsw4lzb27dvzcjICPc4nPMUctCQI2FB7mAQ9AGbxUoQvekJasc05Hz+/Dl9T07DuU9oCHJlQSB3BUksllxBlUqli96wTyrn+vXr5suXLys7itv6kItEjoQlDTCARSjJmqVkccXB+D6JnNHR0V/kOApCDseEo8eZZWWABUwCSdYsdQUtLCyspzc6KpEzNjb2mxxHQWhHkZOLHCnL6gAT2ASSrFjyRtAhh/moaszPz5sbN25kyjlw4IDrIOhNcnIJZ5ZaOYMNjGD1xVLKuSX0uFwdc3Nz5vbt25lyjh8/bnbs2CG5f/c43t56JH9HkTNyz5IEVjD7YMkT1M09Ka6mO3fuZL4fANvb283Hjx8lgrodBXVLBCFn5J4lCQFmsGuz5N3iOpn3eSs5wugs+LifYSMJfaCZU94IKmuNnHK5bD58+CAZOWkrO46gssK5qwxgURpJZekIarUdOXfv3q0rR2HksHJSPC5zJNWThL6wHEmtUkFWMT09nfnznTt3assJJlJJYOT0CTfyBC3ZvMmZM2fMhg0bfvv548ePq88KHmaFizyuZoANjKsDfYE+0cgpT9ALm7N8/frVnD59OlNSvdufY7wo+DjWbQx9gL5An2jklCeoYnMWTCKmklpbW31LqhR8nLUcsKdy0klhaU55gmZsk04lDQwMmLa2Np+SZgo+zkoOmMHOkGOVU56g+5zkkdirV6/MyZMnfUq6X/BxVnLADHaGHKuc8gTho8gU54zfvn0zb9688SVpKsnJ6cMml4UjB8xg12apK2jv3r1YJTnBhcmTlDVHZxkTSU7scGWpl7NAjjWLzXMQFhDMakoqlZwev2aTXCThxJKVs1CONUvJ4srDuB52gcobScwYTnJxDgmLohwWi+2lPOR69SpJGk9y0IghyUhUkMNiKVleeVhffNH8v0qyaEk458UkB3FIWBTksFlYCxcfPXokWuy3bt06s2nTJjM1NVVzDitjKuQsAakvXOSyYEqnt7dXIseJhb30l8BEy2UhCU/c+C7fAmiQgLwt/eWwbNy40SwtLUnkOLE4LZ5Prj7vC859jJxmY3HefkJgXrdsEFBh209CZhFt4CIwL5uetD4QrAUWlS2QBKeybVD6nKMkKiiWFs1iSgTntPHWdfrGs6ggWFpitauwI9ZJiIJiREFRUIwoKEYUFAXFiIKioBhRUIwoaM2EasXFZNcye4Kxq6sruMnSUFhUJksJRmWKnuAWAhATFItIEMF4+ZKL4BYbICZIFmdBBOT1a2ICmyxQTrAsToIIqJCFFgR2qQA5QbOwBRFQoVUKCeyCRznBs7AEzc/PN6RK4e7du9VHUrOwlBhAKhUXFxcXzbVr12x/vVqlMDm3phw2C3JG7oJwYrESNDc3p1Jx8fXr12Z4eNipSiFy0JAjYUHuYJBWXOSwFFZxMZXT7BUXFSTpVlycnZ3t+v79ex8149qwd/Py5cu/7FJzeJ8+5CJ6OBGwpAEGsIBJ0CfWLN4rLuJqu3LlypqruAgmwUjSqbj48OFDUZVCAFy9elW14iJycpEjZVkdYAKbQJIVi7eKizMzM9VPPllyDh486DoIGlZxMStnsIERrL5YvFRcpCvD3Lx5M1NOf3+/oWeBpqu4iJyRe5YksIK5KSou4mqanMyeegJgR0eHef/+fdNVXETOyD1LEgLMYA+64iJ9MrGSI4yGVVy0kYQ+0MxJreJi3sjZtm1bdQths1dcBANYlEZSMRUXcdXcunWrrhyFkcPKSfG4zJFUTxL6wnIkFVNx8d69e9njt7NTW04wkUoCI6dPuKFScfH8+fOZxfwqlUp1asTDrHCRx9UMsIFxdaAv0CcaOalUXFxeXjbnzp3LlIQKuBMTE5r9EkTFRTBlVZxHH6Av0CcaOalUXPz06dNPSVkVF5UlNbziYi05YE/loE80clKruJhKGhwcrFbD9SipoRUXa8kBM9gZcqxyUq24iMSeP39eLQ3pUVLDKi7WkwNmsDPkWOXkpeLiy5cvfUlqWMXFPDlgLrzi4v79+50rLtaTJKm4mOTEDleWejkL5FizeK24WEvSWqi4KJSjV3GRLIsqLtYbSdzHjiQX55CwKMphsRRScVFBUjAVFxXk6FdcJNviiosCSdUqhUkO4pCwKMhhs7AWLj548EBccXHr1q3VL7j27NljOxVyloDUFy5yWfAv0I4cOSKR48TCXvpLYOKKi6heiO/yLYAGCcjb0l8Oy5YtW6pVIiUVF11YnBbPJ1ef9wXnPkZOs7E4bz8hMK9bNgiosO0nIbOINnARmJdNT1ofCNYCi8oWSIJT2TYofc5REhUUi2pBP4Jz2njrOn3jWVQQLLHiYuAR6yREQTGioCgoRhQUIwqKgmKox38CDACL7v6JnTZ+vgAAAABJRU5ErkJggg==)
-
You can also run a search like this to get at these pages: https://encrypted.google.com/search?hl=en&q=site%3Amommyupgrade.com inurl%3A%3F%3Dp
The root cause is a hack of your Wordpress installation, most likely a plugin. Here's a good discussion around how this takes place: https://wordpress.org/support/topic/someone-has-hacked-the-site-and-inserted-a-link
Recently a vulnerability was found in the Yoast plugin (see: http://thehackernews.com/2015/03/wordpress-seo-by-yoast-plugin.html ), so you'll certainly want to upgrade that and preferably set your updates to automatic.
Good luck!
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Building an Industry Resource List w Links to Competitors
Hi folks. I'm working on a B2B e-commerce site in a very commoditized space. It's very technical and longtail-- several thousand product pages and of those, over 1,000 landing pages per month, when visitors find products. Most items we sell are only bought once or twice per year. Many won't even be bought in a given year. So it's tough to invest a lot on a given page, but we chip away at it. We don't have many non-product pages. To date, we've grown with solid on-page SEO for products and good customer service. I'm adding a resource section to include helpful articles and definitions of technical terms. Also, since good sources of products can be so hard to find (we literally have customers like NASA googling for parts), I would like to build an industry guide of sorts. It would include manufacturers, master distributors, distributors and resellers (like our site). To be a good list, it only makes sense to include my competitors. It's likely very few people will actually ever see this page, but I figure more deep content with lots of highly relevant links is good for raising DA, especially because it could become a page others want to link to. I haven't found a comparable resource in the 4 years I've been working on this project. Any reason I should not do this? Any pitfalls I should be aware of? Thank you!
Content Development | | Mike_Sobol0 -
Is there a quick and easy way to check a website to see which outbound links open in the browser window and not in a new window?
I have just come across a few blogs on a website that have outbound links that open in the browser window (and therefore direct people off site to these links) (there are also other outbound links that open in a new window)- is there a quick and easy way to check which outbounds links open in a new window and which open in the browser window? Much obliged Liam
Content Development | | ZaddleMarketing0 -
How do I fix a broken link to a product category page in wordpress?
We are building a new site currently at http://67.222.109.48/~cheapnan/ I started doing some SEO after the developer I hired failed to do it even though it was in the agreement. I did our old site so I should be able to do this but I am new to wordpress. Now when i go to the products tab at the top of the page the first 2 have broken links, I checked the rest and there are 3 total that I need to fix. I am unsure how to access the navigation so I can fix the links. Please tell me where to look.
Content Development | | cheaptubes0 -
If you were guest blogging would you prefer a link or revenue share
I am looking at ideas at the moment, we have been getting a large number of guest bloggers wanting to write for our site but i have to say we are turning down around 90% of the articles as they are low quality. So i am just wondering, to attract high quality articles, should we carry on offering a link in the articles or offer them revenue share by asking for their google adsense code and putting it somewhere on the page. If we did offer this, how would we impliment this, we work on a joomla website and have read about rev share but not sure how we do this correctly. Would like to know people's thoughts on this
Content Development | | ClaireH-1848861 -
Can you link build without adding any content to the website?
I am an agency-side SEO who has a few different SEO clients. A couple of them absolutely refuse to add any content to their site - no blog, no articles, no link bait, nothing. They have resisted efforts for any content to be placed on their site - whether it is written by us, them, or a third party. They just don't see the value in it, despite my attempts to persuade them. As a result, these websites are just brochure websites. What are your options for link building in this situation? If content is the foundation of white hat link building, what do you do if the client refuses to add content to their site? All help gratefully received! Thanks
Content Development | | kevinmorley0 -
Keep or remove a link directory with 700 entries?
Hi, I've a site which has a link directory included. About 700 entries. Each entry has an own page with a title, description and of course a link to the extern site. The link is not marked as "nofollow". The site is only linking to similar / relevent other sites. Now the seo question: Keep the link directory as is? Add a nofollow to the links? Remove the link directory? (and about 700 pages) Best wishes, Georg.
Content Development | | GeorgFranz0 -
Need a referee on article links
I need a referee on an issue. I have hired a company that does a decent job of creating a social presence for our company and its web presence. But the main feature I hired them for was to create and cast articlesinto the social sphere with back links to our main site. This was based on a premise that backlinks still matter. Instead the articles and posts they create are 1) posted on a separate url blog page maintained by them (but branded similar to our brand term) and 2) casts out to other social sites with back links to their 'blog-type' site, not our main site. In essence its a blog off the main url with articles/posts touting our product but linking back to the off site blog. I have requested that all the articles created monthly by them and cast out into the social sphere containe anchor text appropriate hyperlinks to our main site, not the blog type site, and they are resisting. I am willing to make a switch if the premise of creating links to my main site still holds in the SEO world. Their assertion is that it doesn't. They are getting the blog site to rank for certain key words that we also are trying to rank for and the blog site does have links to our site on their site such as an "our website" button. And they do create a lot of social activity buzz with twitter, youtube etc for our brand name. In all i like what they do except in two months they have created 305 back links to the blog and our main site has only 8. When they report they show me all the words the blog site ranks for, as if the main site doesn't exist. But wouldn't best practice still be for them to create the backlinks to our main site, not the blog and worry more about how the main site is ranking, not the cast site? Or has the SEO world changed so much that it doesn't matter. I want to be fair but I am drwaing a line in the sand on this.
Content Development | | arainey0070 -
Setting up a blog for client, should I build external links to the blog
I have a new client in the holiday industry and want to setup a wordpress blog, we will be writing the first few blogs and linking back to the relevant site page. But I am wondering how I should promote the blog so that the links are more powerful back to his own site. Blogging is not my forte and doesn't come naturally so I really need some good advice to how I can start offering this service to my clients. Thanks
Content Development | | iprosoftware0