Hackers are conducting a massive search engine optimization (SEO) black hat campaign, compromising nearly 15,000 websites to redirect visitors to fake question-and-answer discussion forums.
The attacks were first spotted by Sucuri, who says each compromised website contains around 20,000 files used as part of the search engine spam campaign, with the majority of websites being WordPress.
The researchers believe that the goal of the threat actors is to generate enough indexed pages to increase the authority of the fake Q&A sites and thus rank better in search engines.
The campaign is likely preparing these websites for future use as malware droppers or phishing sites, since even a short-term occupancy on the first page of Google search would lead to many infections.
An alternative scenario, based on the presence of “ads.txt” file on the landing sites, is that their owners want to generate more traffic in order to run ad fraud.
Targeting WordPress sites
Contents
Sucuri reports that the hackers modify WordPress PHP files such as wp-singup.php, wp-cron.php, wp-settings.php, wp-mail.php, and wp-blog -header.php’ to include the redirects to the fake Q&A discussion forums.
In some cases, the attackers drop their own PHP files on the target page, using random or pseudo-legitimate filenames such as “wp-logln.php”.
The infected or injected files contain malicious code that verifies that website visitors are logged into WordPress and otherwise redirects them to the URL https://ois.is/images/logo-6.png.
However, browsers are not sent an image from this URL, but instead load JavaScript that redirects users to a Google Search clickthrough URL, which redirects users to the promoted Q&A website.
Using a Google search clickthrough URL is likely to increase the performance metrics for the URLs in the Google index to give the impression that the sites are popular in hopes of improving their ranking in the search results.
Additionally, redirecting via Google Search clickthrough URLs makes traffic appear more legitimate, potentially bypassing some security software.
The exclusion of logged-in users as well as those who are on “wp-login.php” is intended to prevent an administrator of the site from being redirected, which would lead to suspicion and cleaning of the compromised site.
The PNG image file uses the window.location.href function to generate the Google search redirect result to one of the following target domains:
Threat actors use multiple subdomains for this, so the full list of landing domains is too long to include here (1,137 entries). Those interested in checking out the full list can find it here.
Most of these websites hide their servers behind Cloudflare, preventing Sucuri analysts from learning more about the campaign operators.
Since all websites use similar templates to build websites and all appear to be generated by automated tools, they are likely all owned by the same threat actors.
Sucuri could not see how the threat actors breached the websites used for redirects. However, this is likely done through exploitation of a vulnerable plugin or brute force of the WordPress admin password.
Therefore, the recommendation is to update all WordPress plugins and website CMS to the latest version and enable two-factor authentication (2FA) for administrator accounts.
What are the three SEO goals?
Reducing bounce rate, getting backlinks and increasing page speed are some of the most important goals your business should aim for. Over the years, search engine optimization (SEO) has evolved and become more complex.
What are the 3 components of SEO? The three main components of SEO are: Technical SEO. Onpage SEO (or Content SEO) Offpage SEO (or Links)
What are the goals of SEO? The basic goal of SEO is to increase your presence in relevant online search results so you can get more leads, sales, and revenue. In other words, the endgame of SEO is growing your business online.
What are the 3 main objectives of SEO?
The 9 SEO goals that matter most in 2022
- SEO Goal #1: Optimize your internal link structure.
- SEO goal #2: Increase conversions.
- SEO Goal #3: Increase time spent on pages.
- SEO Goal #4: Decrease your bounce rate.
- SEO Goal #5: Maximize Page Speed.
- SEO goal #6: Strengthen domain authority.
What are the 3 C’s of SEO? Simply put, the basics of SEO boil down to the 3 Cs: content, code, and credibility.
What are the 3 most important on page SEO factors?
Top 6 Most Important Onpage SEO Factors
- Quality content – the most important onpage SEO factor. The content you publish is the most important part of SEO. …
- title tag. …
- meta description. …
- Correct formatting – very important onpage SEO factor. …
- Image use for onpage SEO. …
- Well composed URL.
What are the top 3 ranking factors? In no particular order, the most important factors for ranking on Google are: Quality content. Mobile first. side experience.
What are the most important aspects of onpage SEO? On-page SEO helps search engines analyze your website and related content so they can tell if a searcher’s query is relevant to your site. Google is constantly updating its algorithm so that it can better understand a searcher’s intent and provide search results that match that user’s needs.
What is the goal of SEO poisoning?
SEO poisoning, also known as search poisoning, is an attack vector in which cyber criminals create malicious websites and use search engine optimization tactics to make them prominent in search results.
What is the purpose of using SEO? Search Engine Optimization (SEO) is the art and science of getting pages to rank higher in search engines like Google. Since search is one of the main ways people discover content online, higher search engine rankings can lead to an increase in traffic to a website.
What is the most common target of SEO poisoning? The end goal of SEO poisoning is to rank this webpage higher on Google. The impact this has on the user can be significant. Once applied, users get redirected to unwanted page. These sites are usually infected with malware that can be harmful to most desktops.
Can SEO be hacked?
Businesses use SEO to drive traffic to their websites to increase revenue and signups. Unfortunately, it can also be used for malicious or less ethical purposes – cloaking and SEO spam. If you try to use SEO to drive traffic to your website, hackers with malicious intent will do the same.
Does malware affect SEO? Malicious code is also a form of SEO poisoning. Google has become more cautious about malware on websites and actually shows warning messages when users encounter a website with malicious code.
What is SEO Malware? Summary. Search Engine Optimization (SEO) poisoning is a tactic where threat actors create malicious websites and use techniques like keywords to boost their rankings and show up as one of the top search results.
What is SEO Hacker?
SEO Hacker is an SEO agency best known for its expertise in long-term ranking of small, medium and large businesses on search engine results pages. Our SEO experts can develop the best SEO strategies to improve your website’s discoverability.
What is SEO in simple terms? Search Engine Optimization is the science of enhancing a website to increase its visibility when people search for a product or service. The more visibility a website has in search engines, the more likely the brand is to win business.
What is SEO and how it works?
Well, SEO stands for “Search Engine Optimization,” which is the process of getting traffic from free, organic, editorial, or natural search results on search engines. The aim is to improve the position of your website on the search results pages. Remember, the higher the site ranks, the more people will see it.
What is the main purpose of SEO? Increased web traffic is one of the main goals of SEO, and you increase traffic when you improve visibility and rankings. Think about it for a moment: ranking first in a Google search gets nearly 32% of clicks, and moving up just one spot in search results can increase CTR by a staggering 30.8%.