Google reports an increase in the number of hacked sites. They estimate that there were roughly 32% more hacked sites in 2016 compared to 2015. “We don’t expect this trend to slow down,” Google said in a recent post. “As hackers get more aggressive and more sites become outdated, hackers will continue to capitalize by infecting more sites.”
Sites are hacked in various way, but the most common is through acquiring passwords or machine-based guessing attacks. Other common tactics include exploiting vulnerabilities such as missed security updates. New updates in software come out routinely to plug holes in security, but if you don’t keep up to date on them, it becomes a road map for hackers to burrow in. Outdated plugins and themes that are no longer maintained by developers can be just as bad.
Once the hackers get in your system, the fun begins! For them, not you. Here are some of the more recent games Google found hackers are playing with sites:
The gibberish hack automatically creates many pages with non-sensical sentences filled with keywords on the target site. Hackers do this so the hacked pages show up in Google Search. Then, when people try to visit these pages, they’ll be redirected to an unrelated page, like a porn site. Learn more on how to fix this type of hack.
Japanese Keywords Hack
The Japanese keywords hack typically creates new pages with Japanese text on the target site in randomly generated directory names. These pages are monetized using affiliate links to stores selling fake brand merchandise and then shown in Google search. Sometimes the accounts of the hackers get added in Search Console as site owners. Learn more on how to fix this type of hack.
Cloaked Keywords Hack
The cloaked keywords and link hack automatically creates many pages with non-sensical sentence, links, and images. These pages sometimes contain basic template elements from the original site, so at first glance, the pages might look like normal parts of the target site until you read the content. In this type of attack, hackers usually use cloaking techniques to hide the malicious content and make the injected page appear as part of the original site or a 404 error page. Learn more on how to fix this type of hack.