51% of Sites Are Hacked For SEO Purposes
The report published by Sucuri states that over half of the sites hacked in 2018 were attacked for SEO purposes . The technique used is SEP and is difficult to detect.
Who does not know Sucuri should immediately go to the website of the parent company, have their website scanned with Sucuri SiteCheck and see if, the security platform for all-in-one websites that helps protect against threats, has detected or not some malware, viruses or trojans.
But let’s get back to the report and try to understand how these attacks hit websites for the sole purpose of manipulating the performance of SEO campaigns aimed at increasing the rankings on Google, Bing and other search engines.
The numbers of the Sucuri report on the online safety of websites
Sucuri’s report on online website security shows that 51.3 percent of all infection cases in 2018 were related to SEO spam campaigns .
A number unfortunately growing strongly with + 7.3 percent compared to the previous year, which makes it one of the fastest growing hack families for the year 2019.
The ” SEO Spam family ” as defined by Sucuri “is made up of attacks that specifically target the manipulation of search engine optimization.”
As we said the data is growing and the blue line in the graph below (which includes SEO spam, backdoors and malware injection) shows the trend of SEO spam attacks in the last year divided by quarter.
What are SEP attacks and how are they detected?
Sucuri in his report speaks, as we have said above, of different hacking strategies, not only very dangerous because they damage SEO campaigns, but above all because they are difficult to detect.
We all know the importance of having an antivirus updated on our computer or on our smartphone, and we know that a virus can be reclaimed or quarantined only after it has been discovered. Prevention in this field is difficult to do as no one can know in advance what hackers are making up.
Fortunately there are antiviruses that help us protect our devices, but if hacker attacks, such as those encountered by Sucuri are difficult to detect, the situation becomes complicated and not a little.
The security company said that “they are difficult to detect and have a strong economic engine driven by impression-based affiliate marketing”, leaving no doubt that this form of hacking is extremely difficult to detect, given that everything revolves around impression strategies based on affiliate marketing .
SEP stands for Search Engine Poisoning and that’s why when we talk about SEP attacks we talk about search engine poisoning .
Hackers adopt very refined attack strategies trying to abuse the excellent positioning of the single website for the main purpose of monetizing with the site. Generally these attacks take the form of P HP, database injection or redirect via .htaccess .
The report tells us that “websites impacted by SEO attacks often become infected with spam content or redirect visitors to spam-specific pages. “Fashion or entertainment (ie, pornographic material, essay writing, fashion brands, loans, and online gambling)”
By carefully reading what we have reported above we can easily understand how websites affected by SEO attacks are often infected by spam or redirect content that send visitors back to specific spam pages.
Unwanted content appears, for example, in the form of pharmaceutical product advertisements,but may also include popular content such as fashion or entertainment (for example, pornography, essay writing, fashion brands, loans and gambling) online ).
Here then is the extreme importance of having a website always in perfect shape, because if it is violated, not only can it damage the search position and cancel all SEO campaigns carried out until now, but it can potentially harm visitors who in turn could be attacked by viruses, malware, etc.
The Sucuri report launches an important alert because very often owners, webmasters and SEOs do not know that the site they are managing has been breached.
In this case, Google is always at the forefront, because online security is an integral part of its evolutionary process. And it is precisely for this reason that he is rather good at notifying potential attacks via the Google Search Console .
We said pretty good because notifications are never real time and often it takes a long time before they are notified in the Search Console property.
Also Bing Web Master Tools has similar notifications and they too must be constantly monitored.
As we have said, prevention in this field is particularly difficult, but certainly a first important suggestion we can give it directly to us: keeping the website updated and installing the latest security patches only the first fundamental steps to significantly reduce the possibility of the website being violated.