One of our client sites was recently hacked to promote pharmaceuticals – the so-called “pharma hack”.
One of the insidious things about the pharma hack is that it doesn’t show up on your site, but on search engine listings of it. We’ve also found that it can interfere with your RSS feed.
So when a Google search comes up relating to a page on your site, instead of the title of that page you get words relating to various pharmaceuticals frequently pushed by spammers on the Internet. Yet when you look at the page on your site the title is as normal.
You will be likely to be unaware of it for a while until someone sees a Google entry featuring your website and the spam and contacts you.
The aim of the hackers is to put spam on the web linking to their site, so they have no interest in pulling your site down. However it can have some unfortunate side-effects.
One side-effect is that Google may refuse to index your site for a while. As most large commercial sites rely on Google for significant amounts of their traffic this can be commercially devastating (although the Hackers also suffer when this happens).
The other side-effect is that other Internet users will wonder what you are on and why you are promoting viagra etc.
You need to deal with the infestation as soon as possible, or find someone like us who can do it for you. For the DIY types this blog entry has easy-to-follow instructions for eliminating it. If you want to talk to us, click here.
When we investigated how the hacker got access to the site we discovered that they had logged on as an administrator and apparently had no trouble discovering the password. We subsequently found out that they had hacked into the gmail account of one of the owners of the site.
Which raises another issue.
A lot of people leave the security of their personal information to Google on the basis that they think Google’s security is second to none. We’re not just talking about gmail here, but also applications like Google Docs. In fact I’ve been recently reading about governments in the US who are using Google for cloud computing.
The irony in this case is that our client’s site, which one might presume to be less secure than Google’s, was actually breached through problems with Google’s security. Which makes me wonder about the whole cloud computing phenomenon.
Cost is one thing and security is another, until security is breached, then they tend to collide. I can’t help thinking that the cost of hosting your applications on your own internal computers could be very much less than the cost of using the cloud if you take into account the risks you incur by congregating on remote servers with a lot of other high profile and therefore highly attractive entities.