SEO hacks continue to plague websites as attackers abuse SERP rankings for their own gain. The time and effort spent by the website owner creating content, optimizing pages and building links is stolen by an attacker in an instant.
For many years, spam injections placed inside legitimate pages have remained one of the most prevalent types of black hat SEO hacks that we encounter. In fact, SEO Spam made up over 30% of the malware families we saw while cleaning websites in the last year. Hackers are constantly inventing new tricks to make spam invisible to human visitors while remaining indexable by search engines. Black hat tactics like these are becoming more complex in order to avoid detection by the website owner.
In this post, we'll outline a simple evolution of tactics used by hackers to hide spam. These steps detail a specific case that we saw but can easily be used to identify similar attacks.
The script remains short but it's difficult for webmasters to spot what it does at first glance. However, when you look at it more thoroughly, you can notice that it does exactly the same thing – it hides an HTML element with a "numeric" id:
document.getElementById(214*102+105).style['display']='none';This is just one line of the spam-hiding code evolution. There are many other approaches that hackers use to hide spam injections from human visitors while abusing the page's SEO. If you think you may be the victim of an attack, we are here to help you detect them and remove malware from your sites.
Source: Spotting a Hidden SEO Hack: "Play One"
No comments:
Post a Comment