Has this happened to you …yet?? You’re poking around your website one day, and you come across a page that quite clearly has no business being there. It’s a page all about available prescription drugs, and chock full of links to pages on other sites.
So what happened? Well, it means your site has just been spammed; and you’re far from alone. Why does this happen? It’s not because the spammers are malicious and want to wreck your site …far from it. In fact, like parasites, they actually want your site to stay healthy and preferably highly ranked; because all they really want is your link juice, so as to raise their own sites’ rankings.
Why didn’t I notice this before, I hear you say. Because the page isn’t in the main navigation structure and the spammer didn’t link to the page from anywhere on the rest of the site; so the only way you’d discover it would be if you somehow knew the URL. Or if you were deliberately checking the server for stray pages.
“Well, if no real visitor ever sees the page and it does no real damage to my site, why is this a problem?”, you ask. Well, maybe one page won’t hurt; but if the trend continues, at some point Google takes note that your site is linking to a bunch of not-so-relevant sites …which starts to diminish your site’s hard-earned authority by making you look a lot like a link farm.
So what can you do?
Posting on Search Engine Guide, Mike Moran comes to the rescue with several suggestions:
- Protect your userIDs. “Carelessly leaving default passwords on well-known IDs (such as root) or using easy-to-crack passwords leaves you wide open for a ‘drive-by’ spammer.” Webmasters who use passwords such as birthdays are just asking for trouble. Do the math: there are fewer than 37,000 possible dates of birth for 99.8% of all the people currently alive …which is maybe 1.5 seconds work for a password-cracking program.
- Keep up with security patches. “Always applying the latest security updates makes it much harder for spammers to sneak in through an unguarded spot.”
- Monitor suspicious traffic. You can install software that will search your server’s logs for failed access attempts and other odd patterns. Some Webmasters will try blocking suspicious IP addresses, but the hard-core pros will simply switch to another in their bank. But the real reason is… seeing that password-cracker in action will cause you to redouble your vigilance, because now you’ll know for sure that you’re under attack.
- Check for stray pages. Since you know what pages should be on your site, you can readily check for any that don’t belong. Often they’ll be placed right in the top-level www directory, because the closer they are to the home page, the more the links will be worth.
- Keep an eye on your employees/contractors. In fact, one of the easiest means of getting such pages on your site (or other malicious activity) is to corrupt someone on the inside who has the keys to the kingdom, with offers of cash or other personal gain. So as always, it’s critical to know for certain where those trusted folks’ true loyalties lie.
Now, if you are self-hosting your site or have signed up for one of certain types of hosting contracts (e.g., dedicated or cloud server), it is very likely your responsibility to worry about these matters; so you’ll need to have an incorruptible Webmaster on staff who knows how to police websites for such problems. If you’re in a shared-hosting plan, it’s more likely that your hosting provider takes care of such problems for you.
By now, you probably have built up a fairly significant investment in your website; the last thing you need is other entities getting a free ride on it for their own unrelated ends. But by following the sound counsel above, you’ll be able to prevent that from happening.
