Malicious SEO Campaign Compromises More Than 15,000 WordPress Websites

min read

A recent black hat SEO campaign has redirected thousands of websites to spam portals.

Sucuri Tracks Down Malicious SEO Campaign

Sucuri, an established web security service provider, has tracked down a malicious search engine optimization (SEO) campaign that used black hat strategies to carry out its attack. Sucuri’s Ben Martin reported that this black hat SEO campaign has already compromised more than 15,000 WordPress websites. 

How did the attackers compromise the WordPress websites?

The attackers carried out their black hat SEO campaign by redirecting the visitors of over 15,000 WordPress websites to fraudulent, low-quality Q&A sites. The spam Q&A websites are owned by the attackers, and their main purpose was to increase the domain authority of these fraudulent sites.   

Each compromised website was infected with 20,000 files that were used to execute the malicious SEO campaign. The hackers targeted common WordPress PHP files, modifying the likes of wp-singup.php, wp-cron.php, wp-settings.php, wp-mail.php, wp-cron.php, and wp-blog-header.php. By modifying these PHP files, the hackers were able to implant the redirects to their spam websites.

How many spam websites did the attackers have?

According to Sucuri, the attackers redirected visitors to the 14 spam websites they own. These spam Q&A sites include scraped question-and-answer columns, with most portions talking about cryptocurrency and finance. Interestingly, Sucuri reiterated that they haven’t detected any malicious activities in the attackers’ spam websites. But if this black hat SEO campaign continues, the attackers may opt to use their current spam sites as a way to redirect visitors to other malicious websites. Moreover, the attackers might also be conditioning their spam sites to conduct a phishing campaign or be an instrument for advertising fraud.      

The attackers hid their servers in a CloudFare proxy, and while it’s difficult to know who the perpetrators are, Sucuri researchers believe that there is just one group responsible for this malicious SEO campaign.

What are Malicious Redirects?

To put it in very simple terms, a malicious redirect is a script or code that redirects a website visitor to another site. You might have encountered this before — you click on a link and it directed you to another site that looks shady or nothing resembling the website you intended to visit. Malicious redirects are typically used by hackers to generate more traffic to their websites and gain more advertising revenue as a result. 

If you’re a website owner, these malicious redirects could harm your brand and lose customers in the process. Some hackers might use malicious redirects to start a phishing campaign, sell fake products and services, or infect devices with malware. 

Having said that, it is important to remove malicious redirects from your website to protect you and your site visitors from further harm.

Tips on Removing Malicious Redirects From Your Website

If you find out that your website has been infected with malicious redirects, you can do these things to help remove malware from your site’s system.

Do a manual cleanup

If you’re planning to manually remove malware, the first thing you need to do is back up your files so still have the option to restore your site to its original settings. In the case of malicious redirects, you have to clean up your site’s plugin files and themes, remove or optimize the cache, and reinstall your core files. Just make sure that you know the ins and outs of a WordPress website before doing a manual cleanup.

Use a security plugin

You can also check which security plugins you can use to remove the malicious redirects on your website. There are tons out there – just carefully evaluate if the plugins are from reliable and legitimate channels.

Protect Your Website From Malicious Redirects

Rather than waiting for malicious redirects to hit your website, it’s still better to avoid it at all costs. You can do this by updating your always updating your plugins and CMS, and regularly using a malware scanner to check your site for any system irregularities.

Related Articles

Malicious SEO Campaign Compromises More Than 15,000 WordPress Websites

November 17, 2022
min read

Is HARO Link Building Worth The Time and Effort?

March 9, 2022
11
min read

Link Building Software Roundup: The Best Tools in 2022 (Updated)

March 3, 2022
10
min read
Patrick Babakhanian

White Label Link Building: How to Offer Link Building To Your Clients

March 2, 2022
9
min read
Patrick Babakhanian

Guest Blogging: The Ultimate Guide to Guest Posts

June 18, 2021
10
min read
Amanda DiSilvestro

How To Find Expired Domains with Traffic

June 18, 2021
min read
Patrick Babakhanian

How To Get Featured On High Authority Websites (& Become A Reputable Blogger)

June 18, 2021
5
min read
Amanda DiSilvestro

Case Study: A Local Business Invests $1,750 In Ranking One Page & Makes $8,570 Back (490% ROI)

June 18, 2021
min read
Patrick Babakhanian

Case Study: How This eCommerce Client Reached $39,435 in Net Profit In 11 Months [Get The Exact Strategy Inside]

June 18, 2021
min read
Patrick Babakhanian

Google Core Update - How To Prepare For Algorithm Changes

June 18, 2021
10
min read
Patrick Babakhanian

Crawl Budget Optimization: How To Speed Up Indexing, Crawlability and Avoid Keyword Cannibalization.

June 18, 2021
10
min read
Patrick Babakhanian

eCommerce SEO: Our #1 SEO Strategy That Helps To Rank eCommerce Sites

June 18, 2021
10
min read
Patrick Babakhanian

Content Development: How To SEO-Charge Your Content For Higher Rankings

June 19, 2021
min read
Patrick Babakhanian

Keyword Mapping - How To Avoid Keyword Cannibalization

June 19, 2021
5
min read
Patrick Babakhanian

3 Keyword Research Mistakes that Even Advanced SEOs are Making​

June 19, 2021
min read
Patrick Babakhanian

How Many Backlinks Do You Need To Rank On Page #1?

June 19, 2021
10
min read
Patrick Babakhanian

Niche Edits: What Are They and How Do We Use Them To Rank On Page #1 Consistently.

June 17, 2021
10
min read
Patrick Babakhanian