SEO, US Military and a furniture shop
UPDATE: Video transcript available for ‘SEO, US Military and a furniture shop’
Last week we had a few hacking attempts on one of our servers. It was pretty consistent, so I beefed up security with a few bits an pieces. Then yesterday morning I was doing some audits on a few new clients sites and found the same hacking exploit being used one one of them that I discovered last year. The disturbing thing for me though, was that it was on a Magento installation. Last year it was only .asp. After some more digging yesterday I found it on WordPress, aspx, PHP, and even a ColdFusion website. It’s so widespread that Government websites all over the world have been hit as well as US Military and US Justice sites which as you will see from today’s video really surprised me. I am a little alarmed at how quickly this type of hack has proliferated. Most of the military sites seemed to have been spammed rather than hacked but that certainly isn’t the case for the Superior Court of California which has definitely been hacked. Either that or an employee is selling rip off merchandise on it.
Australian Governments Hit.
Pretty much every Australian state Government and the federal Government have been hit by this type of hack and they are all still live as far as I can see. The WA Government is also providing a directory of links to illegal video downloads and streams.
The above image does look like it may just be spam but I couldn’t find where you could post on that site so I am calling it a hack.
Local councils Hit
I found lots of local government sites in the US, Australia and the UK that have been hacked. Check out the Berrigan Shire in NSW 75 pages selling rip off merchandise or the Association of North East Councils in England or National Nursing Education Taskforce with 22 pages of counterfeit merchandise. The list goes on and on. I emailed a few owners of sites that feature in the video but none have responded for comment. My estimate is that in Australia there is probably over half a million pages affected just in the .com.au space. Even former Australian Cricket Captain and North Melbourne Football Club no.1 ticket holder Ricky Ponting’s foundation site has been hit.
Lock It Down Tight
We used to have a saying in the 90s. Security by obscurity. Basically you wouldn’t get hacked because no one knew you existed. That was pre Google days though. From what I have seen, these hacks tend to be automated and I would not be surprised if they are using Google to identify targets. These sorts of site disruptions can kill your rankings not to mention your business. It’s time to lock it down tighter than ever before.
Jim’s been here for a while, you know who he is.
