The Unsuspecting Recruit: Why every SEO MUST learn Internet security

Internet security is a big problem, and it isn’t just for the IT staff anymore. It affects us as SEOs. Don’t believe me? Consider the incident reported at the end of last year by security research firm Sunbelt Software.

…criminals are now combining SEO tactics and booby-trapped Web pages, and doing it systematically. By posting tens of thousands of Web sites simultaneously, criminals can take over all the top spots on a search results page, casting a wide net that’s more likely to catch Web users. Eckelberry described these criminals as “SEO Gods,” saying they can “take any site and get it on the first page of Google results.”

Instead of wasting energy defacing sites and showing them off as trophies to their peers on IRC, hackers are now modifying the code of hacked sites to include (invisible) links to their web properties or link farms. The article talks about virus writers creating tens of thousands of websites and cross-linking them using all sorts of queries as anchor text. They then spam blog comments around the Web to improve the overall PageRank of the link farm.

Hackers already know how to break into sites. Now that they see the profit that can be made from top-ten search rankings, they have adapted their techniques to break to take advantage. Currently, search engines’ quality reviewers can detect most sites utilizing these black-hat techniques because they show up pretty obviously as SPAM. However, this is just the beginning, and I’m willing to predict that this is going to scale with cleverer hacks that are harder to detect. Most break-ins will be highly sophisticated and highly automated. They will “recruit” thousands of computers into their link-farm. If your site is one of those “recruited” without your knowledge, your site will most likely be penalized by the search engine along with the whole group.

How can somebody break into my server if they don’t know my password? Read more