We have recently noticed an increase in the number of UK web sites being targeted by unknown hackers. It appears that they gain access to the web sites via FTP and then upload a network of pages that link to sites selling Fake UGG boots, and other fake goods. In addition they link to other UK sites that have also been compromised.
We found over 30 links on one hacked site that lead to a variety of UK sites that are legitimate businesses, totally unaware that additional pages had been added to their web sites.
The hackers operate by stealth – having gained access to a site they hide the new pages in new folders and may also modify the robots.txt file to hide their handiwork.
We googled “hacked site UGG” and found many articles detailing US sites that were also victims.
“A portion of the website of the Substance Abuse and Mental Health Services Administration (SAMHSA) was apparently hacked as long as two months ago. SAMHSA is an agency of the Department of Health and Human Services (HHS). HHS also runs the new Obamacare insurance marketplace”
The hackers do not damage the original site in order to avoid alerting the owners, they want the additional pages to remain hidden. However apart from loss of reputation, the main problem is that Google will now think that your site is more about fake goods than its intended purpose, and this can result in a loss of hard earned search ranking.
We urge UK web site owners to check the directory content of their sites, look for new folders or files, and check that existing pages – (especially the index page) have not been modified.
If you are checking access logs, using Google webmaster/analytics and working on the search optimisation of your site the problem will soon be noticed, however many companies simply publish a site and make no further changes, so may not be aware that they have been targeted until they drop in the search tables and loose sales.
As a precaution make sure that passwords are updated on a regular basis, use complicated passwords with upper and lowercase and other characters
James321, qwerty123, and other simple passwords are easy to crack
Ty$Uhj64r5^43FghyJKU89 is not
If you run your own web site, use SFTP rather than simple FTP to transfer files as it’s much more secure, and make sure to update and run a virus check on your local PC.
Ask you web designers to take a look at the security and health of your web site.
It’s a jungle out there so be careful!