This August, Molly Stillman logged on to her lifestyle blog to update a few popular old posts, freshening them up so they would continue to attract traffic from Pinterest and search engines. She was horrified at what she discovered.
“There were [links] for, you know, anal bleaching, which is apparently a thing. I mean, just truly, incredibly inappropriate things. And there was even some links to Russian pornography sites. I mean, we’re talking about horrible, horrible things. And it was written into my content.”
Stillman, who lives in North Carolina, has been blogging about family, faith, and fashion since 2007. Her site is an important source of income, and someone hacking into her blog to add text and links left her reeling. All the more so given the subject matter.
Stillman hired a security company to clean up the posts and identify the source of the intrusion. It determined someone hacked her site, which runs on the open source version of WordPress, by finding a way in through the administrator login. The culprit inserted content and links into 500 of the roughly 2,000 posts Stillman published over the past 12 years.
“I’ll be honest. It’s been a nightmare,” she said. “It’s been an absolute nightmare.”
What happened to Stillman was not an isolated incident. Websites of all types and sizes, and especially those that use the open-source version of WordPress, are hacked to inject links to manipulate search engine results. A BuzzFeed News investigation reveals how injected links are sold by global networks of online marketplaces and black hat SEO consultants who offer customers the ability to have links placed on compromised websites.
Among those affected are journalists, celebrities, churches, charities, veterans organizations, and the managing director of Peter Thiel’s venture capital firm. Injected backlinks on these compromised sites quickly improve the search engine rankings of customers’ web properties by exploiting Google’s preference for sites that receive a high quantity of links from authoritative sites. That in turn helps the customer sites attract more traffic, and in some cases, increase sales.
BuzzFeed News obtained lists of more than 20,000 websites where backlinks can allegedly be added for a fee, and confirmed multiple cases where links were added to these and other sites without the owner’s knowledge. The award-winning Canadian urban magazine Spacing is one site affected by injected links. After being contacted by BuzzFeed News, it identified several articles where unauthorized links had been added long after publication. One post was even hacked during the course of the magazine’s email conversations with BuzzFeed News.
In one example, an article about drug policy from 2009 had links and text injected for rehab centers and a cannabis vaporizer product. And in the few days between the site discovering the compromised post and cleaning it up, someone added text and a link to an online gun store.
“I can see the allure of going after well-trafficked media sites — there are usually so many points of entry from contributors that all it takes is one good account to give wide access to the editorial content of a media outlet,” Matthew Blackett, the publisher of Spacing, told BuzzFeed News.
It’s yet another example of how search engines like Google are being manipulated at scale by a global industry of shady digital marketers and hackers who take over expired domains, acquire once-credible websites and fill them with junk content, hijack dead links on major news sites, place undisclosed sponsored content, and launch extensive manipulation campaigns using fake online personas to make their content appear higher in search results.
Google’s quality guidelines forbid “link schemes” and cite “exchanging money for links, or posts that contain links” as one example of banned behavior. But that doesn’t deter the global trade in links.
A major source of injected links is Sape.ru, an online marketplace once partly owned by Mail.ru, a leading Russian technology company. On Sape, black hat marketers and webmasters post search-ranking data for websites they control or have access to. Over 8,000 English-language websites are listed on Sape, covering everything from American political organizations to international children’s charities. BuzzFeed News confirmed multiple instances where sites advertised on Sape contained injected links.
“We do not welcome the addition of hacked sites, nor the hackers themselves. If such cases are identified, we stop working with the webmaster,” a Sape spokesperson told BuzzFeed News.
The company said it blocks the accounts of any confirmed hackers or anyone who is not able to verify their ownership of a site listed in the marketplace when requested…..Read More>>