Akamai Technologies, Inc (Akamai) has recently brought to light a threat to website security by pinpointing a sneaky Black Hat SEO tactic used by a site about cheating.
Akamai, a leading company in content delivery network services, stated in a press release on 12 January 2016 that a new SEO tactic was being used by storyofcheating[dot]com to generate inbound links — and to great success. The campaign uses SQL Injection as a means to generate links from over 3,800 websites and 348 unique IP addresses to rise to the top of search results.
SQL is a database system many SEO and web development companies use to host their websites on. SQL is a platform upon which millions of websites are based. The “cheating” website in question uses the SQL injection to attack data-driven applications and generate links that point to the malicious site; such actions means that there is a security vulnerability in poorly developed applications using SQL.
How the Attack Works
The Black Hat SEO campaign targets websites that are using SQL and causes them to distribute hidden HTML links, causing search engines such as Google to crawl these links and boost rankings artificially. As of earlier this morning, the tactic still seems to be working as the site in question is still ranked at the top of search results for certain keywords.
As soon as a vulnerability in an application is discovered, the SQL injection tactic adds these hidden HTML backlinks to a site’s database. On the front end of the website, all would appear normal. However, the hidden links are still visible to search engines.
Akamai’s Threat Research Division looked at the analytics for the website as well as their ranking. Before November when the Black Hat SEO tactic was implemented, the website in question was not ranked highly. Once the tactic took hold, their rankings skyrocketed.
How this Attack is Sophisticated
What makes this tactic so advanced is that the SEO attackers gathered links that were directly related to stories about cheating across the web, technically making the content on the site relevant. According to Google’s Penguin and Panda algorithm, related links coupled with relevant content lead to better rankings. However, upon further investigation, the content was somewhat thin; it included meaningless sentences sprinkled with related keywords throughout.
“The ability to manipulate page rankings is an enticing proposition and business for attackers,” said Stuart Scholly, Senior Vice President and General Manager for the Security Business Unit at Akamai, in their press release.
Preventing a Black Hat SEO Attack
According to Akamai, web application developers are urged to implement “proper input validation checks” for user-supplied data. For web application defenders, it is important to install a firewall designed to block SQL injection attacks.
Read the full release here for more information on preventative measures and about the malicious SEO attack that is still currently being monitored and investigated.