Black Hat SEO Campaign: Akamai’s New Campaign Powered By SQL Injection To Boost Search Rankings

Black Hat SEO Campaign: Akamai’s New Campaign Powered By SQL Injection To Boost Search Rankings.

In the middle of the 2015, According to report Akamai identified a sophisticated Black Hat Search Engine Optimization (SEO) campaign for enhancing and boosting the Website search rankings using SQL Injections. 

With the aim of improving the Website’s SEO ranking. Akamai experts observed that SQL injection is using by the attackers to deface website with hidden content. Akamai has already identified hundreds of web applications that contain this malicious links from multiple attack campaigns.

According to Akamai report the website behind the campaign wasn’t listed but this campaign has targeted around 3,800 websites, hosted on 348 unique IP addresses.

How The Attackers Achieve Their Target?

According to the report attackers only trying to target those applications that rely on Microsoft’s platform because they are poorly developed. Once a vulnerable application was discovered, attackers can add various content in the database, including all the HTML that are needed and most of the injected contents are Junk-a handful of related keywords and meaningless sentences. The hidden content contains both keywords and links that help the attacker's own website to gain a better position in search engine rankings for various terms related to "cheating and infidelity."

The most important thing is that the operator of the website wouldn’t find it easily the defaced website would appear normal to him because the injected content is only visible in search engines. The defaced website also lose their search engine rating because of the unrelated and adult-themed content.

Most of the defaced website are written in ASP, PHP, WordPress and are running on older version of IIS. After this massive campaign the website has gained a massive SEO reputation at the moment of writing this article, after typing "cheating" in Google, the campaign's website comes up in the first five results, right there next to dictionary definitions and Wikipedia pages. On the other hand, attackers has already started to attack personal websites after attacking business websites.

Preventive Measures:

Monitor your website and server for changes, and investigate anything that seems unusual. Moreover, it's possible to use Google to catch added pages by searching your domain and looking at what's being indexed.