Content
Pharma Hack is an exploit targeting WordPress sites using SEO spamming.
27 Dec 2020
Pharma Hack is an exploit targeting WordPress sites using SEO spamming. Hackers inject the site with content related to pharmaceuticals in order to lure users who are looking for drug resellers either to purchase without a prescription or get a cheaper price. Attackers hijack well established sites to bypass Google’s efforts in delisting websites offering to engage in illegal drug sales.
HOW TO IDENTIFY IF A WEBSITE IS PHARMA HACKED?
Pharma Hacks can be tricky to discover because the hack is not visible to the website owner. The only way to view these are through search engines when a user is looking for specific drugs. Hackers target sites that rank high and have a massive amount of traffic for better earnings prospects.
Key indicators that a site has been infected with the hack would include an unusual decrease or increase in traffic for no apparent reason. Google might remove your site from the search results for suspicious behavior. To help identify those scams you can use a security plugin to scan your site or opt for a manual scan which could be more challenging.
COMMON WORDPRESS VULNERABILITIES
WordPress themes and plugins unfortunately are flawed with vulnerabilities. Even though patches are released as an update, there is a possibility of clients running outdated versions. WordPress has tried to resolve this issue using the Auto-update feature.
WordPress site owners tend to use ‘easy to remember’ username and passwords or retain the default username ‘admin’. This along with not implementing Two Factor Authentication invites brute force attacks.
Many website owners still run on HTTP and not HTTPS, which makes intercepting connection on the website easy for attackers. It is vital to install SSL certificates.
Hackers look for highly ranked websites such as banking websites that attract a high volume of traffic, in order to use the website for further goals such as spreading malware, hacktivism, adding bandwidth to bot networks used in DDOS attacks or merely for practice runs. The lack of sensitive information on your website does not ensures your safety. Instead you need to take the necessary security measures to ensure your protection against attacks.
Recommendations
- Update to the newest version of your CMS along with the plugins
- Always use and download legitimate themes and plugins and make sure the auto-update is enabled.
- Set complex credentials for login along with Two Factor Authentication (2FA).
- Make sure SSL Certificates are installed.
- Identify and block any unusual traffic.
