Hacking has long been the scourge of the internet. We have all heard news stories about hackers targeting government sites to extract classified information or to leak data, and e-commerce sites to infiltrate security databases to get a credit card or identity information. These days, even regular publishers are victimized by this notable nuisance.
But what are these hackers trying to accomplish? Why are they aiming at publishers?
Related Read: Tech Companies to Government: “Stop Spying”
Hackers target publisher websites who might be their direct competition to exploit the site’s reputation or the site’s users themselves. The consequences are not only costly, but it’s also painstakingly difficult to right the ship once the damage has been done. We want to give you the tools to identify and eliminate potential hackers so you can preserve your good reputation.
There are three common varieties of attacks that you should have on your radar:
- Attacks that target your browser, also known as Cross-Site Scripting attacks (XSS)
- Attacks that target your connection to a server, called Cross-Site Request Forgery (CSRF)
- SQL Injection attacks — attacks that target a database and directly using malicious SQL commands, usually with the intent to corrupt or retrieve vulnerable data
Warning signs of being hacked
Below are a few telltale signs of hacked sites or pages. These are just a few but can be strong indications of potential hacks.
- When you click on a link within a site that should direct you to another page on the same site, but it routes you to a spam page
- When you do a Google search and one of the results shows a description or content from a spam page
- Sudden traffic spikes, or a tremendous increase in visitors from the non-targeted location
For someone running AdSense, imagine how much hassle can this be! It not only directly impacts your revenue but can also heavily affect the user experience, bringing your traffic down and possibly getting you banned by Google for invalid clicks.
Arm yourself against hackers
All of this information about hackers is definitely scary, but what can you do about it? For starters, do a full site cleanup. Before deploying any software or plugins, make sure your site is clean.
Quarantine your assets and take action to prevent possible infection, and notify your web hosting provider if you suspect you’ve been hacked so they can deploy an extra layer of security if necessary.
Inspect your website and computer with automatic, up-to-date scanning programs to monitor for malicious code that could be plugged into your site. If you have a page that is hacked and proves to be a real threat, it is better to totally remove your content until you’ve identified and fixed the problem — or better yet, remove the entire URL through Google’s URL removal tool to safeguard your visitors from any potential harm.
If you have found phishing pages, report this immediately to Google’s Safe Browsing Team. You may want to spend some time checking your network infrastructure for any point of entry that you are not aware of.
Do a regular spot check by Googling your own site. Look out for unknown sites in the results, and double-check for any unexpected keywords that may be displayed.
Partnering with third-party providers who supply you with widgets or counters (and even occasionally an ad network) also increases your risk for hacking, as these are assets you don’t fully control. They could potentially have dangerous scripts or code if not monitored regularly.
If you have access to your servers, check your server configuration for authentication and encryption, and keep your infrastructure up to date with the latest software updates and patches.
There is no such this as 100% security when it comes to the internet. There will always be risks, but it’s up to you to mitigate these risks to an acceptable level.
To receive regular updates on Adsense Publisher help, subscribe to our Newsletter.