I work at a company as a Communications specialist. I’m not even the web master or programming specialist. But I’m the one that uploads content and probably the one more “familiarized” to our website and how it works. That is because the company is small and only has enough budget for certain roles. Our webiste was developed by a web master some years ago. He also built an admin panel (intranet) for us to update content and articles. We hire him sometimes when we need to update something that is not on the intranet or fix a problem. Our site has been getting weird links in different sections (banners, articles, etc.) but before they were just links to replica watches sites which I could delete manually.
Today I found out there were tons of links about “escorts services” “escorts agencies” such as “capa escorts” “tuzla escorts” “sisili escorts” and similars. These I can still delete one by one but the fact that they’ve been spammed all over the site in different sections is worrying me alot, and of course also the fact that they have words linked to sexual stuff. When clicking them, they are all linked to sites that dipslay a banner saying “website under construction” It’s the same banner in all of them but with different URLs. Luckily, none of them have any real escort content besides the URL. I’m pressuring my boss to pay this guy to fix this issue. My boss (and those above him) didn’t want to waste basically any money this year because the company was on a budget. The guy offerred us to fix the problem for a certain cost, or to hire him monthly to fix constant issues like this.
Here’s a screenshot of some of the spam text
I’ve changed the hosting site password and cpanel many times (hosting and cpanel are on hostpapa), and also the admin panel-intranet password. But we still get this weird links. I’m assuming the webmaster has access to the sites hosting code from the intranet he built. So even if I changed password he would still be able to get into the code. I’m not saying he’s the hacker. But also the hackers may have gained access to the intranet and that’s how they are spamming this links across sections.
I can create and delete users from the intranet (admin panel) but I don’t know if the webmaster has permanent access from somewhere I can’t control.
How common is this? To get “hacked” by just with link spamming, modifying content that is on the admin-panel? Could it be the web master?
TLDR: Company website is being spammed with links, want to know if this is common when hacking sites or if it could be the webmaster who built the site and is looking for a “job” fixing the issue.
PS/Important update Edit: I forgot to mention all of these links appear only on sections that can be modified through the admin panel (the intranet that the webmaster built for us to update content), none of them are added by actually coding the site cpanel. I’m 100% sure no one else from our team has access to this panel. So it’s either hackers/bots/ or the webmaster who still has access to it.
If it is not WordPress, it must be some other off the shelf content management software that is modified enough to look different. It probably has a well known vulnerability and you are not being targeted specifically. This looks all automated exploit. You need to pay the guy to patch it probably.
There has to be budget for maintenance. It is a mandatory burden of having a website. Otherwise this problem is always going to come back. The fact that you kept dealing with link injections, manually cleaning them up and only worrying about it after they became sex related is bonkers.
It is like knowing that someone keeps breaking into your house and you keep cleaning up after them for years but now it is actually becoming a real problem because stuff is being stolen and illicit goods are being left around
This is probably an automated attack on your database as much as anything else.
As soon as I started reading it the first line I thought “this guy’s using wordpress”. Last time this happened to me I had an outdated plugin that allowed a bad actor to jack with my .htaccess file. I reset my .htaccess file, updated my plugins, started paying for longer backup lengths, and suggested the org hire an MSP of some kind to manage the site, since nobody on staff had any WP expertise.
Basically you need to tell your boss to start budgeting for maintenance. The software that runs web sites is online 24/7 and under constant probing for vulnerabilities. This sounds like one or more parts of the host have an issue that needs to be patched or this will just keep happening.
It’s called often Black SEO, it’s an injection attack as described in the other posts. DIY site builders including Wordpress are full of vulnerabilities. Sometimes the text may be invisible to casual readers, they’re adding this to otherwise legit sites in order to boost their rank within search engines.
The worst ones are sql or php injections that may embed malicious scripts into pages, see MageCart as one example.
The internet is literally buzzing with this traffic all the time. They’re low hanging fruit, known vulnerabilities that can be exploited by malicious actors leveraging botnets to constantly try these attacks against public facing sites. Enterprises with actual security will detect and block our employees from visiting your site because they are compromised. I get reports all the time–if they bother to report it–because users cannot access X site. So I’ll take a look and say “nope, it’s compromised so the block will remain”.