Pharma Hack: After Action Report

Okay, everything looks clear.  Website appears to be clean again.

For the curious, here’s what’s been going on:

Sometime a while ago (at least as early as June 2015, if not earlier) this website was infected by a Pharma Hack.  The way the hack works is to create a large number of hidden links on the infected website advertising drugs from an online pharmacy.  The goal of the hack is not to get you to click on the links – the goal is to use the links to boost the online pharmacy’s Google ranking.

For those wondering why this is important:  you know how when you do a Google search for something, some results will be right at the top of the first page where everyone will see it, while others will be hidden down in page 5 or 10, where almost no-one looks?  What determines that is the website’s search engine ranking.  Making your website appear high up on Google results is called SEO (search engine optimisation), and it’s big business.  SEO can be done legitimately (‘white hat’) or illegitimately (‘black hat’).  The Pharma Hack approach (a.k.a. spamdexing) is very much black hat.

One of the reasons that Pharma Hacks are so annoying is that they’re really hard to spot.  The results of the hack are only visible to search engines, not to regular visitors – if you’re reading this, you probably visited this site while it was infected without noticing anything.  (No, you don’t need to worry about your computer being infected because you visited – it doesn’t work that way.)  You could even have looked up the website on Google and there’d have been nothing suspicious.  However, if you looked at Google’s cached version of my website (which is the one that Googlebot uses to build its search index), you would have seen this:

Googleresult

At the other end of these links is an illegal online pharmacy selling restricted drugs.  The drugs in question are usually produced in countries with lower manufacturing standards, and there’s no guarantee that the drug will be packaged in the correct dose, be within its sell-by date, or contain the right active ingredient.  A particularly common trick is to advertise the pharmacy as ‘Canadian’, since a lot of US customers are used to buying from legitimate Canadian pharmacies to avoid US domestic drug costs.  (Just to give you an idea of how widespread this is:  the NABP did a study of over 10,000 online pharmacies in 2013.  They found that 96.7% of them were illegal.)

For those who want to know more, the Pharma Hack blog has a ton of info on pharma hacks, including how they work and ways to combat them.

Anyway.

The site’s now been cleaned, the spammy links have been terminated, and the backdoors the hackers used have been flushed out as far as we can tell.  New security measures have been put in place, but please do contact me if you see any signs of pharma spam on this blog dating from November 2015 or later.

To finish on a positive note, here are a couple of shout-outs and recommendations:

  • Michael VanDeMar has a step-by-step guide on how to clean a hacked WordPress installation.  His tutorial’s available for free, but he’s also willing to do it for you for a pretty reasonable fee.  I recommend giving him a look if your own site’s been compromised.
  • My web host, Vidahost, were also helpful – they weren’t able to fix the problem themselves, but they gave me good advice and over the years I’ve used them they’ve been good with phone support.  I’d recommend them if you’re looking for a hosting service for a site of your own.

And that’s it, at least for now.  Right, back to writing.

This entry was posted in News. Bookmark the permalink.

2 Responses to Pharma Hack: After Action Report

  1. Marek says:

    I lost 3 websites because of Pharma Hack, I didnt made backup :/