Are you policing your domain from spammers?

It was not a pretty sight. I watched the look on his face as he was shown a page from his domain that should not have been there. Precisely how it got there, no one knows, but it was clearly placed on his site by search spammers, out to get an advantage for some of their Web sites. It was a lovely little page about prescription drugs chock full of links to other places. How could that page have gotten there? And what was it there for? Welcome to the seedy little world of black hat SEO. If you don't know if your site is vulnerable, you need to find out, so that you can make sure your own site is properly protected.

Image via Wikipedia

So let's first examine why anyone would put such a page on a Web site. That one is simple. The links from that site were highly valuable to spammers. In this case, not only was it a well-known site, but it was a .org site, whose links are even more valuable than .com sites, because they are more likely to be genuine expressions of quality. Except in this case.

How is it that the site owner didn't know the page was there? That one's easy, too. The spammer did not link to the page from anywhere on the real site, so the only way you'd discover it would be if you knew the URL. Or you were checking the server for stray pages.

How can you protect yourself? That question is a bit tougher, but your Webmaster needs to answer it:

• Protect your userIDs. Carelessly leaving default passwords on well-known IDs (such as root) or using easy-to-crack passwords leaves you wide open for a drive-by spammer. Did you know that software programs can try millions of passwords over time to find the one for your site? Don't make it easy for them.
• Keep up with security patches. Your Webmaster ought to be keeping up with exploit notifications for any software installed on your Web server. Always applying the latest security updates makes it much harder for spammers to sneak in through an unguarded spot.
• Monitor suspicious traffic. Your server logs all traffic to your site and you can install programs that search the logs for failed access attempts and other odd patterns. Some people block suspicious IP addresses but I think that the real villains just troop off to a new IP address from their bank. The real reason to monitor traffic is so you'll see that cracker program trying a million passwords and it causes you to be especially vigilant because you know you are under attack.
• Monitor stray pages. You were waiting for this one, right? If you know what pages should be on your site, you can check the server for any that don't belong. Often, greedy spammers put them right in the top-level www directory because the closer to the home page on the site, the more that the link might be worth.

Understand, I used to manage the Webmasters at ibm.com, but I am not a real Webmaster. Real ones know that this was the Bert and Ernie explanation of Web security. If you are using a shared hosting plan, then your Web hosting company probably does this stuff for you, but if you are using dedicated or partial server or cloud server hosting, you might be expected to do it yourself. If you host your own servers, you definitely need someone to protect your site.

But don't overlook one last possibility of how that spammy page got on that poor .org site: the inside job. It's possible that their SEO company did it, but even more likely that their employee did it, perhaps even their Webmaster. Anyone could try to boost up another site, either for personal gain or in exchange for some cash from the spammer.

If you haven't been policing your servers, don't be surprised if someone is squatting on a few pages that you don't even know are there.