Hacked primary school site with sexual content ranked by Google
Primary schools are not the only hacked sites ranked top in sex related searches by Google, I have seen restaurants, football fan clubs, construction companies. Hackers can rank a site of any subject on the first two pages of Google for high value adult and casual dating terms.
Watch the video to see the problem
The video below shows the Google search results for the term 'Adult dating' which should return results
for casual and hookup dating sites.
This has been an issue within Google for several years now, the quality of the search results after the first few results is very low quality. The video example has:
- Hacked sites
- Sites who build their search status with hacked sites
- Facebook group pages with no activity
This is not an issue with Bing and DuckDuckGo.
Try it yourself
Google search results are very regional today so it’s likely you will see different results but I welcome you to try it in your location. Search “adult dating” and look for URLs that seem to be on different topics (other than dating). Note down the root domain name and open up the link and the home page and see if you find a resultant with sex dating, or a church group with hardcore porn content.
Check your own site
Site owners will be blissfully unaware their pages have been compromised as the offending pages will be newly generated. They will be used to help rank other sites within the hackers network or connect directly to an affiliated site that earns commission. To check your own site try some of the following searches:
The “site:” prefix will limit Google to display only results from the designated domain and “dating” will find all content with the term “dating”.
The image below shows a football fan club site that has over 1,900 pages of dating content.
More results for this site: porn = 52, fetish = 10, fuck = 76, hookup = 429
Google report system - ignored
Google provide a web spam reporting system as an extension to Google Chrome. I have concerns that it is no longer maintained or reports are not followed up. I have yet to see a site be removed as a result of using this tool. It’s appearance doesn’t following the usual quality of Google and looks very dated. Ideally a more modern reporting system should presented natively within the search results.
Google's webspam tool is well hidden and ineffective. Maybe it's not working?
What the results should be
Having worked in the dating industry since 2007 with many niche markets, including adult dating this is what I feel the top ten search results should be for the term “Adult dating” (in alphabetical order).
Adult Friend Finder
Latest news article
Wordpress / Joomla is a big problem
Wordpress and Joomla are very popular website design systems which makes creating and managing a site quick and simple. In the example video all of the comprised sites are either Wordpress or Joomla. They are easy to hack for several reasons:
The source code is public
When hackers can read the source code they can find mistakes or holes in the security. When people have their own custom site design it can be harder to penetrate.
Plugins are poorly designed
Wordpress and Joomla offers a market place of plug-ins and extensions that may not be written to high standards and contain security flaws.
Site owners are not professionals
Either site owners or website designers set up Wordpress / Joomla sites on servers without the correct security configurations. For example, tools such as Modsec and Fail2Ban go some way to stopping/slowing attacks and injections.
Site owners don’t update their installations
It’s very important to update Wordpress / Joomla installations as soon as patches and updates are available. Newer versions have options to auto update. Site owners may only focus on writing content and ignore security.
Site owners or web design companies store FTP passwords in their FTP client
FTP clients are software packages that manage the upload and download of files to websites. Users may opt to save their complex server passwords in their FTP client. Hackers know this and either create fake clients or produce malware that hunts for passwords. Once the FTP password is comprised they have full access to your site and content.
What should Google do?
Check their own results
Google could craw their own results and compare the cached version of the page with the final destination. If they don’t match or are significantly different, drop the page from the index until they do match. This craw needs to be done with IP addresses and user agents that mimic a regular web user.
What should Wordpress & Joomla do?
Moderate their extension and plugins
The CMS (Conent Management System) providers need to control the plugin market with their own plugin stores and adjust their own platforms to allow official and regulated plugins only. With an open market place, plugins will always be a major security risk.
There is clearly a major issue with how easy it is to compromise platforms like Wordpress / Joomla and how poor Google is at detecting hacked sites. There is also a problem with site owners and website development companies that are not monitoring their sites or content.
A primary school website has 1,470 pages indexed in Google and
- 1,400 pages contain the word “dating”
- 901 pages contain the word “hookup”
- 199 pages contain the word “fetish”
Google could do a better job at flagging this as a concern and redirect visitors to a warning page which would soon be feed back to the site owners. Google already have lists of adult/sex industry words as they filter them from Google Suggestions when performing searches.
All comprised sites in this article have been notified and Google, Wordpress and Joomla have been asked to comment, I will include their response if received.