Hacked primary school site with sexual content ranked by Google
Primary schools are not the only hacked sites ranked top in sex-related searches by Google, I have seen restaurants, football fan clubs, and construction companies. Hackers can rank a site of any subject on the first two pages of Google for high-value adult and casual dating terms.
Watch the video to see the problem
The video below shows the Google search results for the term 'Adult dating' which should return results
for casual and hookup dating sites.
This has been an issue within Google for several years now, the quality of the search results after the first few results is very low quality. The video example has:
- Hacked sites
- Sites who build their search status with hacked sites
- Facebook group pages with no activity
This is not an issue with Bing and DuckDuckGo.
Try it yourself
Google search results are very regional today so it’s likely you will see different results but I welcome you to try it in your location. Search “adult dating” and look for URLs that seem to be on different topics (other than dating). Note down the root domain name and open up the link and the home page and see if you find a resultant with sex dating or a church group with hardcore porn content.
Check your own site
Site owners will be blissfully unaware their pages have been compromised as the offending pages will be newly generated. They will be used to help rank other sites within the hacker's network or connect directly to an affiliated site that earns a commission. To check your own site try some of the following searches:
The “site:” prefix will limit Google to display only results from the designated domain and “dating” will find all content with the term “dating”.
The image below shows a football fan club site that has over 1,900 pages of dating content.
More results for this site: porn = 52, fetish = 10, fuck = 76, hookup = 429
Google report system - ignored
Google provides a web spam reporting system as an extension to Google Chrome. I have concerns that it is no longer maintained or reports are not followed up. I have yet to see a site removed as a result of using this tool. Its appearance doesn’t follow the usual quality of Google and looks very dated. Ideally, a more modern reporting system should be presented natively within the search results.
Google's webspam tool is well hidden and ineffective. Maybe it's not working?
What the results should be
Having worked in the dating industry since 2007 with many niche markets, including adult dating this is what I feel the top ten search results should be for the term “Adult dating” (in alphabetical order).
Adult Friend Finder
Latest news article
WordPress / Joomla is a big problem
WordPress and Joomla are very popular website design systems that make creating and managing a site quick and simple. In the example video, all of the comprised sites are either WordPress or Joomla. They are easy to hack for several reasons:
The source code is public
When hackers can read the source code they can find mistakes or holes in the security. When people have their own custom site design it can be harder to penetrate.
Plugins are poorly designed
WordPress and Joomla offer a market place of plug-ins and extensions that may not be written to high standards and contain security flaws.
Site owners are not professionals
Either site owners or website designers set up WordPress / Joomla sites on servers without the correct security configurations. For example, tools such as Modsec and Fail2Ban go some way to stopping/slowing attacks and injections.
Site owners don’t update their installations
It’s very important to update WordPress / Joomla installations as soon as patches and updates are available. Newer versions have options to auto-update. Site owners may only focus on writing content and ignore security.
Site owners or web design companies store FTP passwords in their FTP client
FTP clients are software packages that manage the upload and download of files to websites. Users may opt to save their complex server passwords in their FTP client. Hackers know this and either create fake clients or produce malware that hunts for passwords. Once the FTP password is comprised they have full access to your site and content.
What should Google do?
Check their own results
Google could crawl its own results and compare the cached version of the page with the final destination. If they don’t match or are significantly different, drop the page from the index until they do match. This craw needs to be done with IP addresses and user agents that mimic a regular web user.
What should Wordpress & Joomla do?
Moderate their extension and plugins
The CMS (Content Management System) providers need to control the plugin market with their own plugin stores and adjust their own platforms to allow official and regulated plugins only. With an open marketplace, plugins will always be a major security risk.
There is clearly a major issue with how easy it is to compromise platforms like WordPress / Joomla and how poor Google is at detecting hacked sites. There is also a problem with site owners and website development companies that are not monitoring their sites or content.
A primary school website has 1,470 pages indexed in Google and
- 1,400 pages contain the word “dating”
- 901 pages contain the word “hookup”
- 199 pages contain the word “fetish”
Google could do a better job at flagging this as a concern and redirecting visitors to a warning page which would soon be feed back to the site owners. Google already have lists of adult/sex industry words as they filter them from Google Suggestions when performing searches.
All comprised sites in this article have been notified and Google, WordPress, and Joomla have been asked to comment, I will include their response if received.