Many webmasters are unaware that their websites have been hacked and that they may be serving hidden links and even malicious code to their visitors.
Many hackers deface a website when they breach the web host or CMS’s security, but other hackers prefer to inject covert code into a website – often unbeknownst to the webmaster and website visitors.
Hidden links are often inserted in websites to gain Google page rank. This means that the hacker’s websites have more back links, and therefore a higher page rank, while the website owner may be penalized for their promotion of websites containing illicit products or pornography.
South Africa’s Film and Publications Board (FPB – http://www.fpb.gov.za/) website is a good example. The website was defaced in July 2011, but the organisation said that it was repaired soon afterwards.
Unbeknownst to the FPB, they had been serving hidden website links to beauty products and even erotic video websites. This may well have happened since the initial security breach in 2011.
The FPB was contacted about the fact that their website has been a victim of hackers, and what is being done about the issue, but the organisation did not provide feedback by the time of publication.
To see hidden links in a website is as simple as right-clicking on the website an viewing the source (“View Page Source” in Firefox, “View Source” in Internet Explorer and “View page source” in Chrome”).
After the injected code and links are removed, it is advisable for website owners to change their passwords, check file permissions and ensure that all their software is up to date.