Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Website hackers hijack Google webmaster tools to prolong infections

Lucian Constantin | Sept. 14, 2015
Webmasters should regularly check the list of verified owners for their websites in the Google Search Console.

Security
Security online. Credit: Werner Moser / Pixabay

Hackers who compromise websites are also increasingly verifying themselves as the owners of those properties in Google's Search Console. Under certain circumstances this could allow them to remain undetected longer than they otherwise would be, researchers warn.

The Google Search Console, formerly known as the Google Webmaster Tools, is a very useful service for administrators to understand how their websites perform in search results.

In addition to providing analytics about search queries and traffic, it also allows webmasters to submit new content for crawling and to receive alerts when Google detects malware or spam issues on their websites.

That last part is very important, because website infections can quickly lead to lost traffic and reputation. Users who click on links in search results that lead to websites hosting malware or spam will receive scary warnings until those websites are cleaned by their owners.

Google allows more than one person to claim ownership over a website in his or her  own Search Console accounts. That's not unusual because running a website usually involves multiple people. The owner, the site administrator and the search optimization specialist can, and often are, separate individuals and they can all benefit from the Search Console data in their respective roles.

Getting verified as a website owner in the context of the Google Search Console can be done in different ways, but the easiest is to upload an HTML file with a code that's unique for every user into the website's root folder.

However, many of the vulnerabilities that allow attackers to inject malicious code into websites also give them the ability to create rogue files on the underlying Web servers. Therefore, they can use such flaws to verify themselves as new website owners in the Google Search Console by creating the needed HTML files.

Such abuses are actually increasingly common, according to researchers from Web security firm Sucuri, who have seen many webmasters complaining on technical support forums about rogue owners showing up in their Google Search Console.

In one case, a webmaster found over one hundred "verified owners" listed in his console, the Sucuri researchers said in a blog post.

Many hackers use compromised websites to create rogue pages that abuse their search rankings to drive traffic to spam content. Those pages are known as doorways and the technique is called black hat search engine optimization (BHSEO).

According to the Sucuri researchers, by becoming verified owners for compromised websites, attackers can track how well their BHSEO campaigns perform in Google Search. They can also submit new spam pages to be indexed faster instead of waiting for them to be discovered naturally by Google's search robots, they can receive alerts if Google flags the websites as compromised, and, most importantly, they can remove legitimate owners of the site from the Search Console.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.