The pharma hack is a black hat SEO hack whereby legitimate websites are exploited with the aim to make money by promoting pharmaceutical products, typically pharmaceuticals such as Viagra and related erectile dysfunction treatments (regalis, cialis, tadalafil, etc) - unbeknownst to the legitimate site owner or operator. The pharma hack is known to target many different systems and is perhaps most widespread amongst Wordpress websites.
Often the first thing the operator of the website knows about the hack is when someone reports that the site's Google search results are hijacked and showing descriptions mentioning Viagra or other pharmaceuticals. Variations of this hack also promote payday loans, casinos and gambling, software downloads or pornography.
One of the biggest problems when informing website owners and operators that their site is the victim of a pharma hack, is that the site continues to display as normal to most visitors - only degrading later as further exploitation gets more aggressive.
This is a form of 'parasite hosting' and is one of the worst forms of 'black hat' Search Engine Optimisation. In fact many people regard this as beyond the limits of black hat SEO and call it out for what it actually is, plain illegal hacking.
In this series of articles we will look at:
- the process - how do the hackers do the pharma hack
- why do they do the pharma hack
- how can you prevent your site hosting Viagra products
- how can you check if your website is hosting Viagra products
- and how to fix/clean/repair/de-hack/remove the pharma hack from your website
Pharma Hack - How to Recover from the black hat seo hack
In case your website is hacked, and if you are online for any length of time you will be hacked sooner or later, you need a good recovery plan. First and foremost, it is important to have backups. If you have a backup of your website you can resurrect your site in a couple of hours should the worst happen. Unfortunately, too many people who are hacked do not have backups, or have backups that are so out of date they can't 'roll back' to that copy of the site without losing too much of their recent work. They have to suffer the pains of a de-hack, a cleansing of what they currently have - and that is a painfully involved, and relatively expensive, process.
Of course once you've rolled back to last weeks back-up you aren't out of the woods. Last week's website already got hacked once. It is possible the hacker was already in the site when you took that backup. Even if he wasn't, the vulnerability that let him in was present. As part of your rolling out your backed up site, you *must* bring everything up-to-date. Upgrade the CMS, the Extensions, any custom coding you have.
In reality, most people running websites are not experts in their operation, just as most car drivers are not experts in auto repairs. If your car breaks down you need professional help. Likewise, with your website, if you suspect foul play - realistically you need professional help.
In the articles that follow we will try and outline the steps to cleanse or fix or remove the Black Hat SEO hack from your website. We'll provide some tips and some useful commands to help identify hacker files on your server - but ultimately these tools will be best used by people already familiar with the tools in question. If this is all so new to you that your head hurts - then realistically you probably aren't equipped to carry out the de-hack / website fix. We can cleanse your site of the pharma hack for you.