The Next Web (TNW), a popular technology news site and a lot of other high-profile tech companies were hacked by SEOnix.org. On a recent report, Jorg Ruis was bold enough to reveal how TNW was hacked and how the hacker used TNW posts to gain more traffic for his site and earned a considerable revenue. Jorg Ruis doesn’t revealed information like how many other high-profile tech companies got hacked in the similar way and who are them considering those website safety and might be the reputation.
The hacker actually cracked into the back-end through one of the editorial logins of the site and managed to add text anchored with the link to his own site. He did logged into the same editorial account for the last 3 months and impressively managed to add links to his site on 124 posts. The more interesting and in the same time disappointing fact is that the same hacker managed to enter a lot of other major tech companies in the same way and added more links to his site but we are forbidden from knowing totally how many sites he used to gain traffic and what are those sites (if you prefer seeing the victims strongly, then check at Open Site Explorer).
Also, to check whether TNW claim is true I headed to Alexa.com, a web information company to dig the case deeper (note: information exists in Alexa.com are not accurate). It was true, as per the TNW claim the last three months were the bounty time for SEOnix.com. If you see the below graph containing the SEOnix.com’s traffic over last six months, you could notice the site traffic was flat over the zero line upto the end of December, 2011. Then the hacking begins, starting the January probably as an outcome of hacking the site traffic started to increase. It went peak during the February a maintained the traffic at peak until Mach and until TNW team realized that “well that’s a nice SEO present to give, but why would we do that?”.
Everything is now over for SEOnix.com as you could see from the above graph that the traffic dropped at an insane rate in the same way it went up. I believe all other tech companies might have cleaned the SEOnix.com’s links from their site and there must be only thing left, it’s the traffic through Google search. Because, the hacker now gained a lot of reputation to his site and the Google for a while would redirect the search users to SEOnix.com but on the same time Google is reducing the number of redirects to the hacker site (check the below image from Alexa). I hope Google would drop the site from indexing or the victims should report the site on Google so the search engine could take some necessary steps on blocking the SEOnix.com.
Finally what we’ve learned?
For the past 3 months the password of the editorial account the hacker gained access was not changed. It teaches us that if you are running a large popular and may be unpopular site and it has powerful login accounts that has privilege of modifying contents on your site, then use a strong password and keep changing the passwords pretty often. At least once in a month and for high safety twice in a month. Using some decent password generator and a secure password manager might help to keep the account logins safe.
On the other hand the hacker was smart enough to not change the password of the account he gained access for. If he did, that is the end if it. Because in a day or two the TNW could have chance of resetting the password and hacker might be blocked from the access.
Update: I think Twitter already started blocking tweets containing SEOnix.org or is it just me who can’t tweet SEOnix.org! Please let me know it.