A recent Search Engine Optimization (SEO) campaign that attacks targeted websites by making use of SQL injections has been making rounds. The Threat Research Division of Akamai Technologies has reported that, with SEO web application attack, attacked websites are made to distribute secret HTML links which confuse search engine bots and cause them to display incorrect page rankings.
According to a report by Akamai, “Search engines use specific algorithms to determine page rankings and indexing for sites on the web, and the number and reputation of links that redirect to the web application influence these rankings. The SEO attackers created a chain of external links that direct to stories of cheating and infidelity on the web to mimic normal web content and impact search engine algorithms.”
Akamai has recommended web app developers to implement input validation check on every user-supplied data that is contained in back-end database query. It is also recommended for the developers to use “prepared statements with parameterized queries” while developing SQL queries that are based upon data supplied by users.
Webmasters are recommended to implement Web Application Firewall (WAF) and configure it to block an SQL injection attack. They are also recommended to profile and monitor HTML response body format which will allow them to identify any particular changes, like too many web links.