What is a URL Injection?
URL Injection occurs when a hacker has created/injected new pages on an existing website. These pages often contain code that redirects users to other sites or involves the business in attacks against other sites. These injections can be made through software vulnerabilities, unsecured directories, or plug-ins.
How to Recognize This Threat: Google’s Search Console will flag potentially injected pages with a message sent to the website administrator. The admin can then search the full site for new pages that have been added. In other cases, organizations may only become aware of the issue when their page ranking drops via web and search analytics.
How to Prevent This Threat: Once the bad pages are found and accessed without the normal browser, the site administrator can remove them, remove the functions the hacker used to create them, or restore affected directories with a previously saved version. To prevent it from occurring again, though, site vulnerabilities must be addressed. Web Application Firewalls can provide comprehensive protection against hackers. Protect your site with Barracuda WAFs.