Home / Technical site audit / Links to compromised domains

Links to compromised domains

What are compromised domains?

A compromised domain refers to a domain name that has been unlawfully hijacked or hacked by cybercriminals with the intention of engaging in malicious activities. These activities may include hosting malware, phishing attacks, spam distribution, or ransomware operations. Despite potentially having legitimate content in other sections of the domain or indications of previous legitimate use, a compromised domain exhibits clear signs of DNS abuse.

Compromised domains can pose serious issues for both internet users and businesses, as they can be leveraged to trick users, infect websites and devices, or extort unsuspecting individuals. A prime example of this is when a compromised domain masquerades as a genuine website, only to redirect visitors to counterfeit login pages or malicious downloads. Compromised domains may also become a source of spam emails or initiate distributed denial-of-service (DDoS) attacks against other websites.

According to a report by PhishLabs, most phishing attacks use compromised domains and free hosting services (https://www.phishlabs.com/blog/most-phishing-attacks-use-compromised-domains-and-free-hosting/).

How compromised domains can ruin your SEO and website reputation

SEO can help you attract more organic traffic, generate more leads, and increase your conversions. However, any SEO efforts can also be hampered by unknowingly having links leading to compromised domains.

Compromised domains can harm your SEO and website reputation in multiple ways, such as:

  • Damaging your SEO. Linking to compromised domains can have an adverse effect on your website's search engine ranking and overall performance. Search engines employ numerous criteria to assess the quality and relevance of a website, including its content, keywords, speed, and user experience. Additionally, they consider the quality and relevance of the websites that are linked to, as these links also reflect the authority and trustworthiness of your own website. If you link to compromised domains that host malicious or irrelevant content, it can lead to a loss in ranking and traffic, and even result in penalties or filters imposed by search engines.
  • Putting your users at risk. If the visitors to your pages click on any of these compromised links, they are at risk of multiple security threats. For example, if they were redirected to a malicious or phishing website it could infect their devices, steal their personal or financial information, or even extort them for money. Of course, this could then damage your vistors' trust in your site and could also lead to other legal liabilities and fines.
  • Tarnishing your reputation. Linking to compromised domains can potentially ruin your website's reputation and credibility. If your visitors find out that you link to compromised domains that host malware, phishing, spam, or ransomware, they may lose confidence and trust in your website and brand. They may also report or blacklist your website as unsafe or untrustworthy, which can affect your online presence and visibility.

Please note, there is not an official list of compromised domains published by search engines, therefore any list collected of compromised domains is based off secondary data. However, if you see the site you are linking to on our list, we strongly recommend that you assess the risk as soon as possible and make a decision about the need for this link.

Compromised domains are a common and potentially dangerous form of cyberattack that can destroy any SEO efforts and tarnish a website's reputation. By following our tips, you can learn how to properly protect your online presence.

How can you prevent using links to compromised domains?

There are a few ways you can achieve this to ensure that every site you link to is safe and secure for the user:

  • Only use links to reputable domains and tools that provide reliable and relevant information for your niche, products, or services.
  • Keep your website's software and plugins updated. These are the applications and extensions that run on your website and provide various functionalities and features. They should always be kept updated to the latest versions. Outdated versions may contain vulnerabilities that can be exploited by hackers. This can protect your site from being hacked and links being planted to malicious domains.
  • Monitor your website. You should regularly monitor your website using tools such as Labrika. Labrika's tools can help you track your website's visitors, keywords, rankings, speed, errors, etc., and alert you of any suspicious or abnormal content as well as your site's blacklist status.
  • Link to relevant websites with similar or complementary topics, keywords, audiences, etc.

What to do if you have links to compromised pages?

If your website has been compromised by hackers, you should clean up your website and restore it to an earlier backup as soon as possible.

You should remove any malicious content or code from your website's files and database, change your passwords and credentials, update your security settings, etc.

Frequently asked questions

The compromised domains list contains a safe domain, why is this?

There are several reasons why a compromised domain report may contain false positives, or safe domains that are mistakenly flagged as malicious. For example:

  • The report may be based on reputation block lists (RBLs) that use different methodologies and criteria to identify security threats, such as crowdsourcing, spam filters, or honeypots. These methods may not be accurate or up-to-date and may vary depending on the RBL provider.
  • The report may not distinguish between maliciously registered domains and those that have been compromised by attackers. A domain that was hacked and used for malicious purposes may have been cleaned up and restored by its owner, but still appear on the report.
  • The report may not account for how quickly security threats are mitigated by domain owners or registrars. A domain that was flagged as malicious may have been taken down or suspended, but still appear on the report.
  • The report may not reflect the dynamic nature of security threats, which may change over time. A domain that was previously used for malicious purposes may have been repurposed or sold to a legitimate owner, but still appear on the report.

What should I do if I find a safe domain on the compromised domains list?

If you are the owner of a safe domain that appears on the compromised domains list, you should contact the source of the report and request a review or removal of your domain from the list.

You should also check your domain for any signs of compromise or infection and take appropriate measures to secure your site.

If you are a user or a visitor of a safe domain that appears on the compromised domains list, you should verify the authenticity and safety of the domain before accessing it.

You should also use caution when clicking on links or downloading files from unknown or suspicious sources.