Over a period of 6-months, this website was compromised. I am not sure what exactly happened but it was most likely password-reuse which lend itself to this problem. The problem became obvious when I first noticed that an unusual link to a ride-sharing service has been inserted. Later, I noticed more of those links. That’s when I realized that I can’t simply sit and scan each and every blog post on this website manually and decided to write a small interactive link checker tool. This tool whitelists the starting domain and allows you to whitelist URLs on a per-domain basis. The great thing is that the whitelist is persisted at the end of execution and will be used next time you use the tool.
Say, your website is example.com,
go run outbound-link-checker.go \
-domain example.com \
-starting-url https://example.com \
The tool starts from the starting URL and scans all the links on the page. If any of those links are in the domain, they are scanned further. If they are not, then they are checked against the whitelist, the non-whitelisted domains would be prompted back to you for whitelisting.
Using the tool, I caught quite a few more such bad links.