I owe you an apology. Yes what you are doing is productive. I'm sorry. I clearly have not been around these forums enough to understand them. I really do not understand why you moved my post. I'll try to curb my rudeness and my enthusiasm in the future.
But I also disagree with you. I don't really like the idea of a list either but I have to think low tech. I cannot program. I've forgotten the Honeywell H316 machine code that I learned 40 years ago and even if did remember it it wouldn't be of much help.
Personally I don't feel one bit ashamed of having my site hacked. I don't know why anyone should, unless they are in the security consulting business or something like that.
How would it work? The better idea would be to be able to be able to notify people directly that their site had been hacked. But I don't think that me emailing people is going get me very far.
Most of my email probably ends up in spam folders. I do think I have had some success though. So far I have identified at least one web host provider that seems to have a major security issue. They can ignore it if they want but I am not planning on it. If they fix their problem that will take hundreds of sites away from the crackers, even if it is just temporary. They will have to work harder. That would give me joy. If someone devises an automated way for host providers to monitor for Pharma and similar cracks they could probably get along with less support staff or divert them to doing other things. Even of they just set up google alerts for every web site it would be a simple thing
If every person fixing a pharma hacked site tracks back to all the sites with hidden links lists and tries to get them shut down we CAN make a difference. It isn't that hard. I use http://www.siteexplorer.info a site that I found yesterday. If even a few people go through the list of hacked sites and contact the owners it means less money in the crackers pockets.
If I can convince google to track down hidden lists and ignore them to improve their search results then I might really be able to make a dent.
I know what it is like to be a tech and think like a tech. It is hard for me to be any other way. But I am too old for that now and I am trying very hard to think outside my tech box mind in hopes that I can find low tech solutions to fight back against high tech people limitless free resources.
Why am I picking on Securi? I'm just a bit cynical. I know they are good people but they also profit form cracked sites.
My feeling is that it isn't good enough to just be relieved that my site no longer has the Pharma Hack. (for now)I want to fight back. I cannot give advice on how to clean a hacked site. I cannot track down hidden code.
I can track down lists of hacked sites that are out in the wide open in plain English. I am just not very efficient at it. That frustrates me. This is doable. I can feel it. Spidering back with software and collecting URLs from hidden links seems like such a simple task.
If you shut down the spam then the malware doesn't' have much relevance or has to be diverted to other purposes. It is just like the idea of everyone using strong passwords and/or a firewall like wordfence then what would the point of a cracker having an army of a thousand bots focused on 5000 dictionary attacks a minute?
Jan, I appreciate our thoughtfulness. I'm also trying to be helpful. I'm just hoping to get the attention of someone who can help me do it on a much larger scale.
I'm just one dumb old old man. Yesterday I would have been thrilled to be responsible for fixing one cracked site. Today I want to fix thousands because I can see the potential.
My message, think outside the box. Be proactive if you can.