• Red Hen site found peppered with links to pages selling Viagra
  • The attack leveraged was an ancient Black Hat tactic called SEO spam
  • Red Hen has been in the spotlight of late for refusing to serve White House press secretary Sarah Huckabee Sanders

The website of the Red Hen restaurant in Lexington, Virginia has been spotted serving up links to erectile dysfunction ads. Red Hen was recently pulled into the spotlight after refusing to serve White House Press Secretary Sarah Huckabee Sanders - an incident that prompted US President Donald Trump to tweet about the “dirty” restaurant.

The Red Hen site was found containing code that redirects users to a site selling “general Viagra” in Australia. The script has also reportedly been linked to several online stores marketing cheap antibiotics as well.


According to Malwarebytes security researcher Christopher Boyd, this is an ancient Black Hat tactic called search engine optimizing (SEO) spam or Spamdexing. The most common forms of Spamdexing include:

  • Keyword stuffing - this involves jamming numerous content-specific words or terms into an article’s text to artificially drive traffic.
  • Hidden text - this is where websites are crammed with content that is the same colour as the background. The sites are then placed across various pages to boost traffic.
  • Scraper sites - this involves websites designed to generate ad-based profits by ravaging other sites and often even removing content, such as company or author name.

Modus operandi

According to Boyd, the Red Hen site is running on WordPress which could have enabled hackers to exploit either WordPress or one of its plugins to launch this kind of spamdexing attack.

“ It could even be down to something as basic as gaining access using default admin credentials, or a webmaster being caught up in a phishing scam,” Boyd wrote in a blog.

Why Red Hen?

The Red Hen restaurant recently gained notoriety after declining to serve White House Press Secretary Sarah Huckabee Sanders. The restaurant has since been besieged by Trump supporters who have begun protesting outside the restaurant holding flags and wearing “Make America Great Again”.

“Injecting redirection code to Viagra spam portals on a site currently at the heart of US-centric news is a dream come true for hackers, and they'll no doubt be hoping to capitalize on an inevitable traffic boost to the restaurant's website,” Boyd told Newsweek.

Cyware Publisher