Is Steven Seagal secretly endorsing Viagra and payday loans? His website suggests so


Steven SeagalHere’s something strange.

Have you tried Googling for the magic combination of words “Steven”, “Seagal” and “Viagra”?

I hope your answer is “no”. After all, what normal person would search the internet for such words?

But if you did, you might see something strange.

You see, what’s odd is that four of the top seven results if you Google “Steven Seagal Viagra” point to the kickboxing action hero’s official website.

Steven Seagal search results

If you check out the source code of the 61-year-old movie tough-guy’s home page, you will find that blackhat search engine poisoning techniques are being used to boost the search rankings of Cialis, payday loan and Viagra websites.


At first, I wondered if wasn’t the Steven Seagal’s real official website. But I think it has to be. After all his “verified” Facebook page (with over 1.5 million Likes) points to it.

It seems to me that there are two possibilities.

Either, times are hard for the ponytail-wearing film star, producer, writer, martial artist, guitarist, reserve deputy sheriff and holder of a 7th-dan black belt in Aikido.

Or, at some point, Seagal’s website was exploited by hackers who managed to inject some search engine poison to try to boost their websites. All of the websites are dead or unresponsive now, which suggests that the attacks may have taken place some time ago, and Steven’s IT team haven’t properly tidied up afterwards.

Leaving crumbs lying around after a website attack is not only sloppy and allows the hackers to (potentially) continue to benefit, but also makes a loud and clear statement to the rest of the world that you once had a problem with your site’s security.

There are, no doubt, many websites not run by professional hard men who are equally guilty of serving up evidence that they were once the victims of internet hackers.

Thanks to the loyal reader who sent me an anonymous tip about Seagal’s website. I wonder why he chose to remain anonymous? :)

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

One Response

  1. Mike

    August 13, 2013 at 8:06 pm #

    This is not uncommon and my websites get hit all the time. Spammers go after CMS (content management systems) and use scripts to inject ‘blogs’ or ‘posts’ with advertisements. Normally, as site admins, we hide these pages from normal users, but googlebot finds pages most users don’t. The best way to protect yourself is, if you have a ‘read only’ style website (no forum or method to post back to the site) and you use any CMS like WordPress or Joomla, then you must disable all methods for users to sign up and post. Most admins don’t do it because they assume people wont phish their websites for hidden post pages.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.