how they are done and how to spot them
Rogue Website Hosting Companies
Outright scams by website hosting companies are rare, but they do exist and should be watched out for. We had a case in the forum (Rogue web hosting company changing customers' websites) where the web host used the server to intercept all page requests for all sites of all of their website hosting customers. If a request was from a person, the normal page was returned, but if a request was from a major search engine spider, the web host's server scam modified the page that was returned, by dynamically adding a set of links to it. This was done to all the web host's customers' sites, and without their knowledge or permission.
Most of the added links pointed to the web host's own websites, but some pointed to non-existant (virtual) sub-folders within the customer's site. When any search engine spider requested a page within those non-existant sub-folders, the system dynamically created a page of links to the host's own sites, and the host's sites got even more links pointing to them. When people requested any of the non-existant pages, they were redirected to the site's home page, but for search engines, each hosting customer's site contained sections that the customer didn't put there, and didn't know existed. The extra sections couldn't be seen by FTP, because the sub-folders and pages didn't physically exist. They were virtual, dynamically created, sub-folders and pages, which were only ever seen by search engine spiders.
The purpose of the scam was to add many links, with targetted link text, to the website host's own sites, so that they would be pushed up the search engines' rankings. In doing it, the customers lost out in ranking positions, because the host was channeling PageRank out of the customer sites, which caused them to lose a little ranking power.
We were able to get Google to deal with the web host's site without harming the innocent customer sites, so that case worked out ok. But it isn't an isolated case, and the possibility of a website hosting company scamming customers is something to be aware of. The problem with that type of scam is that most customers wouldn't know how to spot it. There are no extra files to be seen by FTP, and, without knowing the file paths and names of the virtual pages, how can such a scam be spotted?
How to spot the scam
Fortunately, Google comes to our aid. Do any search in Google. At the foot of the results page there is a link to "Language Tools". Click it. Near the top of the returned page is a box in which you can enter the URL of a page to be translated ("Translate a web page:"). Enter your page URL there, leave the setting at German to English, and click "Translate". There will be no German words in your page, so it will all come back in English. If the web hosting company has changed anything in your page, you will see the changes in the translated page.
How does that work? When the web server serves one page to people, and a different page to search engine spiders, it is called cloaking. The scam that I've described serves different pages to search engines than those that are served to people. Search engines get the added links, but people don't. It is cloaking. Cloaking looks at the IP address of the requestor before deciding which page to send. If it is the IP of a search engine spider, the page with the added links is returned. We can't spoof a Google spider's IP address, but Google's translation tool uses a Google spider's IP address, because it is a Google spider, so the host returns the page that is intended for search engines. That's how you can see any modificatoons that have been done to your pages by your website hosting service.
If your website hosting company is a small business, you might want to check a few pages from time to time.
Unfortunately, the orginal forum thread about that scam was lost in a technical glitch, but the thread linked to at the top of this piece shows what the cloaked pages looked like, and some links to 'saves' of the original thread pages are posted at the end of the thread.
Hacking Problems
A case (sitemaps hacked??) recently appeared in the SearchEngineWatch forum where websites had been hacked, so that pages are modified when search engine spiders request them. Those particular modifications were to benefit porn sites. In this case, the hack is easy to spot by FTP because real sub-folders and files are added to the sites, so it isn't invisible as in the previous case.
Google people checked it out, and concluded that it wasn't the hosts who were to blame, but the likelihood is that cPanel usernames and passwords had been hacked so that the new sub-folders and files could be placed in the sites. The hack caused one of the sites to be penalised by Google, but it is likely to be re-included now that the cause has been exposed.
This type of hack is bound to be on the increase, and should be watched out for. It is easily spotted by FTP, due to the extra sub-folders, but it is better to prevent it in the first place by using totally obscure passwords.
http://www.webworkshop.net/hosting-scams.html