« | Home | »

Hacking for SEO – BEWARE of the Crap Hats

By theGypsy | June 9, 2010

Wow… sometimes life has a funny way getting things across. No sooner had I written about some security schmucks equating hackers with black hat SEOs that the table’s were turned. Now, in that story, they were talking about malware and really, it had little to do with SEO. That is not always the case. So we’re going to look at a situation (and solutions) for just such a moment.

Hacking for SEO – BEWARE of the Crap Hats

It began quite innocently really, just sitting around going about my day, when one of my fellow warriors came to me complaining they’d lost some rankings due to the infamous Google MayDay update. He wanted to know if I could poke around and give some insights on the situation. Innocent enough.

I grabbed the analytics and webmaster tool info and we immediately noticed there were some very strange data coming in. The site was getting traffic for some terms that had absolutely nothing to do with the site, not even the same language actually.

Hacking for SEO – BEWARE of the Crap Hats

Huh. Methinks something is rotten in Denmark. Ok, so next we went to Google and searched for some of the terms via the site: command and sure enough, they were showing up. When you click through to the page there was nothing. Then we looked into the source… still nothing. Not to be deterred, that next stop was the Google Cache. Ah HA! Fuckers.

Hacking for SEO – BEWARE of the Crap Hats

Will Hack for Links!

It turns out they had been using a method that only shows the hidden links to Google-bot and so when you viewed the page and source, there was no trace of it immediately. I decided then to cross the border and talk to one of my dark side aficionados. He looked at the code and said this was most certainly the case and took a shot at the fella for using ’2 year old methods’. Apparently there are ways to avoid being detected even from the Google cache (great..sigh).

While I generally can tolerate a lot of black hat techniques and have some cohorts that use them (one must learn ALL approaches to SEO) – I am not one that tolerates hacking to meet those ends. Dear hack hatter; do you want me to break into your house and shit all over the place? Because that’s what it is to me.

Serisouly. Some of these people have families to support and the few bobbles they make from their website might be the difference between stake and kraft dinner. Between a child’s birthday party and not getting anything at all. Do you really have the right to break in for your own selfish ends? How do you know you haven’t truly hurt someone in the process. THAT is total bullshit.

 

Words to the wise

Now, I talked to black hatters and Goolers alike to get a better picture on this. The dark side folks said that WP (which was the CMS in this case) is generally fairly secure, it is more often the plugins that they use to gain access.

From the other side of the fence, the Googler said it wasn’t all that surprising and highlighted another approach that can make finding them via Google cache even harder. And no, I am not going to say what that was as I ain’t giving no one ideas… nor warning the hackers what G looks for. But they do suggest using the webmaster tools ‘Fetch as Google-bot’ if you are concerned about hanky panky going on with your site.

Considering that I doubt these assholes do care or will ever stop, here’s a few proactive tips.

  1. Set up alerts for various common spam grounds (think the 4 Ps – pills, porn, poker, and payday loans)
  2. Watch your webmaster tools KW data
  3. Check suspect pages in WMT ‘fetch as Google-bot
  4. Keep your CMS up to date – limit the plugins

And if you’ve found some problems;

  1. If it is a template hack, re-upload a clean version
  2. Keep CMS up to date
  3. Assess what plugins you are using
  4. Add ‘Monitor Hacked Files‘ and set up cron
  5. Once clean, file reconsideration request (esp. If lost traffic)

When you do file a reconsideration request, be sure to have the documentation of how you found the offending (hidden) links and what you have done to clean it up and (hopefully) avoid it in the future.

Stay on top of things

This does highlight the need to be watching the vital signs for your website. Always be checking both analytic data and webmaster tools for any anomalies. Even better, grab and install the Monitor Hacked Files program (thanks Donna) and set the cron to run a few times per day. We have successfully deployed it and actually been able to catch hacks before ol Google did. Very handy.

These crap hatters are a shitty bunch by the way. I was very concerned about posting this episode because the last time I outted a tactic, I was beset upon with hacks and a slew of non-stop comment spam that was just ridiculous. I won’t go into detail on what they did once in, but it was ugly and cost me a TON of time.

Ultimately, I felt that this time the desire to help others outweighed the potential risk. Wish me luck and be careful out there!

Topics: Myths and Crap | 38 Comments »

Posted on 09 June 2010 by David Harry

Just a ranting and rambling search geek.... Web gypsy and renaissance man! When not losing what's left o' me mind here, I can be found blogging on the Fire Horse Trail and hanging wid me peeps at the SEO Training Dojo

has written 17 articles for SEO Bullshit

  • http://www.greatwebsitesblog.com/ Barry Adams

    Keep fighting the good fight Dave, expose those hack-hatters and scammers wherever we find them.

  • http://www.huomah.com theGypsy

    It really does piss me off Barry. I've had it happen to a few clients in the past, this time it was an SEO Dojo member. This one was a little more creative as well. And as I said, both BH peeps I know and a Googler told me of worse ones. It just isn't right. In the past a client who was just a small business person, lost a fair chunk of revenue and it hurt. Who gaves any of these assholes the right to do that? Just for some links to their garbage website that can't rank legitimately? Screw that.

  • http://www.justinparks.com Justin Parks

    Anyone who hacks this site obviously has not got, and never will have, a girlfriend (or boyfriend) and needs to get out more and breath some fresh air… and get laid.

    Interesting stuff David, though Im pretty sure these assholes who practice this type of behaviour know that this is only one single method and there's plenty more where that came from.

  • http://www.gospelrhys.co.uk/ Rhys

    **Stands and applauds**

    Such a crappy scammy spammy tactic that has a derogatory effect on so many websites. Seems to be part & parcel of using an open source CMS :(

  • http://steveplunkett.com @steveplunkett

    please dont equate hackers with spammers.. i crash your website.
    kthbnxbye

  • http://www.huomah.com theGypsy

    Uh Steve? He said scammers – and even in this case they ARE web spammers that are using hacking to achieve their ends…sooooo

  • http://steveplunkett.com @steveplunkett

    hee hee.. spammers = spammers DIE SPAMMERS DIE
    hackers = ultra #whitehatseo all the way to black hats.

    an SEO hacker can google hack one keyword, one page and provide client with millions in revenue. one result, multiple successes, usually long tail

    a spammer does volume NOT exactness, not one result, multiple results polluting a search query, multiple domains, multiple squidoo profiles with link wheels, doorway pages, etc.. instead of going for exact match on long tail focusing on relevancy and conversion (like an SEO hacker), they go broad match for volume and freqeuncy.

  • http://searchengineland.com/searchcap-the-day-in-search-june-9-2010-43985 SearchCap: The Day In Search, June 9, 2010

    [...] Hacking for SEO – BEWARE of the Crap Hats, SEO Bullshit [...]

  • http://www.huomah.com theGypsy

    Steve? Once more, this is about HACKING WEBSITES for SEO, not Google Hacking/Dorking.

    GOOGLE hackers =
    HACKERS = script kiddies, crackers… and in this case, 'black hat' SEO types.

  • http://www.holisticsearch.co.uk Peter Young

    And the sort of shit that gives all of this SEO malarky such a dark undertone.

    Great post David – definitely not the first time its happened and certainly not the last.

  • http://www.huomah.com theGypsy

    Well, there are scammers in most industries – we're not alone really.

  • http://www.thelostagency.com/ David Iwanow

    @David and nothing was really flagged within Webmaster tools, i guess their software can't do everything…

    hmm… i would have thought there would be a market for a WP plugin that can scan and monitor your site for things like this?

    Its not just hackers, it might be internal staff or part time webdevelopers looking to earn some cash on the side… if the technique is 2 years old, my bet it would be just someone who found it in a Google search and not an evil mastermind…

  • Cicada Mania

    This happened to me earlier year. The hackers added some code to my WordPress templates that displayed a link farm to search engines like Google, but not to regular humans viewing the site. I found it by looking at the Google cache of the page.

  • http://www.mercadeoporinternet.com rafaelmontilla

    I would say, do not us free templates o free theme. we must also check the code every 2 months, sometimes you can not find any anomalies either in analytic nor webmaster tools but in the code.

  • http://www.huomah.com theGypsy

    Actually we have successfully implemented the Monitor Hacked Files script on a few CMS including WP and Joomla. It does work, we were able to catch a hack before Google found it. So it tells you when ANY changes are made, even by staffers. A handy tool indeed

  • http://www.huomah.com theGypsy

    Yes, template files tend to be the most common, I'd be watching the htaccess as well. There are other methods which won't show up in the cache either, so watching the KWs in webmaster tools and testing pages in the 'Crawl as Googlebot' are handy for this problem.

  • http://www.bestchoiceforebooks.com Private Label Ebooks

    In my previous position as a Project Manager for a web development and hosting company we dealt with these issues constantly. After digging in and taking a harder look I would estimate 90% of the cases were due to the use of a “nulled“ theme the client has enabled on the site. These themes are the ones they usually get from some of the shady sites out there that are offering the theme downloads for free through services like rapidshare, etc.

  • http://martokus.blogspot.com/ Martokus

    What I've also seen (later warned by my hosting company) is that hackers attack unsecured FTP connections and can infect all sites sharing the same account. Make sure all your clients setup SFTP, FTPS or FTPES even if not required by the hosting company (many do not require it though).

  • http://www.kinaze.org/le-seo-ne-sert-pas-juste-a-optimiser-un-site-pour-les-moteurs-de-recherche/ perte de notoriété | analyse SEO

    [...] texte est publié sur SEO is bullshit à propos de mon aventure. Matt Cutt gazouille à propos de ce texte en disant qu’il est [...]

  • http://wellontop.com/ Sean Weigold Ferguson

    A similar thing happened to me with Joomla. My Copyright.php file was compromised and began generating thousands of dynamic pages that ranked for all sorts of popular keywords.

  • http://www.buzzbydesign.com BuzzByDesign

    This is such a low down dirty way to get links. It actually happened to a client recently, hundreds of hidden links added to an old post on their blog. Their WordPress version was not updated, it was an older version. So, lesson learned, I make sure all WordPress installs are updated frequently and take steps to secure it. Also, yes, I noticed the people they tend to hit are small home businesses with a sole proprietor, people who rely on their online business for income, so it's an especially nasty method.

  • http://www.greatwebsitesblog.com/ Barry Adams

    Stop hitting the bong so much, dude. It's affecting your comprehensive reading skillz.

  • http://www.searchenginejournal.com/weekly-search-social-news-06152010/21662/ Weekly Search & Social News: 06/15/2010 | Search Engine Journal

    [...] Hacking for SEO – BEWARE of the Crap Hats – This little ditty is one that I ADVISE READING. Not because I wrote it, because it is damned important. Getting hacked for links and nuke by Google can happen to anyone. Be aware and be prepared. [...]

  • http://twitter.com/JLear_99 Jonathan

    Great article. I just found your site today and it has opened my eyes to a thought once forgotten. since turning from the dark side years ago I had forgotten about hackers and their mischievousness ways. Thanks for bringing light to the situation for me.

  • http://www.onetomarket.nl/zoekmachine-nieuws/pre-weekend-recap-week-24.html Pre-Weekend Recap (week 24) – Onetomarket

    [...] Hacking for SEO – BEWARE of the Crap Hats [...]

  • http://www.chotrul.com/ Colchester SEO

    Thanks for this. Very interesting indeed to see what Google cache revealed ….

  • Johan

    While this, obviously, is a dirty trick, i am surprised at the reactions. As soon as you start using 'default' software such as wordpress (or whatever freely available software that offers free plugins) people will go and try to hack you, the more common you're CMS the more likely they succeed.

    This is the risk and punishment for people who think they can build a website themselves,

    Don't send a SEO'er to do a Programmer's job,

    Yes I'm a programmer who's trying to improve his SEO knowledge, so I'm well aware the the oposite (don't send a programmer to do a SEO'ers job) is true as well.

  • nike trainers sale

    Agree to the word

  • Brdavs

    While I sympathize with the poor kraft dinner eating sod, I should point out, that using other people’s shoes will always give you blisters. In other words… whining about having your WP hacked is like running a marathon weighing 250 kg at the age of 95 and acting surprised when you get a heart attack…

    Don’t use crap software if you don’t want crap people crapping all over it…
    Write your own software and be sure to know, what you are doing.

  • http://plrzone.com/ PLR

    Dirty… real dirty

  • Fyou

    must be nice to know everything

  • Brdavs

    It’s nice to know I am not the ONLY one that got burned.Don’t think that I wasn’t there. I was for several years, only “other people’s shoes” was Drupal, not WP.The general problem is not WP or Drupal. It’s ubiquity of the toolchain. Any schmoe can code and use other schmoe’s code without any of the schmoes actualy understanding any of it. Add PHP to the soup… and there you have it.And for the record. PHP is bad for your health even if taken with WP.It’s disorganzed and has no direction of evolution. It’s like carcinogenic virus of developement tools. Highly contagious, incurable and you die from it. Horribly.

  • http://www.searchenginejournal.com/weekly-search-social-news-04262011/29492/ Weekly Search & Social News: 04/26/2011 | Search Engine Journal

    [...] I especially like the term ‘link hacker’ as it is something I covered last year with; Hacking for SEO – BEWARE of the Crap Hats [...]

  • http://www.ads2site.com/index/weekly-search-social-news-04262011/ Weekly Search & Social News: 04/26/2011 | Ads2Site

    [...] I especially like the term ‘link hacker’ as it is something I covered last year with; Hacking for SEO – BEWARE of the Crap Hats [...]

  • http://www.buyinggenericcialis.com/ generic cialis

    Thanks for bringing light to the situation for me.

  • http://twitter.com/AnnieCushing Annie Cushing

    This is a phenomenal post! Thanks for the great resources, insights, and link to the MHF Tool page with even more great info. 

  • http://www.huomah.com theGypsy

    Tanks  Annie… was a bit of a ride and figured I’d share it. I was just kinda angry, so it ended up here. I guess you found ‘er from the SEW post? Always new ways websites can get screwed up. We keep learning.

  • http://www.huomah.com theGypsy

    Oh, and it was Dazzlin D that turned me onto MHF… great little program.