By theGypsy | June 9, 2010
Wow… sometimes life has a funny way getting things across. No sooner had I written about some security schmucks equating hackers with black hat SEOs that the table’s were turned. Now, in that story, they were talking about malware and really, it had little to do with SEO. That is not always the case. So we’re going to look at a situation (and solutions) for just such a moment.
It began quite innocently really, just sitting around going about my day, when one of my fellow warriors came to me complaining they’d lost some rankings due to the infamous Google MayDay update. He wanted to know if I could poke around and give some insights on the situation. Innocent enough.
I grabbed the analytics and webmaster tool info and we immediately noticed there were some very strange data coming in. The site was getting traffic for some terms that had absolutely nothing to do with the site, not even the same language actually.
Huh. Methinks something is rotten in Denmark. Ok, so next we went to Google and searched for some of the terms via the site: command and sure enough, they were showing up. When you click through to the page there was nothing. Then we looked into the source… still nothing. Not to be deterred, that next stop was the Google Cache. Ah HA! Fuckers.
Will Hack for Links!
It turns out they had been using a method that only shows the hidden links to Google-bot and so when you viewed the page and source, there was no trace of it immediately. I decided then to cross the border and talk to one of my dark side aficionados. He looked at the code and said this was most certainly the case and took a shot at the fella for using ’2 year old methods’. Apparently there are ways to avoid being detected even from the Google cache (great..sigh).
While I generally can tolerate a lot of black hat techniques and have some cohorts that use them (one must learn ALL approaches to SEO) – I am not one that tolerates hacking to meet those ends. Dear hack hatter; do you want me to break into your house and shit all over the place? Because that’s what it is to me.
Serisouly. Some of these people have families to support and the few bobbles they make from their website might be the difference between stake and kraft dinner. Between a child’s birthday party and not getting anything at all. Do you really have the right to break in for your own selfish ends? How do you know you haven’t truly hurt someone in the process. THAT is total bullshit.
Words to the wise
Now, I talked to black hatters and Goolers alike to get a better picture on this. The dark side folks said that WP (which was the CMS in this case) is generally fairly secure, it is more often the plugins that they use to gain access.
From the other side of the fence, the Googler said it wasn’t all that surprising and highlighted another approach that can make finding them via Google cache even harder. And no, I am not going to say what that was as I ain’t giving no one ideas… nor warning the hackers what G looks for. But they do suggest using the webmaster tools ‘Fetch as Google-bot’ if you are concerned about hanky panky going on with your site.
Considering that I doubt these assholes do care or will ever stop, here’s a few proactive tips.
- Set up alerts for various common spam grounds (think the 4 Ps – pills, porn, poker, and payday loans)
- Watch your webmaster tools KW data
- Check suspect pages in WMT ‘fetch as Google-bot
- Keep your CMS up to date – limit the plugins
And if you’ve found some problems;
- If it is a template hack, re-upload a clean version
- Keep CMS up to date
- Assess what plugins you are using
- Add ‘Monitor Hacked Files‘ and set up cron
- Once clean, file reconsideration request (esp. If lost traffic)
When you do file a reconsideration request, be sure to have the documentation of how you found the offending (hidden) links and what you have done to clean it up and (hopefully) avoid it in the future.
Stay on top of things
This does highlight the need to be watching the vital signs for your website. Always be checking both analytic data and webmaster tools for any anomalies. Even better, grab and install the Monitor Hacked Files program (thanks Donna) and set the cron to run a few times per day. We have successfully deployed it and actually been able to catch hacks before ol Google did. Very handy.
These crap hatters are a shitty bunch by the way. I was very concerned about posting this episode because the last time I outted a tactic, I was beset upon with hacks and a slew of non-stop comment spam that was just ridiculous. I won’t go into detail on what they did once in, but it was ugly and cost me a TON of time.
Ultimately, I felt that this time the desire to help others outweighed the potential risk. Wish me luck and be careful out there!