Recently I had a few blogs hacked.
The reason, simple – I didn’t upgrade my WP installs and I didn’t check every single plugin I installed for safety and security (who does) . Lots of people don’t, a simple query on Google will show you 1000’s that haven’t either.
Why? Well, one of the reasons is that it used to be very difficult, or shall we say, cumbersome to do so. You had to jump through all kinds of hoops and it was a basic PITA.
Well, apparently, it isn’t anymore. There’s even an automatic upgrade wordpress plugin that checks your install and helps you sort it out.
Ok, so yes, lots of people are going to scream serves you right Rob, you should have updated your code..but come on, get real, who does so religiously and what about holidays or illness or time away from the computer, hacks are going to happen, even with the latest suped up versions.
I didn’t even know my blog had been hacked until I had a bit of spare time to check in on a few things to see how they were doing and noticed that none of them we’re ranking for jack.
I even posted a blog post a few months ago, and more or less felt it was Google just digging me out for being me or something. It turns out it wasn’t that at all, and I’d been unknowlingly linking to zillions of spammy viagra cialis crap from the footer of my pages.
The disgustingly sneaky thing about the tactic was that it cloaked the links to Googlebot, so that only Google were aware that the links existed. The graphic below is just a snapshot of the 1700 links they stuffed into my footer, at the time they were even smart enough to use a tactic that only injected them into your old posts, so a look at your search engine cache would show a nice clean, non violated blog.
I never said I was stopping blogging I’m a SEO, I work in the search engine industry and having your site dead in the biggest search engine to me just doesn’t sit right.
I felt similarly, I used to blog regularly, but sort of thought, what’s the point anymore, no fecker ever reads it, other than those who know I already exist. Google has an issue with me and I’m buggered if i have any clue what it’s all about, so…
I twittered MattCutts on the thing just yesterday, and whilst he may have a point when he says that people should keep their WP installs up to date and that I should maybe look to ask WP to come up with a better solution.
Like David though, I’m wondering why Google couldn’t alert me in webmaster tools and say hey Rob you big dummy, we don;’t want to rank your site, because you have like 1700 links to crap on around 180 of your site pages. Or Rob, go look at the cache of your pages and tell us when you’ve fixed the spam issue.
So, what to do? Some little monkey is bound to find another hole in WP, be it via a plugin or some new fangled exploit that some uber monkey forgot to consider.
Well, what would be cool, (for this little exploit at least) would be a little plugin that was part of the core install, that did things like check search caches, say once every week or so and looked for a string of words that by default was set to words like c1alis or Pr0n or V1agra etc that people could edit or add to/subtract from.
I don’t have the time, but I’m sure that some smart so and so does and he or she would get a shed load of links for writing the thing too. I’m thinking that by comparing the cached content against the actual content (allowing for the cached header difference) that people could then be informed of any discrepancies.
Alternatively, people could insert a bunch of known bad words into a text filed and have a script run a check against cached search engine versions.
There’s an idea, linkbait alert guys, maybe we need a web page version too, hey google webspam team maybe you guys can code one up and put it up there somewhere
By at least having this info, people would have some clue as to what was going on and take some form of action.
Patrick tweeted me last night and posted a reference to a google alerts method for this very thing. Whilst I think it’s an excellent suggestion, the downside is that you are limited in terms of what you seek alerts for. Not every spammer is necessarily spamming a blog with known pr0n or ph4rm generics, so you could in theory be caught out on that method too.
I asked @photomatt whether he envisages many more of these types of things happening soon . No response thus far, but hey, it is a kind of a ‘will the Horse in blue win the 3’oclock at Epsom’ type of question, no one knows until it does, and when it happens it’s all over already.
update:cool, seo idiot has made a cache checker here.