The Hacking Attack
My blog got hacked and injected with a folder containing 645 pages, all full of auto-generated content, loaded onto plagiarized templates and linking to about 1700 different websites – making it difficult to discern which are the spammers’ own and which are legit. I asked about crawling these pages in the Pro Q&A and Rand referred me to Xenu Link Sleuth to run the crawl.
The hacking job was pretty sophisticated, as I didn’t even realize anything was amiss. And as the attack seems “only” targeted at SEO, and not drive-by malware downloads – Google WMT reports didn’t report any malware, naturally….
Except that the keywords my site was relevant for suddenly swung from the theme of SEO to debt.
Furthermore, when I tried to go and delete the files via FTP… there was “nothing there.”
I don’t know if that’s a problem with Dreamhost’s hosted FTP interface or actually a function of the hacker’s sophistication, but it was impressive, to say the least. All the more so when you consider that the folder (/pics/ ) this hacker injected his files into into has an index file that takes no input from any fields whatsoever. So there should have been no way for him to inject anything from there.
The SEO Aspect
I told my hosting company, Dreamhost, but asked for them to leave things in place for the moment – there’s no danger of malware it seems – to try and learn from the hacker.
Given that there’s so much data and that I’ve only got so many brain cells (countable on the fingers of two hands and one toe…), I thought I’d see if the SEO community would like to play with it, too. When AOL leaked its CTR data, it was fascinating info, so perhaps you guys will put this info from Xenu Link Sleuth to good use.
Some items I thought of to date:
- The external linking isn’t just to many sites. Legitimate sites like Yahoo were also linked, for example.
- The links also go to a variety of mediocre sites in the niche … but I myself can’t tell which were the deliberate target of the spammer.
- I looked at two whois records and got listings in two countries very far removed.
- Both the above points may be solved by evaluating the data in bulk
- Linking to many other sites in the niche makes the pages hubs, and arguably gives a positive quality signal to search engines.
- Many other hacked sites were clearly also linked to, including other Wordpress sites. Perhaps something for Wordpress.org to update in the next version?
- For the link builders, there’s probably an opportunity to make friends with the many hacked sites by making them aware of the situation…
Right-click and save the following link to download the tab-separated file of all the URLs, the anchor text etc. There’s also the .XEN file from Xenu and the html-page report on the data.
seoroi.com/downloads/seoroi-hacked-xenu
If you do download it and come up with some interesting analysis and/or insight, I’d ask you to post about it, here or on your own blog (if elsewhere, then please comment with the link below).
Lastly, if you found this post interesting, get a free chapter from my advanced SEO book. (The book teaches critical and creative thinking rules for SEO, to make SEO a fun and profitable game, as well as sharing advanced tactics that apply these principles.)