Enter your email address:

Delivered by FeedBurner

Funny Links In Google

There have been some nasty hacks on sites that turn them into link zombies and if you use (highly recommended if you are hosting your own WordPress blog or some open source ecom solution) Fetch as Googlebot tool in Google's webmaster tools you can see them although a visit to the site will look normal. This has been a bunch of 'bad bots' that I think really started in Oct-Nov. exploiting the default settings of a Apache server (PHP is defaulted in evaluation mode (eval64) so certain commands can be used to break into a site). Keep your word press apps patched and if you use something like OS Commerce you best visit the OSC forums to lock down your installs. This actually affects new versions more then the old un-patched versions which are more subject to individual hacks but that is less serious than a malicious bot. A plus side for Hub spotters is the platform is on MS servers. The requirements of running a MS server involve actual training vs. the sort of casual attitude of a LAMP server hosting company. You really need to know what you are doing to keep it secure. Hosting companies like to say the server has never been hacked but that does not include the client's accounts which get hacked all the time. I certainly do not see the difference if the site is a spam bot but the hosting companies just shrug their shoulders. If you go with a LAMP server then make sure you add a PHP.INI file that deactivates all the development functions of PHP (.ASP is the MS equivalent but they don't run a production server with development features turned on. I think it's an open source thing with clueless hosting companies). This year should be interesting with more evil bots. It's great the hackers have come up with productivity tools now. The intent seems to be focused at SEO link building and identity theft. At any rate the sites you mentioned are compromised. They just don't know how to see it.



Why

The SEO hack I'm very familiar with mixes it's paid links with legit companies to confuse Google spam team. They can shut down the infected site but certainly can not go back and ban the advertisers if it's everyone in the industry. One example above is running Wordpress which I would bet is hacked. Funny header reference in source. Then I do a search for http://dallastxhondadealer.com/zzzk/ and what do I find in Google? Try the search in Google. Then try it with just the domain name. You will see how damaged the site is. It's a very nasty hack.


Oh and this hack is done on websites with authority (at least they try) so Google is visiting all the time. Magically, just for the Googlebot all these additional pages show up. It's all in the SERPs. 68,000 or so. That's why it's called a SEO hack. It only shows for a search bot it's special re skin of the site. I have seen in the .htaccess on infected sites it puts in a whole list of bad bots that are not allowed access to the hacked site: It's a long list. We have to toss the site at that point and start over. Cleaning it out of the database is even more fun. Backup, backup and backup.


How do I protect myself

Back up and update often are the best defense. Make sure you understand how to restore or your hosting company is ready and willing to lend you a hand. If it get's hacked you can simply overwrite it with the backup copy: If it's up to date. complex admin passwords, renaming the wp-login page Every default install has the same name which makes it easy to send a bot at it. Third party plug-ins not kept up to date is another big issue.

Oh yes closer to home: scan your computer for malware and use a very good AV program (AVG). Lots of key tracking, password sniffing and other nasty Trojans: I mean very nasty. click a link and your infected. That brings us to running FireFox with script blocking. If you trust the site then you can allow it. I have been on the NY Times web site when they were hacked with the rogue spyware pop-ups so it can even be sites you trust (or not, LOL) AVG just kicked me off the site with a malware block. Turned out it was right on. It seems worse then it ever was.