» November 18, 2007 in
Do Not Rely On Google Traffic! Do Not Rely On Google Traffic! Do Not Rely On Google Traffic!HACKED! "hello from norwegian teen hackers, we've hacked your blog. Long Live norwegian teen hackers! (insert stupid skull picture here)
Stupid hackers announce to the world they hacked you.
When you see most sites hacked it's done by complete amateurs who are just looking for some attention. No biggie for you because you backup your files, YOU ARE SAFE, correct? Probably.
If you do get hacked by somebody that is looking for attention consider yourself lucky. There are many hackers that won't let themselves known as easy and have much darker desires than announcing to the world "I hacked abcdefg.com".
How One Line Of Code Can Destroy Your Online Business
Do Not Rely On Google Traffic! Do Not Rely On Google Traffic! Do Not Rely On Google Traffic!
A pro hacker WILL NOT let you know they hacked you. They will compromise EVERY site on your server and you will not know it.
This happened to me a few days ago. A hacker added one single line of code to the bottom of every index.php page I had sitting on a server, roughly 60 websites. (not the 45n5 server)
The code was javascript that appeared to collect user stats however to the googlebot and some systems they viewed it as a VIRUS. Ouch.
What Happens When A Googlebot Thinks There Is A Virus Or Malicious Javascript On Your Site?
IMMEDIATELY they drop the site to Pagerank 0 and add the lovely disclaimer to every single search result "This site may harm your computer." PLUS stop sending you ANY traffic.They WILL NOT ask your opinion on the matter. They will just KILL your sites.
Fortunately I spent the entire day fixing the sites and only a handful of sites dropped to PR0 however a couple averaged over 1000 uniques per day and were a couple years old so i took some decent loses.
If you DEPEND on google traffic they can shut it off in an INSTANT! And you will never see it coming. All from one line of code. It might not happen to most of you but if it happened to me it CAN HAPPEN TO YOU.
I really like google though
I love google search, I love they are slapping webmasters, I love google products, I think pagerank is becoming even more relevant (to everybody except the people getting slapped ;).
HOWEVER I would NOT build a business that depends on google traffic to feed your family. I really hope this story drives the point home for you.
But I'm OK
Fortunately not all of my sites were killed. I can still eat. Plus I'm very optimistic about moving towards 100% income not attached to the googlebot for 2008 now.
I know many of you will blow this off and that's cool, I will have some products to sell you in 2008 (more on that later) however for the 4 people that REALLY pay attention here, run away from any income dependent on google as fast as you can, seriously, start running, otherwise:
One Line Of Code Can Destroy Your Online Business
(ps. My best guess is dreamhost servers were compromised and not my sites directly. They said this was a possibility however we're not sure the exact problem. I also removed EVERY single wordpress install I could find from anytime, even if the site was making a small amount each month, wordpress is a LIABILITY to your business unless you can update every single install every single month.)
If you like this post then please consider subscribing to my full RSS feed. You can also Subscribe to 45n5 by Email and have new posts sent directly to your inbox.
Mac () says on November 18, 2007:
Holy Crap, that is some scary story Mark. I've never been hacked (that I know of) yet and hope I never will. The amount of damage that one single line of malicious code on a server can produce is horrible. I never thought Google would "shut down" the sites like that. My God, PR 0. Ouch!Of course backing up is essential but it doesn't back up your traffic nor the reputation you might lose if such an attack occurs. What is your legal recourse against DreamHost if any? So you're also suggesting that WordPress is the main liability and should not be used, ever, by bloggers? I know a lot of people that agree with this bold statement (I'm one of those) but what is the other options users can use to be safe?
Really interesting article Mark, thanks.
Seb
www.macishere.com
*The Apple Community with a twist*
45n5 () says on November 18, 2007:
I doubt there is any recourse towards dreamhost and i probably couldn't prove anything, plus I'm not mad.I backup every night.
"you're also suggesting that WordPress is the main liability and should not be used, ever, by bloggers?"
You can use it if you can do the security updates that come out every 2-3 weeks for EVERY install you ever make, then it's fine.
lilian says on November 18, 2007
Thanks, Mark. For the scary story to open my eyes. I had been hacked a couple of times (one of those Turkish hackers) and I don't know what hit me 'cos I am a noob and rely on my webmaster. Now, I can walk away a little enlightened, but not much smarter, still..
michaelmartine () says on November 18, 2007:
Mark you are absolutely right. I could survive without Google traffic. It would put a dent in me, but that's all. Your story reinforces why I manually install my WordPress blogs. I'm glad you recovered from it OK.GarryConn () says on November 18, 2007:
Same thing happened to me earlier this year. As it turned out it was caused by my host provider in combination with myself. I didn't experinece the Google slap like you did... perhaps I just fixed the issue before the Googlebot crawled? Anyway, sounds like rough stuff, I know it was for me. So, I am glad you got it all fixed. Google isn't unforgiving, and they should put your stuff back during next crawl. Tori says on November 18, 2007
I hate hackers! (actually security crackers, but whatever)
I feel your pain.
I had a social network running on a certain CMS and then crackers from a certain country I shall not name that starts with a T hacked and defaced it. A quick google search showed that the same hacker (he was of the hacked by [name] variety) had defaced a good number of sites running the same CMS (enough for several google results pages of hacked sites).
Long story short, I learnt that I should always backup and always update when using a CMS.
You also have to watch out for phishers! I must not have learnt my lesson well enough because I had another website cracked about 6 months ago. I had a phisher crack into my site (I assume through a hole in a CMS) and gain access to my site. They placed there phishing pages and images into my root directory (they were imitating paypal).
I don't know when they did all this but I found out about it because I woke up one morning and my site had been suspended by my webhost. Try sorting that out!!
It took a day of emails back and forth with my host but it was straightened out.
I hate hackers...
45n5 () says on November 19, 2007:
thanks for the comments allunfortunately it's not as easy as a reinclusion or waiting on another crawl.
if it happens to you go to webmaster central
there will be a report taht you've been dropped and also list a spam site "clearing house" where you are now listed
you need to request a "review" of your site there after you are clean
fingers crossed.
John says on November 19, 2007
Okay, okay, message received. I am backing up right now! Thanks for scaring me straight. www.notjohnchow.com
sarahG () says on November 20, 2007:
I've heard of this happen on other sites in the past, be it JavaScript or a load of links inserted.How did you detect it or did Dreamhost inform you of the hack? Whilst backing up is always essential, it clearly pays to also keep an eye on your code from time to time and make sure you've not acquired anything that shouldn't be there!
WordPress upgrades aren't too bad but as you say, you need to stay on top of them.
45n5 () says on November 20, 2007:
@sarahG - there is no way to really notice it until you see your earnings disappear. dangerous stuffthat's how I noticed, saw my earnings drop by 50% or so and stayed that way, then did some serious investigating and found google had done some serious killing of my sites/traffic
Caroline Middlebrook says on November 20, 2007
Ouch that sucks Mark, glad you got it sorted.
45n5 () says on November 20, 2007:
thanks caroline, slowly getting things backthe google review request worked and they removed the "bad site" label from my sites but still showing pr0 and no traffic
Nex says on November 27, 2007
Perhaps PR will start going back on next crawl?
45n5 () says on November 27, 2007:
@nex - traffic is back to about half. I'm hoping I get some pr back next update.
