PageRank: How Malicious Code Gave Me a PR0
February 1st, 2008 by Michael KwanI finally figured it out.
I originally thought that the reason for Google’s PageRank smackdown had to do with me selling paid links and paid reviews on Beyond the Rhetoric, but that didn’t explain why my main freelance writing site would get demoted down to PR0 as well. As a result, I felt that I didn’t understand Google PageRank anymore.
Well, it turns out that some stupid hacker got into the backend and started editing a whole bunch of my files. Based on a little bit of research, this probably happened before I migrated my site to BlueFur and I’ll tell you why in a second.
The hackers attacked both my blog and my freelance writing site, planting a whole series of hidden links to porn sites and porn-related sites. Hidden links are an obvious no-no in Google’s books. For the blog, these appeared in the footer as links using white font, blending in with the white background. I deleted those when Matt brought them to my attention. And then yesterday, I discovered that a bunch of hidden links were placed on MichaelKwan.com too. The difference is that they were placed within a division (between <div> tags) that were way off the screen (negative numbers).
What made matters strange is that all of these most recent hidden links were to pages on a museum directory site. I told Matt about these and he said that the hackers likely got to them too and set up a series of redirects. Upon further inspection, the museum directory site is hosted by Dreamhost, the hosting company that had previously hosted my blog too. What this could mean is that the hacker got into the root FTP or something, gaining access to everyone on that server.
I haven’t really touched my freelance writing site since moving to BlueFur, so it means that the site has been carrying that code this whole time. Having removed all these links from both the blog and the main site, I wonder if the next Google PageRank update will bring good news to me. Whatever the case, I recommend that you all have a careful look through your sites for any strange code or hidden links, because you could be the victim of an attack without even knowing it.
Filed under Technology.
I never have understood hackers, all that talent wasted on lame activities, preying on others.
Try doing this, it’ll probably help:
http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=35843
Done! Let’s see if it works.
Text Link Ads probably helped the PR0, not to mention Pay Per Post (I think almost everyone who have used it got a lower PR)…
It’s realy bad. At least you figured it out. We should all check our codes.
I made a post about this in early December after finding out that hackers were doing this:
http://www.jonlee.ca/a-sneaky-hacker-tactic/
It’s sad really that they have to resort to this kind of stuff.
What did the code look like? How did you find it? I presume we could see the code easily in HTML view or source code right?
Kenneth
Yeah, I found it via “view source”. The links just looked like the usual <a href=”http://www.example.com”>anchor text</a>.
[...] Michael Kwan’s blog was recently hacked by a clever hacker who managed to hide his visit neatly. Michael will tell you all about the story at his blog. This event plus a couple of other events has got me thinking about blog security . I’ll be doing a fuller post on my own experiences, ideas and suggestions. [...]
[...] Kwan at Beyond the Rhetoric wrote an interesting blog on the first of February. Page Rank: How Malicious Code Gave me a PR0 shed an interesting light on the world of Google and hackers. Apparently someone had inserted some [...]
[...] expert in the area of Internet marketing, but that didn’t make him immune from the PageRank smackdown a short while back. After some adjustments, Courtney was able to get a PageRank refund from Google, [...]
Lower, but not zero.
Maybe I was lucky to slide under the radar but I have a blog that has used both PPP and TLA yet did not receive a lower PR – although another site I have did that has used both did go lower.