Hey, you! Yes, you. Do you also have a blog? Wordpress? Self-hosted?
I wrote a little educational story for you. Unfortunately, like all educational stories, it’s not very good. Still, I would like you to read it. And learn from it.
And… yeah, okay, go ahead. Ridicule me. I don’t mind.
As long as you learn from it.
Damn spammers are everywhere
Hackers.
Damn that sucks
You mentioned on BlogAzeroth that you were surprised that people even followed the links from a site with the words “witch doctor” in it. While I’m certain it was said in jest, there’s a perfectly logical explaination for the visits.
.
Since you look at your stats on a regular basis, you probably know all about spiders (Googlebot, Slurpbot, and many more). They’re programs that crawl through various websites and index what they find, right? Pretty simple to understand. Content that has more incoming links gets indexed more frequently and often gets to the top of search engines (Google in particular is famous for this and for how you can take advantage of the system to boost your site’s rankings).
.
Now, along comes a nasty little hacker who may be boosting his own site’s rank or has been paid to make a site more popular. Hell, it might even be a bot that’s doing it! By trolling through sites (perhaps those with the word “doctor” in it, which would also boost rankings of medical-related searches) and then testing their security (whether with the server itself or the CMS running behind the scenes) to find loopholes, he might find himself a backdoor. Once backdoors are found, content can be changed, the appropriate search phrases added, and — most importantly — links to the sites that he’s trying to boost. They’re probably sites all owned by the same group that exist solely to link one another; the more high-trafficked sites with outgoing links to other sites, the higher those sites get ranked. And if you maintain a stable of ten or fifteen high-trafficked sites that link one another, you’ve managed to further boost your site’s rank in search engines.
.
As you noted, the best way of preventing this is to keep everything up to date. Once a platform finds that there is a security issue, they push through with a new version that should be installed — especially since that backdoor is suddenly public knowledge. And for people who rely on Fantastico or some other sort of autoinstaller to get upgrades, I’d recommend doing it yourself; I’ve found that many of them package upgrades months behind release, meaning that while you’re waiting for them to roll out the next upgrade your site could be experiencing a serious security breach!
.
A very valuable lesson, miss WD. Sorry that you had to learn about it this way, but it’s awesome that you’re trying to get the story out to help other people!
Yes, that’s a good point Cynra. That’s actually an added danger right there - as soon as Google finds out that a site is “abusing” their ranking system (by being hacked and linking to content that they shouldn’t be linking to), they may just remove the blog from their search results entirely. Yet another good reason you don’t want to get hacked!