Dead Traffic – This Site Hacked – How Often Do You Review Your Live Source Code?

Before I dive into this I want to give a public thanks to Cash Volume for pointing out the fact my site had been hacked.

A couple of weeks ago I noticed the traffic coming to this site phased out. I know I have not been the most active blogger but I did not think that was an excuse for the organic traffic to just die out.

A few months ago I had upgraded Wordpress to its most recent version. When I recently noticed the volume drop in traffic I thought that perhaps there were some coding errors with an incompatible plug-in as result from the upgrade.

When upgrading the site I did not really spend much time doing any quality control. I’ve been so busy working on other websites that actually pay the bills.

After quickly running down the list of plug-ins, I found the Cloud Tagging plug-in had failed. This failure had thus set into motion 1,000’s of unique urls that all pulled the content from my index page. Thus I now had 1,000’s of duplicate pages.

The 1,000’s of pages were a result of the keywords that were tagged in my blog posts that had their own unique URL. When this was working, the number of pages Google indexed was in the 1,000’s not 100’s which represent the true number of blog posts.

Because this site is just something to pass the time I did not want to spend hours upon hour’s hand editing all my blog posts with new tags. So I wrote a disallow function in the robots.txt file to prohibit the spiders from crawling any subdirectory that started with /tag/.

I then went into the Google Webmaster Console and asked them to remove all pages from their index that had /tag/. This seemed like the easiest thing for me to do.

Then something interesting occurred last week that completely took me by surprise.

I got an email via MyBlogLog user, Cash Volume. He had pointed out the fact many of my Adsense ads were displaying content that was not even relevant to this blog. They were displaying pharmaceutical ads.

He was kind enough to show me the ads in an image and then he went on to tell me that he peeked at my source code and there were dozens of hidden pharmaceutical links on all my pages.

After getting his emails I jumped into my WordPress theme and searched through all the code for this blogs theme. For the life of me I could not find anything.

I then found my way to the Wordpress core files and upon review I noticed that there were two files whose modified dates stood out from the rest. The files had been encrypted with some hash or something and I could only guess if those were the culprits. I had no idea.

At that point I just got fed up with the whole thing and quickly made a back up of some core files and directories and then deleted the entire site off of the server.

Once I had a clean directory I did a fresh install of WordPress and uploaded the files need to get this blog looking the same. I doubled check to see if that removed the spam links and it appears to have worked.

I hardly review live source code on my sites unless I am debugging a change made. I suppose this is something we should do on a regular basis.

As for why the traffic died I do not know for sure if it was hidden spam links or the mass duplicate content. Whatever it was, the new entries I had posted this past week have ranked very well in the SERPs for their respective keywords in quick time. This leads me to believe whatever penalty was placed on this domain has now been removed.

This entry was posted on Saturday, January 19th, 2008 at 1:39 pm and is filed under SEO / Internet, Shandy Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.