Site hacked. Malicious code destroys rankings.

Written by: Tony Korologos | Friday, December 1st, 2006
Categories: Site News

I’ve been busting my ass on this blog for almost two years now. I’ve put hundreds and hundreds of hours into the design and content of this golf blog. HOG has been growing fast over the last 1.5 years, and has moved up to the very top of Google’s search engine results for many keywords or phrases (golf blog, Taylormade TP, Natalie Gulbis, Tiger Woods, Nike Sumo etc). I’ve had to upgrade hosting due to the massive bandwidth of all the traffic and images HOG has. Hooked On Golf Blog has been in the top 2-3 golf blogs for a long time and has had #1 placement at the top of Google’s results for many golf related subjects… until this week.

I noticed a couple of weeks back my poll text was messed up. I assumed (never a good idea) that a file on my server had gotten corrupted and spent a tiny amount of time trying to figure it out. I then started noticing that my traffic over the last weeks had been dropping considerably. In fact, my Google related referrals and traffic dropped 94%. Searches which used to give me tons of traffic disappeared completely and HOG now can’t even be found in the top several pages of Google’s search results.

What happened?

I was starting to sweat bullets today when I saw that my traffic had dwindled down to a mere 10% of what it was two weeks ago. Sometimes Google re-indexes it’s search results so I hoped that was the case and that HOG would jump back up. No such luck.

I brought these happenings to the attention of HOG’s best pal EatGolf. Eat poked around the web to see if this had been happening to anyone else but to no avail. He then took a look into HOG’s code and found about 10 lines of code that didn’t look right. He sent the code to me and I didn’t recognize it at all. It was a javascript code of some sort which ran in the background of the site and sent engines away from HOG and to a freaking spam site which was selling erectile dysfunction drugs.

My guess is that once Google indexed HOG with this malicious code leading to a spam site, it had no choice but to remove HOG’s search results. Obviously Google can’t be a reputable search engine if the results are spam. As far as I can tell this malicious code has been resident here for 2-3 weeks. You can look at a graph of HOG’s traffic and it’s been steadily dropping for that period of time, after a huge peak around November 2nd.

I’ve now removed the code and implemented a few security measures to hopefully prevent these jerks from doing it again. I hope that the damage done is reversed quickly as the bots re-index the site in the next little while. I don’t know if the damage for those keywords and search results is permanent. I don’t know how long it will take for the traffic and site’s rankings to return to where it was before.

Thanks to Eat

Many, many thanks to my pal Eat for finding this code. Eat may be responsible for preventing the complete destruction of this site’s web rankings… I hope.

Check your code now

For those of you who have golf blogs or sites of your own, I recommend you take a look RIGHT NOW at your code. I had no idea this code was there and it was like a fast growing cancer.

UPDATE

Here is a pic attached of the code:
code


8 responses to “Site hacked. Malicious code destroys rankings.”

  1. Cal says:

    So what code are we looking for?

  2. I won’t post the code here as it will do two bad things:

    1. It will show other hackers what they can do.
    2. It will post the damn code to the bots again!

    Look for code that doesn’t belong and outgoing links to sites.

  3. BogeyMan says:

    can you email us the code to look for?

  4. Tell you what… I’ll take a screen capture of it and post it as an image. That way the bots won’t see it.

  5. kiwi says:

    bastards, that all i can say about it

  6. bedford_golf says:

    Sorry to hear that . . . did you say you noticed after you switched hosts? Did you notify them? how did they inject the code? Was it in a serverside script? SQL injection?

  7. Cal says:

    “I’ll take a screen capture of it and post it as an image. That way the bots won’t see it.”

    Cheers for that.

    Now let’s hope you get your ranking back soon!

  8. No I didn’t say it was after I changed hosts. I said that my bandwidth was so heavy because of all the traffic here I had to upgrade (with the same host).

    Not an sql injection, thankfully. But I have a zillion sql backups so I wouldn’t be down too long if it was. I don’t know how they got to it but it was a php file with script they’d added.


LATEST POSTS








LATEST REVIEWS







Facebook

1,800+ FOLLOWERS


HOG Twitter

4,000+ FOLLOWERS


TK Twitter

5,000+ FOLLOWERS


Instagram

500+ FOLLOWERS


YouTube

5,500,000+ VIEWS


Google+

400+ FOLLOWERS