April Fool’s Day 2007

No, my blog was not hacked — it was April Fool’s Day!

I wanted something that would top last year when I switched jobs with Jeremy Zawodny at Yahoo. A fake hacking had several advantages:
– It was quick and easy to do.
– I didn’t have to coordinate with anybody in advance.
– It was believable. The Museum of Hoaxes has a list of the top 100 April Fool’s Day hoaxes of all time, and reading through that list, I realized that a prank needs to be believable.

I honestly thought no one would be fooled for long. The French phrase “nous sommes le proprietaire de toi” was deliberately wrong. And I made the SEO shout-outs outlandish enough to tip people off that it was a joke. I even put a hint in my comments:
<!– PR9 since 99. MaDD LoVe to e&o. Peace out. –>
“e&o” would of course be my two lovely cats, Emmy and Oz.

Also, it was, you know, April Fool’s. But a surprising number of people believed it. By the way, I really appreciate all the people who wrote and said “This might be a joke, but just in case, I wanted to let you know…” It’s good to know that so many people will drop me a line if they see issues with the site. πŸ™‚

How did I pull off the prank? Well, the credit for the hacked page (and the inspiration) goes to my wife. She rocks. We looked at some Google image search results for [hacked site] and then she just whipped up a great page. Then I did a post or two to lay the groundwork to convince people that the site was acting weird. Having my site get “hacked” was believable, but in practice the latest version of WordPress has been very secure in my experience.

I did take a little care with my .htaccess file:

RedirectMatch 302 ^/$ /blog/index.html
RedirectMatch 302 ^/blog/[^i].+$ /blog/index.html

That makes any page except one starting with an “i” do a 302 redirect to the “hacked” index.html page. The 302 tells search engines that things are temporary and to try back later, so I shouldn’t see any long-term drops in my indexed pages. The directive to redirect everything except stuff starting with “i” is a little sloppy, but it let me redirect all my urls to the index.html page. That way, I could swap /blog/ and /hackedblog/ directories really easily.

As always, if you run a website, it’s a good idea to make backups. That’s a good April Fool’s reminder for us all. πŸ™‚

117 Responses to April Fool’s Day 2007 (Leave a comment)

  1. yes, the index.php was not affected πŸ˜€

  2. Is hacking okay then?

  3. Matt

    “it was April Fool’s Day!”

    So you don’t need to file a reinclusion request. And you do like SEO, right πŸ™‚

  4. the whole thing is about as funny as cancer

  5. good shot matt.i was confident that no one can hack your blog so easily.

  6. I’ve never seen the SEO community in such a hizzy. Awesome. Looking forward to next year!

  7. I guess I have to start making backups on April Fool’s Day like I change the batteries on Spring forward/Fall back. You’re lucky it was raining all day Sunday. πŸ˜‰

  8. oh, you’re evil matt http://www.darkseoteam.com/ was defaced too

  9. And why Dark SEO Team ?
    Did you warn them before ? Were you partners for this joke !?

  10. I’m guessing it wasn’t you who hacked the Dark SEO Team website then?

  11. Harith, I do like SEO. Caraie, they were just being good sports; I was never in contact with them.

  12. That was great, I had no doubt.

  13. Was fooled here too.

    Got to admit, I personally find faking a hacked site a little in poor taste, especially when so many webmasters have faced the same for real at some point.

    Still, what could be really interesting is to see whether you lost traffic due to the redirects, and if so, how quickly it recovers.

    2c.

  14. Matt

    Btw, I see DaveN very upset. Maybe you need to hurry and give him a hug, Matt πŸ™‚

  15. Matt, I was caught out.
    Then saw the urchin tracker.
    I also noticed that mattcutts.com was not hacked. Thought that was a bit strange.

    Good one. grr

    Sean

  16. Cutts, you are a FINK! πŸ˜€ You had me and many over at the google webmaster forums fooled..

    http://www.utheguru.com/matt-cutts-blog-has-been-hacked/

    I loved Softplus’s comment that he was peeved he couldn’t find any good stuff about Bacon Polenta anymore..

    http://groups.google.com/group/Google_Webmaster_Help-Indexing/t/c2d1ef64478bf95e

    But great work just the same – I think owing to the fact that I’m in Australia, and by virtue of the rotation of the earth, we’re always quicker of the mark than you Americans :). Oh the traffic I got for the first few hours from technorati…

    And what’s all this stuff about TiSP πŸ˜›

    Doc

  17. I think next year you should post about a career change and put up YPN ads πŸ™‚

  18. I knew it. There is a big discussion on DigitalPoint with over 220 posts about this. Its a good read, take a look πŸ˜‰

    http://forums.digitalpoint.com/showthread.php?t=284783

    You had a lot of people fooled πŸ˜€

  19. Man, you really had many of us fooled at digitalpoint forums. We had a poll running on whether or not your site was hacked. Very good stuff! Also, there is debate about whether or not this was a an incidental way to build hype for you blog, not that it needs any.

  20. I think Dave has a point. WordPress restores are hell. I was scrambling because I’ve been through it before and it’s time-consuming.

  21. Man I totally fell for it. I even emailed all of my friends in Utter Shock on saturday night/Sunday Morning.

    So did darkseoteam.com change their page to play along? Were you in with them? Do tell us the details please!

  22. Pretty poor taste really. A lot of people performing rollbacks and it’s nice to see you have such sympatch for people that get hacked for ‘real’ that you feel you can joke about it.

    Maybe I’m just didgruntled as I had to put up with a site having Google malware warnings after someone hacked it.

  23. Sourpusses, the lot of them. {sigh}

  24. At first I thought it was true… then I figured…. anybody with enough savvy to hack your blog probably is smart enough to know that their sites might get toasted!

    But for next year, I really like Jenstar’s idea of slapping YPN ads on the site and blogging about career change.

  25. Hey Matt, remember that April Fools only last til 12PM on 1st April. After this time, the joke is on you.

    Your site was still ‘hacked’ at 10AM UK time…..so I guess you overshot this one a bit.

  26. Harith, I already send a shout-out to “davenator” on the hacked page so I think he knew it was a gag; my guess is that he’s posting on TW to have a little fun with it.

    SΓ©an, the funny thing is that I left the urchin code off all day. When I saw it was on the front page of digg last night, I said “Well, I’ll add the analytics tracking code so that I can look at the stats later.”

    Jenstar, YPN ads would have been a good one. πŸ™‚

  27. …err….I should add: 10AM on 2nd April πŸ™‚

  28. Andrew, I was going to revert it last night and then I saw it was on the front page of digg, so I figured I’d let the digg-storm abate before I mucked around with changing things. I got up early Pacific time to switch it back.

  29. Oh, and how do we know this is really Matt? They have captured his site and have stolen his identity!!

  30. How about sharing the traffic stats with us? πŸ˜€

  31. I feel what you did was not cool at all, been a google employee and using hack as a prank, gives the next generation of webmasters the wrong vibes and making hacking as one of their daily habits. But since google does not own your sites, but instead of coming up with a constructive prank for april fools day you ended up choosing the destructive route. Hope your destructive feels do go hand in hand when you work for google.

  32. Pure brilliance! This is the first April Fool that has actually tricked me for years. Yesterday, I was probably 80% sure it was hacked for real… πŸ˜€ I just figured that they’d somehow hacked WordPress which meant they couldn’t change mattcutts.com too. I can’t believe I missed the clues and Google Analytics tracking code!

    Well done, Matt!

  33. If you don’t use WordPress, you should not have been fooled. When I saw the “hack”, I saw the root was up and went straight to Google Reader, saw Matt’s last 2 posts, went to WP to backup all DBs & to FTP to d/l all sites. Turns out I had just upgraded most of my blogs too. No time for detective work.

    It WAS a great one because knowing WordPress, there was no way (that I knew of) to prove/disprove anything until Matt spoke. I’m not personally sourpussed, just surprised at the cohunas!

  34. If you didn’t lay the groundwork with WordPress, I wouldn’t have been all over it. πŸ™‚

    You’re right that being believable is critical – I didn’t even read the rest of the page! I left it up with an updated comment – you should link to my link…make my link to you more powerful with the splogs…

  35. nice work, seen several threads at DP of kids thinking you where hacked..lmao

    nice job Matt

    -Bs

  36. gezz..it really surprised the hell out of me

    been frantically making calls to friends about this…

    Anyway, totally agree on your about the latest wordpress.. it’s pretty robust in terms of security IMHO

  37. I didn’t see it – but personally I think its a bad idea. You said:

    “It’s good to know that so many people will drop me a line if they see issues with the site.”

    I wonder how many people next time will drop you an email that quickly when your site gets ‘hacked’? If you abuse people’s trust in you, why should they trust you in the future?

    There is a popular “Fool me once, shame on you. Fool me twice, shame on me.” You’ve fooled everyone once – might be an idea not to fool them again.

  38. If the redirect code would have been a 301 instead of a 302 I might would have bought it. Well played. Not as good as TISP though… πŸ˜‰

  39. You could have even said it was a joke on the page and there would have been a percentage that would still wonder if it was really hacked, however if you would have nofollowed the link, 99.999% would have known it was you immediately!

    Congrats on the well played joke.

  40. Hello Matt,

    It was a very nice idea to setup something like that. I initially did not think that it was a prank but since it coincided with April Fool’s Day, I thought it could be your idea.
    And yes, handling WP upgrades is a time consuming task if not confusing.

  41. With the RSS feed not loading (not surprisingly since the content was HTML) a good portion of your reader’s probably missed the prank … but then delivering a valid RSS feed from a hacked site wouldn’t have been too credible either.

  42. Matt,

    I’ll admit it, you got me! I even wrote about it in my blog. Now I feel dumb, but i won’t remove the post! πŸ™‚

  43. I’ve thought of something that could be fun for next year.. oh.. how to get the idea to you without blowing it.. check your error logs, 404, http_referrer something.something.112.95…

    Cheers,

    M

  44. Posted above about some discussions on google webmaster forums – does anyone know If Matt’s blog auto-mods posts with more than one url?

    M

  45. Have to say Matt, the only reason you got me was because of the twittering. That extra step was very nice!

  46. Tom, I could post a picture of Emmy with today’s newspaper? πŸ™‚

    Brandon, someone pointed me to the DP thread; it was hard not to post in there. I was most impressed with the people who noticed that it was a 302 and rightfully concluded that it was a hack because of that. Nice use of SEO intuition. πŸ™‚

  47. Got a big laugh, keep them coming.

    The postings were all around blogs, like it was real. Let us know when the little green men come take you away to run their search engine next april 1.

    Cheers

  48. Thanks for the explanation of “e&o” Matt πŸ™‚
    But, can you explain who really are “lejackalgris”, “Romanian Brothers” and all the people you congrats? Or it they never existed?

  49. Dang! All weekend there was some error message for my RSS and so I never got any posts and missed the whole april fools day. I still remember last year seeing the aliens BBQ in area 51!

  50. Well.. I got the news early morning today in this part of the world (India +5:30).. The first reaction was that of surprise… Then the content of the website hacking was fishy (though I didn’t decode it the way u explained).. and Google’s pranks were fresh from last night.I showed my suspicion on my blog immediately on my blog…
    My boss didn’t want to believe me that it was a April firsts Special from the Google’s most “vocal” Engineer. He believed that you would try and pretend and pass off this hacking attempt as April fool’s joke…. Looks like ur joke worked and fooled a lot of us…
    Proven: You are Cut(ts) above the rest πŸ™‚

  51. oh man, i actually believed it was hacked!! i got april fooled. πŸ™‚

  52. I thought the credit to U(r|d)(s|i) was possibly a cryptic message in unix pipe form.. if it is, indeed, maybe Matt can debaffle me.

    M

  53. I’m sure that fooled a lot of people!

  54. Nice job Matt. I think it was real hack ;p

  55. I think it is funny that people didn’t take the time to actually read the page but rushed to blog it and get credit for saying “Matt Cutts got hacked” first. This proves more now than ever that we all need to get lives and stop paying so much attention to all that is “Google”.

    I was not fooled, was too tired to blog so I spent time trying to figure out who all the people listed on the hacker page were.

    Can you make a list Matt? There are two or three I couldn’t figure out.

    Thanks,

    *Goes back to trying to get a life*

    Aaron

  56. Hi Matt,

    I must say that it is a good joke. Personally, I wasn’t really sure whether or not it was an April Fool’s stunt for about 10 minutes.
    The thing that made me wonder if it was real was that you blamed WP. That’s pretty bad press for them….
    Anyway, it was really funny to see everybody get their knickers in a twist the whole day πŸ™‚

  57. TOMHTML, Shoemoney is running a contest for people to guess. I’ll let that finish first so it doesn’t kill that fun:
    http://www.shoemoney.com/2007/04/01/matt-cutts-hacker-shout-out-contest/

    Dockarl, a few shout-outs are inside jokes that Googlers will understand, so I won’t explain every shout-out. πŸ™‚

    Aaron Pratt, I’ll try to list the shoutout to SEO list in a day or so.

  58. Matt you did forget to remove your adsense :). Look at WMW thread, we were discussing the issue and when I found some time out from my new search engine I just checked the source.

  59. >> Matt you did forget to remove your adsense πŸ™‚
    oops, I meant analytics code

  60. WOW,

    I totally fell for it … I actually forgot yesterday was April Fools Day until I Saw the Google Free Wireless On the Google Homepage yesterday after i saw your site … thats nuts … I even sent you an email about it … man you got me good! Gotta blog that as one of the April Fools that got me!

    Darin

  61. So something believable…I guess your saying the DARK SEO TEAM is smart enough to hack your page..

  62. Well I fell for it since I visited your site the day after April Fools day!

    When I was a kid you became the fool if you did tricks after mid day πŸ™‚

    Anyway, made a blog post about it with screenshots of both pages at http://www.seo-consultant-services.co.uk/blackhat-seo-consultants.html since I did honestly believe it was hacked. Anyone who missed the joke can see the screenshots and text used. Particularly liked what Dark SEO Team had on their page-

    All your backlinks are belong to us !

    Very funny.

    David

  63. Thanks Matt!

    Shoemoney’s blog reminds me of a junky slot machine where you keep trying to win the big prize but get only loose change.

    ;-(

  64. You know it’s a successful April Fools joke when you not only fool some people, you tick them off as well.

  65. Matt, You need french lessons. The bad french was dead give away OOh La La!!!

  66. Hi,
    Since yesterday my website is PR11…
    πŸ˜‰
    AHOHNM

  67. Hilarious… and I’ve just backed up my SQL databases as I’m sure have 10’000s of webmasters, which can’t be a bad thing. I can’t help feeling you’ve set yourself up more than ever as a prime target for hackers. Good luck! πŸ˜‰

  68. Matt,

    Is your robots.txt part of the joke ?

    User-agent: *
    Allow:

    Doesn’t this mean “allow no URL” (at least, to the bots able to understand the “Allow:” directive) ?

    Jean-Luc

  69. *bollocks*
    what a bad taste joke ! :rolleyes: πŸ™
    In countries like Spain April Fool’s Day is on december 28…
    I was still genuinelly worried about your site… πŸ™

    what a shame It’s just not serious ….

    πŸ˜›

  70. I wasn’t done deciphering all your “encrypted” names.

    I just got a few like Greg B., Todd F. Dax, DaveN, and a few more. Who were the others? I had trouble with your encryption technology. πŸ™‚

    http://news.seoreligion.com/matt-cutts-blog-hacked.html

  71. Good one. Took me about 10 seconds to figure it out. Your shout outs and the date made it easy. Still, 10 seconds is good.

  72. Fionn, I was trying to make the French so bad that people would *know* it was a joke. πŸ™‚

    Jean-Luc, that robots.txt doesn’t hurt; it says that any robot is allowed to fetch urls.

    Benj, I’m going to give people a day or so to guess before I reveal who everyone was. πŸ™‚

  73. Actually, it was the bad French that made me think this could be real πŸ™‚

  74. Ok Matt, I see it was a joke.
    But why did you mention about Romanian Brothers ? I’m from Romania and I think it was a bad joke.Why don’t you mention about other nations? Why us?

  75. Well done.

    I couldn’t believe how many people didn’t get that it was a joke. It kinda makes me wish I had though of something to do this year too…

  76. Yeah I actually already thought of someone who could have done this. Who is the same person I suspected for the unmaintained SEORockstars Blog when it was hacked.
    http://www.oilman.ca/random/seorockstars-hacked/

    And the same person that I suspected hacking the SEO Philippines Forum on http://forums.seo.ph

    But after reading some comments on Digg, and saw all these names that all seemed to look like an prominent SEO person, I knew it was a joke from there.

    I guess most of my life was outside the US, and I lived in another country where April Fool’s day is not a celebrated day. And I guess the same goes with many people on DP, since I know a lot of people on there from other countries. Maybe they have no April Fool’s day too. πŸ™‚

  77. Hey Matt

    You missed this one – caused quite a stir yesterday and quadrupled my traffic!

    http://www.vinnylingham.com/2007/04/google-to-drop-cpc-and-revert-to-cpm.html

    I had so many private emails and comments that I had to post this morning that it was a hoax! I couldn’t believe that some people had already phoned their clients to tell them!

    Luckily this is just once a year! πŸ™‚

    Vinny

  78. You got me on that one. You had me going for a while until I took a closer look at the hacker “Shout Outs”.

    I have a question about the 302 redirect you used…

    “The 302 tells search engines that things are temporary and to try back later, so I shouldn’t see any long-term drops in my indexed pages.”

    My assumption from this statement is… Google won’t “try back later” forever and ever. (Is this correct?)

    Thanks!

  79. How about sharing a pie chart with us on the mad viral marketing you got yesterday?

  80. You had me fooled at the start.

    I knew it was a joke when the darseoteam page showed it was defaced. (You should of left this out IMO)

    Be intresting to see how many backlinks you get from this. It was a great link baiting excercise/prank.

  81. I like how the “hacker” used analytics

  82. Doing the WordPress upgrade right before was brilliant!

  83. It was good but it didn’t fool me. I wrote on DigiPoint it was linkbait.

    After reading your blog article on linkbait just recently, i thought hmm wouldn’t this make a linkbait. Would be interesting to see the IBL and hits because of this one.

    I say it was well done πŸ™‚

  84. I am French, so I knew the French was weird, I blogged about it.

  85. I blogged about it too and I was sure your blog had been hacked.

  86. Did not believe it for a second.
    πŸ™‚

    Although a more comical approach would be to link it to the evil site:
    http://evilmattcutts.com/

  87. You had me fooled for about 30seconds then I saw the date, Sorry Matt you are known for your practical jokes.

    Don’t know why everyone is spitting about it. I have seen hacked sites and still think yours was a funny as. Just because you work for google doesn’t mean you have to lose your sense of humour?

    1 little problem though you got a major job for next year to beat this one. You might have to start thinking now.

  88. Can a Hacking or Drastic change Affect a Popular Site’s Rankings?

    Perhaps it depends on the TrustRank of the Webpage or that Backlink Anchor text is now extremely valuable as a safeguard

    Here is an analysis:

    http://blog.outer-court.com/forum/90911.html

  89. Lol! What a joke matt, I was totally fooled. The story was covered in every seo website, and you really had everyone going.

  90. thats great , i was almost going to call u to say that your site is hacked!! but didnt have the number though

  91. that was a nice prank ^_^
    I had second thought that it was for real…
    ^_^

  92. Matt,
    I was surprise to see that rubbish page. I unable to believe that becz, http://www.mattcutts.com is ok. But anyhow have a great fun.

  93. Well Matt, thanks to your earlier posts where you blogged about upgrading to WP 2.1X from 2.0.X and then you got “hacked”, a lot of us including myself believed that there might be a 0day in WP. There was a lot of rolling back in my blog as well as a number of blogs I work with. Lots of issues and time , but we felt it was needed.

    Remember Matt, with great power comes great responsibility. I don’t think you acted very responsibly. A very very good April 1st joke. You definitely had us fooled and really “fooled”

  94. Hi Matt, it was really a nice idea to have your own site hacked and make the world a fool. After reading your last post (site acting weird) I was sure that you are going to play something different this April. And when I heard about your site getting hacked I laughed loudly, Matcutts is successful with his idea. πŸ™‚

  95. Instead of using the [^i] to stop it looping, you could’ve used a ‘negative look ahead’ pattern, which is a lot more specific:

    RedirectMatch 302 ^/$ /blog/index.html
    RedirectMatch 302 ^/blog/(?!index.html).*$ /blog/index.html

    It’s very handy when using mod_rewrite to, say, redirect everything in a folder to a PHP script in that same folder (e.g. /files/foo.png to /files/index.php?file=foo.png).

  96. wow… I feel a bit silly, I actually took a screen (maybe I’ll have to post it somewhere down the line). I even pointed it out to my girl, saying,”Lookit, somebody hath played a great eeeevil prank on the mighty Cutts!!!” … it didnt hit me ’til I called another fellow Google nut and he asked me, “You don’t think its a April Fools prank from Matt?” … sadly I hadn’t even thought of it….
    D’OH!!!! … nice one….

  97. Same hacker got us last year, he must be hitting 1 site every year. πŸ˜‰

    http://www.google.com/search?q=digital+point+hacked

    Did some cookie trickery last year so people would only see it once. Was kind of funny just telling people, “I dunno… I don’t see it. Do you still see it?” all day. πŸ™‚

    http://forums.digitalpoint.com/hacked.html

  98. Well done Matt! Good prank!

  99. Well, you had me going – mainly because April Fool’s Day was long over where I am. (Though I did think it was odd that the hacker was also called Matt…) Can we not have some kind of international synchronization in when AFD begins and ends?

  100. Hi Matt

    There were as many as six people who either had their sites as hacked or said it was permanently shut down.. Frankly, i didn’t fell for any of them. Even if someone mailed me and said, “Did you know, blahblah . com has been hacked/shut down”, i just replied back…”Happ Day You Fool, It’s April first. :p

    But frankly, yes you had me doubtful. Till the end of this prank, i wasn’t sure. I always had in mind like “Matt has a good prank on April 1…and then after two mins i thought again…is it really a prank or is it really hacked?

    Lol….the link in the bottom to the hacking team was all which did the real trick! πŸ˜‰

    So that prank was really cool. Yes, we would remember it for years to come.
    But next time…..i won’t fall for it

  101. Next year, April Fools, I am staying OFF the internet, you people are MAD!! πŸ˜€

  102. Excellent. Although not 100% the more coverage it got the more believable it became. Didn’t fall for the Google home page AF – yours was better!

  103. That was priceless πŸ™‚

  104. I just want to say that I successfully installed TiSP in my home. Google was really nice to include a custom browser that came in the download package, with Matt Cuts blog set as the default homepage.

    I must say when Matt Cutt’s blog was “hacked” my initial reaction was “A solid kick to the nuts he must be in severe pain”. Then after realizing it was just a joke the next day I, like everyone else was happy to see his balls weren’t harmed during this attack and his site is pristine as ever.

    For those who are unaware that April 1st is “prank day” you should expect this. If the site doesn’t come back in a week…then maybe being worried is valid.. next year pay close attention to the date…

  105. Question…when you do the 302, why does the cached version in Google either not work or give you file not found for a few days?

    Your search – cache:FssCjuOfo7QJ:www.mattcutts.com/blog/ mattcutts – did not match any documents.

    When we do a site update, we 302 all visitors to a generic site maintenance page. It only happens once a month, early in the morning, but amazingly the next day our cache is of the 302 page and the site description is of the 302 page.

  106. Good Joke.

  107. Matt, now you have raised our expectations for the next year’s prank… The pressure is on you now to equal or surpass this hoax next year.

  108. hahah everyone knows but everyone forgets every year πŸ™‚

  109. crap i really thought you got hack i should have readdd.

    Opps I failed the answer to ur spam protection question 3+9 =11 LOL

  110. On April 2, I saw the the news about Matt’s blog was being hacked from someone’s SEO blog. It was everywhere. That suprise sthe whole SEO communities. Glad that you are not really hacked (also glad that you have the sense of humor). I was thinking that if Matt’s site can be that easy to be hacked, then Google itself can be in danger also. Now the feeling of security has come back.

  111. Honestly, it was a dumb April’s Fools joke…

  112. @ Michael

    Its not a Good Joke. V7N got hacked yesterday and today another friend reported hacking.
    When its just talking –it looks Joke –but when it really happens its not a Joke .

  113. Good to see your back.
    I must say a very good joke you played!

  114. You joker!
    But I must ask. If this did really happen to someone what could they do?
    How could they avoid it?

  115. Hey Matt!
    Did darkseo team charge you for this?
    Im thinking about it myself for next April.

  116. [The French phrase β€œnous sommes le proprietaire de toi” was deliberately wrong.]
    Yes, in reality the correct expression is: “Nous sommes tes propriΓ©taires”, even if it’s used few times only (in Italy and France we represent a company as a sigle entity).

  117. I’ve never seen the SEO community in such a hizzy ;D

css.php