Quick comment for pixelrn

I tried to leave a comment on pixelrn.com but the problem with talking about hacked sites is that you often end up using language that gets flagged as spammy. Here’s what I tried to say but the WordPress installation over on pixelrn wouldn’t let me:

Hi Beth, I checked and it doesn’t look like you have any spam-related penalties or anything like that. For a long time, something seemed wonky on your WordPress where if you view the site showed “<title>Nurse + Blog = PixelRN</title>” as the title instead of the name of the post. In fact, a search like http://www.google.com/search?hl=en&rlz=1C1GGLD_en&q=site:pixelrn.com&start=170&sa=N shows some really weird title and snippet behavior.

Ah, this appears to be a problem too. Check out view-source on and you can see that your site was hacked. View the source and see stuff like <a href=”http://oregonstate .edu/~silvat/wordpress/index.php?list=524″ title=”Byetta – Exenatide Injection”>Byetta – Exenatide Injection</a> at the bottom. So your site definitely appeared to be hacked, which caused Google to probably not rank your site highly.

We’ll keep thinking about ways to alert more sites that may have been hacked. The most recent blog post on the official Google webmaster blog gives some tips on self-diagnosing a hacked site, and the webmaster help discussion group might have been useful as well. Hope that helps!

27 Responses to Quick comment for pixelrn (Leave a comment)

  1. But Matt, wouldn’t that comment be considered spam anywhere else? For the links in there, I think it might get in to the spam queue automatically.

    I think everyone should add Matt’s email to the “safe” list here on. 🙂

  2. Policies and rules can sometime go the wrong way. Great that’s addressed at your blog. I am sure the issue will not have to be addressed.

  3. Policies and rules can sometime go the wrong way. Great that’s addressed at your blog. I am sure the issue will *now have to be addressed.

  4. hi, thanks for identifying this.
    it’s a pity when the baby gets thrown out with the bath water. here’s hoping more and more advanced blogs and algorithms will help catch the bad guys out while leaving readers happy to post — and improve the internet.

    *edit* a funny postscript – your post protection just told me 1 + 2 wasn’t equal to 3!!

  5. Dave (original)

    We’ll keep thinking about ways to alert more sites that may have been hacked

    Wouldn’t they know?

  6. We use my Google Alerts solution to pick up hacks. So far it’s spotted 100% of hacks on sites we monitor.

  7. Hey Matt,

    There may be a way to automate this process from a WP point of view. This is all theoretical, but it could work…and it wouldn’t need a Google account or WMT or anything like that.

    1) Create a section along the lines of http://www.google.com/wordpress-hacked-sites , where a user could login (using a login/password combo randomly assigned by big G) whenever they’re hacked.

    2) Automatically post a comment to the most recent post on a hacked blog indicating the hack, as well as the login/password combination where they can see more info on the hack and how to fix the problem.

    As long as the comment remains unapproved yet gets past any major spam filters such as Akismet, and I’m sure you guys could work with WordPress to ensure that doesn’t happen, then that’s it, that’s all.

    Again, that’s just rough theory at 6:45 in the morning.

  8. Very interesting. Thanks for Google Alert tip. One more threat to handle…

    Jack, http://seoapplied.blogspot.com/

  9. @ Matt, going out of the topic. I would like to know whether thethe phrase “Apple iPhone” be treated the same as “Apple® iPhone®” . This is just a example. Would the SERP contain the special characters like copyright, registered?

  10. Matt,

    The hacking self-exam is useful, but have you been tracking an uptick in scraper webspam getting ranked? Since late summer, several of the most popular pages on my site have lost around 30% of their traffic from Google, and the only symptom I can find is when searching for exact phrases, Google often brings up various scraper sites, with my pages falling into the supplemental results. In some instances, I think the sites are quasi-legitimate, but create static landing pages from Google search results that normal visitors make when visiting the sites.

    Yes, I’ll try reporting specifics through Webmaster Console:-)


  11. I´v been hacked once and lost all my google traffic.

    I removed the hack and got my traffic back in a week.

    what I do now to avoid been hacking:

    1. change my password frequently.
    2. built a script that monitor any changes to my theme or wordpress files. Put the script on a cron job to check every 15 minutes and voila, felt much more secured.

    I believe that is part of the website owner job to work avoiding this kind of problem. I understand that Google should remove hacked or spammy sites from the index. The web is safer this way.

  12. @Everyone:

    I am still not totally hip to all the language, but I have searched online and it appears that a “hack” is many things. What exactly do you mean when using the term hack in the context of the above discussion?

  13. Yes signing up with Google webmaster tools is very good idea.

    One side note, since you have removed link to answers.com, that I used quite often, I have found that default search Answers.com very good fits my needs. If I search for single word I got definition and for multiple keywords I get google web search.

    I do not like your decision to dump Answers.com

  14. Regarding “spam related penalties”. I wrote a “squidoo lens” on armor making and then linked to a commercial website that sells armor in part of the lens. The lens is popular (because it’s well written).

    Would this count as “spam”? Should I have placed the article *on* my commercial website and would that then be better?

    IE: From what i understand syndicating well-written articles elsewhere partially for the purpose of linking back to a commercial site “spam”, whereas syndicating the same articles *on* the commercial site itself is “good”? Am I wrong about this? I hope so.

    (I’m pretty sure my personal blog was “spam penalized” probably when I linked back to the company I work for. I tested a few things, like the jordan lake arts & music festival, and it seems like it was. I’m a little annoyed, but mostly curious about the rules, since I know I’ve done nothing unethical)

  15. Sorry a bit off topic but in response to Zoran:

    In addition to dumping answers.com Google no longer is recommending webmasters submit their site to DMOZ and the Yahoo directory. Instead the guidelines say make sure every one that should know about your site does. It’s very vague and to your average webmaster who does not know anything about search engines it is completely useless. Must people who are experts at something and put up great content are not SEO experts and without giving better instructions for these folks Google’s index is just going to get spammier. Not every one has a friend with PR 7 blog to give them a shout out.

    I understand these directories are owned by other companies and their may be legal issues for removing the guidelines. It’s true too that the “directory industry” that attempts to manipulate the SERPs is thriving. However IMO time and time again I stumble across really cool sites that are simply crushed by the search algorithms, and of course see scrapers and other garbage float to the top.

    How about some tightening up of the filters for all SEO related terms? The techniques that Google prefers could easily be promoted with SERP and keyword suggestion sculpting.

  16. Thanks so much for responding to this, Matt. The upside of all of this is that I’ve learned so much more about using google webmaster tools to monitor my site, and also how to make things more secure from a wordpress perspective.

    These spammers and hackers are truly evil. I always thought that since I have a relatively small site with modest traffic, no one would ever waste their time hacking into it. Boy, was I wrong. I plan on blogging about this situation extensively so I can hopefully prevent this from happening to other bloggers.

  17. Panzer Mike

    Hack in this case is breaking into a system that you do not have legitimet access to.

    We regularly get hacked normaly its the footer of the wordpress where they do this.

  18. Hi Matt,

    Just wanted to say i like your new small icon from domain name..


  19. Nice question Raj, But I think most SERPs can easily distinguish between text and special characters such as ® but without that , I guess It could mean a lot.

  20. “These spammers and hackers are truly evil.”

    I couldn’t agree more, Beth. I think they don’t worry about traffic or how high-profile a blog is–they just try to hack them all. 🙁

    On the somewhat-bright side, if you do blog about your experience, I’ll bet that those articles will be really good resources for other unfortunate people that get hacked too.

  21. should be great to have a grace period when your site get hacked just to fix everything before get removed from google.

  22. From personal experience, of being ‘hacked’ it can sometimes be relatively invistible – a hidden iframe that gets interted into your database, granted all databases should be locked up and code written securely, but in the past I have used a range of forums, newsletter software and more which each have their own security implications …

    Having Google inform you that you have been hacked (and where) would be appreciated, as opposed to just ‘disapearing’ from the listings.

  23. @MattCutts:

    Let me get this straight, if some A hole hacks into my site, Google will remove my site? This means that any competitor could singlehandedly destroy my business and Google will help!!

    That is ridiculous. Can’t Google at least trace back the hacker and destroy him? Can’t Google send a message to webmaster tools telling me I have been hacked, or at least set up a “hack master tools”, for example, so my infant son isn’t forced to starve?

  24. @doc:

    Are you saying that even if a commercial site is a good resource on information, and an educational site links to it, that educational site will be penalized, as in Answers.com?

    That is truly crazy. Doesn’t the internet involve “commerce”? It just looks like G is trying to slowly eliminate any commercial results unless they are all that crappy paid for results like adwords and pay per click, which I would never even look at.

    That is the “commercial spam” that needs to go. IMHO. I mean come on, look at those sites, they have bad content, and don’t even offer anything useful. Good NLS sites typically have news, articles, pics, free forms, files, etc.

    Stop punishing commercial sites, which often provide better info than the wikis, just because they are also a business. Who is making these rules up? Over the last few years, I have seen what appears to be a concerted effort to make it more and more difficult for a business to rank well in NLS.

    At the same time, I have seen spammier and spammier commercial sites dominating paid for spam ads at the very top. Since I am now a Google stockholder, I am going to bring this up at shareholder meetings.

  25. As someone who has been hacked in the past through his blog, there are a few misinterpretations/misconceptions that probably should be cleared up:

    1) Google actually does make attempts to let you know if you have been hacked via Webmaster Tools…assuming, of course, that it can detect said hack.

    2) The hack message itself is usually pretty clear. It lets you know what happened and where they found it.

    So there is a warning system via Webmaster Tools.

    The one thing that I’d partly agree with that has been suggested is a grace period to allow the hacked party to fix the hack, depending on what the hack is. If it’s just a hack for SEO reasons (e.g. what happened to Beth), then just punish the hacker and give the hacked party a warning and time to fix the thing before punishing. If it’s a more insidious hack (e.g. some form of malware), I think all sources, direct or indirect, should be removed. No point having that crap spread.

  26. @Multi-Worded Adam:

    Thanks for clearing that up for me. This is a tough business. The bottom line is, a competitor, with Googles help, can get you banned from the results. This is unfair and only rewards “evil”

  27. Matt, IF Google knows the page/site has been hacked, why do you punish the the victim and NOT the perpetrator?