Removal from Google's index mail.... (Important for all Webmasters)

I just received a mail yesterday from

i

After this mail I checked my website and it had a garbage of links...(hidden text) after </HTML> tag....

like this (You can find the spam hidden text in the attachment)

My site was using wordpress (2.4) and I was wondering how come the hidden text would be in my website... and checked my all pages

Atlast the hidden text was found in index.php of main folder in wordpress!

Now I have removed it and it's fine....

So If you are using Wordpress older versions just have an eye on your websites as my index.php was not writable but somehow they managed to modify it (I am checking this also.. how they were able to modify my index.php)


Thanks to Google for pointing out

a) They had taken my mail address from whois data and also they sent mails to ,info@site.com,webmaster@site.com etc., which is sign of a Good Search Engine....

Since my site has adsense they could have informed easily using Adsense Publisher id ....

b)Also they should give specific time to webmasters before deindexing the sites or any pages from the index.

Google Crawler's big flaw:

The site which spammed me is

It has been registered on June12th 2008 and within 10 days It has about 2000+ pages in Google index.....????

 

Wow.. Like you say, it was nice of Google to notify you about this problem..
I guess it may be a wise idea if everybody using older versions of wordpress update to the current version.

I was about to switch from Windows hosting to Linux hosting just so I could try out Wordpress and start my very first blog, But I may hold off for a while and read up as much as I can about it before making the move..

Thanks for the heads up.

Cheers
James

 

What's your blog URL?

 

Its good that they contacted you before actually permanently removing your site from their index.

 

A lot of wordpress themes have been caught doing this. Before I upload a wordpress theme I always check it.

 

I think nice service from google.

 

there have been alot of reports of wordpress being hacked all over the place recently

 

Definitely is a nice service, if only they could actually ban the sites that are indexing using inappropriate means, all those black hat techniques.

 

Now you know how they did it.......duh!

 

Google is too good, they will catch the spamming site very soon and it will vanish from the SERPS.

 

that is correct, and wordpress advise is to update your wordpress to the latest version
look at this posting on techcrunch.com:

"If you are currently not running the latest version of Wordpress then there is a very high chance that your site has already been compromised.

The common results of a successful attack are that a backdoor is installed (meaning the hacker can go back in and enter your blog at a later date), passwords for all users are downloaded, or spam pages are generated. At that point, you are no longer in complete control of your blog, including all the content and anything else in the same database that the Wordpress install has access to.

Hackers are taking advantage of the open-source nature of the software to analyze the source code and test it for potential vulnerabilities. It is then left up to developers and users to detect, track down, and then close off the vulnerabilities in the code that attackers are using. The pattern seems to be that when a new hole is found, it is broadly exploited, then developers rush out a patch and a new release. Thankfully most of the damage inflicted by the automated exploits can be reversed with an upgrade, though in some cases you can be left with thousands of pages and images to clean up (and they are usually well hidden).

For users of Wordpress, backups are essential, as are frequent updates, monitoring your blog usage and tracking the official Wordpress blog and other blogs for news of any new security holes. There are also plenty of guides and applications available that can assist a site owner in further securing their blog.

It is unknown just how many Wordpress blogs are infected (I have seen instances of double infection, where a previously hacked host had been hacked again), but as an indicator, across the ten or more Wordpress blogs that TechCrunch and I have access to, we can see over 100 requests daily for these various security holes. Stories about hacked blogs are becoming more and more and the ongoing concern is that the newest security hole could be found and exploited at any moment."

www.techcrunch.com/2008/06/11/my-blog-was-hacked-is-yours-next-huge-wordpress-security-issues/

 

Great post, Freewebspace. Thanks for alerting all of the importance of upgrading Wordpress whenever prompted.

 

ditto the above

Because of this post I checked and found that 2 out of 5 of my wordpress blogs/sites contained 'invisible' spam text and links. I never would have though of checking if I hadn't seen this post, so many thanks!

 

What do you guys think is the work around to prevent this spam links from happening??

 

first step is to make sure you are using an up to date version of wordpress

 

http://techie-buzz.com/wordpress-plugins/wordpress-automatic-upgrade-plugin.html

Will be a lot of help to you!

I've recently installed it on ALL my blogs to keep them up to date. Just simply takes a click and off we go, the latest version!

 

You could install Wordpress on Windows servers as well.

 

Quietly inserting links into the code is a big blackhat SEO problem at the moment, and it's going to get worse as the year goes.

It's excellent that Google have warned you about this as the last time I heard of this happening they deindexed the site that was affected for 30 days.

 

I just checked an old seo blog on wordpress I haven't looked at for a while - and the first ad showing on adsense is for viagra.

Yep, adsense had read the hidden text someone's inserted right at the end and decided that would be the best ad to show!!

Think I'll go upgrade it now!

 

Thats really a good news.
Atleast they are bothering to inform the webmaster before de-indexing.