We got hacked.
The first suspicious thing happened a couple of weeks ago when we reviewed the list of search terms people had used to find our website and one phrase turned up that we knew did not appear on our site. I will not repeat it but let’s just say it is not appropriate in family or professional settings.
I chalked it up as a “mistake” on Google’s part.
Then the number of visitors finding us through web searches dwindled and I started to get worried.
It turns out that there is a nefarious “black hat” spammer who has found a way to sneak in a file that looks like harmless (but is encoded) and puts links to all sorts of adult sites in the footer of certain web pages, invisible to the naked eye but glaringly obvious to the search engines. This boosts the ratings of those sites in the search engines because they have more links.
Unfortunately, it totally destroys the ratings of the host website (i.e. us). There are people who purposely hide certain words in their website that are unrelated to their actual business in order to get more traffic and Google does not take kindly to attempts to trick its search engine. Google stopped checking our site on January 30 and has dropped all but a couple of pages from its search results (our disclaimer and one particular article). At this point, a search for our names won’t get you to the site.
We’ve cleaned up everything on our end and upgraded the software we use to run the site to the latest version. We have
begged for mercy from the great Google gods in the sky requested reconsideration.
Now we are just waiting, waiting, waiting for Google to give us the green light again.
We are not primarily a web-based business but it is still disruptive. Many potential clients (even existing clients) find it easier to just search on our name than to remember our exact web address.
1) Google does not make mistakes.
2) Monitor, monitor, monitor.
3) Stay on top of upgrades.
4) Live by the sword, die by the sword. We are all increasingly dependent on the web which can give as well as take. I would not be surprised to see some attempt to regulate Google and its ability to blacklist – just wait until some Congressman’s side business gets kicked out. Personally, I withhold judgment until I see how long it takes us to get back in.
This whole thing feels a lot like having your identity stolen and your credit rating hammered. Think of Google as one of the credit agencies, the black hat spammers as the identity thieves and us as the mostly innocent victims who might or might not have been okay if we had taken additional precautions.
There would appear to be a great business opportunity monitoring search results to see if websites have been hacked. I will note that Google, unlike the credit agencies, does not appear to be trying to capitalize on weaknesses in its own procedures by offering such services themselves.