Something odd happened to one of my FeedBurner feed last week. As you can see in the feed subscribers graph below, there are two big spikes — Sunday and Tuesday. I have no idea why. The rest of the week is about right. It seems really odd there would be big spikes for feed subscribers. What happened after the spikes? Did all those people unsubscribed from the feed?
I was playing with the Adsense data today and stumbled on this little stat:
According to Adsense, someone has been targeting my link units from August 10th to November 22nd. I'm assuming it's some sort of glitch because as far as I know, advertisers can't target link units. It's possible I entered the wrong channel code in the Adsense script, but I would expect more than 15 impressions if I miscopied the Adsense code.
And take a look at this ad on my site. It's for the bird flu. What the heck is that ad doing on my site?
Matt Cutts has an interesting post about what Google does when it detects a site has been hacked. Apparently, Google actually sends emails to the addresses listed for the site when Google penalizes a site. I have always assumed Google just penalizes sites without bothering to tell people.
What's even more interesting about the post is the site that Matt blogged about. The site was hacked in the very same way my dad blog was hacked…with the exact same porn links…on the exact same date. It appears a bunch of sites got hacked that day. Lucky for me, I took care of the problem within a couple of days. Otherwise, Google would have penalized my site as well.
In my last post, I mentioned I could not figure out how the hack occurred; I didn't see any modifications to my WordPress templates and disabling all my plugins had no affect. I have since discovered the hack occurred in the index.php file that sits outside of my WordPress directory. I'm telling you guys this in case you encounter the same hack in the future. I'm not going to list the hacked code here. The last thing I want to do is get ranked or penalized for porn stuff. You can see the hack code on Matt's post if you are curious.
So far, the last few days have been really crappy. First, the medical bill came in for my 14-month old daughter's 30-minute surgery. It was over $10,000. The HMO will pay a good part of it, but the amount I owe will still be staggering. Kinda puts a damper on Christmas and Thanksgiving (yes, I am thankful my daughter is OK now).
The second reason why things are crappy is because Akismet does not appear to be working on my blogs. Every few minutes, I get an email to approve a comment that has about 100 links in it. This has been going for a few days now. And it is getting reaaaaallllly ANNOYING.
Then there's my daddy blog, which was hacked early Saturday morning. Somehow, a hacker was able to insert a script and a bunch of links above the WordPress template's code. The hacked stuff loads before <!DOCTYPE html section of each web page. I downloaded my templates and I didn't see any modifications to my templates. I deactivated all the plugins and selected the default WordPress theme. It didn't make a difference. I upgraded to WordPress 2.0.5 from 2.0.4 and the hack is still there. I couldn't figure out how to resolve the problem so I submitted a ticket to my web host. Seven and a half hours later, they reply with something like, "We don't support third party applications and perhaps your password has been compromised."
That was really helpful. It's possible my password was compromised, but I didn't see any tampering of any of my files. I really don't understand how the hacker was able to insert the extra code before the html header. Makes me wonder if the web host has some sort of WordPress related virus that was doing it. I created a non-WordPress page and it loaded without any additional code. So, the problem is WordPress related.
The next thing I did was uninstall WordPress. I didn't want to do this, but I didn't see how I had any choice (my content was not viewable). So, after uninstalling, I reinstalled the latest version. Then I restored the database from back-up. Guess what? I got the exact same result with the default theme. I didn't upload my plugins so the only ones enabled were the ones that came with WordPress (Akismet and Database Backup).
At this point, I was wondering if the hack occurred in the database. To test this, I restore the database to another site with a different web host (#2). This time, the hack was gone. The database was fine. Since my blog was now working correctly, I had web host #2 change the domain name to daddyforever.com and then I change the entries for the name servers to point to web host #2. The dns propagation could take up to 48 hours, but I saw the change in less than 24 hours. But it wasn't what I was expecting. I could no longer connect to my site at web host #1 or #2. I didn't want to be Chicken Little, so I waited several hours before asking web host #2 to recheck their work. Sure enough, they discovered they made a mistake in the dns setup on their end.
My daddy blog is now back online after two days. I still have no idea how the hack occurred. The morale of the post? Back-up often.
Don't have time to visit iZachy everyday? Then sign up for my free newsletter. I'll send you an email when I have something to share with you. Your email address will be kept confidential and I will not share, sell, or rent it to anyone. You can unsubscribe at any time by clicking a link in the email.
