Yesterday afternoon some well known SEO bloggers had their sites hacked. The community is alive now with discussions of the incident, which is only natural given what happened. Still it’s sad in a way since it does give the the person responsible exactly what he or she wanted, notoriety. I’m sure the incident will continue to generate a buzz in the days ahead feeding into the hacker’s ego, but I hope that what ultimately comes out of this is something positive and I’m already seeing the signs.
First a little background on what happened. Sometime early yesterday afternoon where I sit in Colorado I was on Todd Malicoat’s Stundubl site. One moment all was fine and the next the site wasn’t looking right. I thought it was just a missing css file, but a few refreshes later it was obvious something more was happening. Every link was redirecting to a blog on WordPress by someone claiming to be f***pirate.
I dashed off a quick email to Todd in case he wasn’t aware and as it turns out he wasn’t and was with Michael Gray of Wolf Howl fame who’s site had also been hacked. BoogyBonBon is a third site to have suffered a similar attack. Fortunately all three blogs were back up and running today.
Mr. Pirate’s WordPress site was taken down before too long, but it’s back again on blogspot. I have no interest in linking to the site, but if you can guess what those asterisks are standing in for and understand how to find a blog at blogspot you should have no trouble finding the current site. It may not be there by the time you’re reading this of course.
The reason’s given for the destruction from the pirate site
Why I’m doing this?
1. Because I want
2. Because I can
3. Because lately the SEO industry is LAME and BORING – Want a proof of that?
- The SEO industry is just a bunch of self-proclaimed gurus making more money from their “guru” status than from SEO.
- The blogsphere (God I hate that word) is filled with countless “SEO blogs” syndicating what other “SEO blog” syndicated from another “SEO blog” that syndicated some bullshit guru.
- The most insightful and fun thing that has happened recently in the SEO industry (and anyways It was a looong time ago!) was the freaking search engine spammer who indexed billions of pages in Google thanks to a bug in Blogger, some DNS wildcards and a PHP content generator. Oh boy, people over webmasterwold and digitalpoint where going crazy about it!. So I’m about to bring back some fun to your lives…
Additionally there’s a list of other A-list bloggers and sites like Digg that are apparently targeted for attack.
The attack was based on a script released recently that attacks WordPress blogs through a flaw in the PHP core. I’m not sure I’d do the best job explaining the flaw so I’ll direct you to the words of Jason Roe who does a good job explaining the attack on this Threadwatch post. The discussion is alive on the thread so you may want to read it from the top.
The solution to the attack is for anyone running WordPress to upgrade to version 2.07, which was released within hours of the attacks. Quick response from the folks at WordPress and another reason it’s my favorite blogging software.
The attacked sites have recovered and the targeted sites will no doubt secure their blogs so where does this leave the community and how can we turn these events into something positive?
I, Brian has begun with an excellent post on SEO isn’t hacking – and data security tips for the SEOmoz blog. I’ll let you read his post for the full details, but I would like to focus on security for a moment. We all know security is important and yet at the same time how many of us take all the steps we can to secure our sites? How many of us take every precaution to secure the sites of our clients?
Admittedly security is a separate skill from seo and web development. We can all take the time to add a few basic measures of security, but it’s truly a field of its own. Still this attack can at least make us all more aware of the problem and hopefully it will convince many to take the issue more seriously than we might have in the past. I for one will be breaking out a few books and brushing up where I can.
A lack of security is hardly a problem only in the seo community. How many people currently running WordPress blogs will even be aware of the problem. Let’s face it most won’t be. While we can’t protect every site the seo and web development communities are responsible for creating a lot of websites and we can all make our clients more aware of what can happen and make sure we at least build in a rudimentary level of security into the sites we build.
We can also do what we can to spread the word outside the community and help bring awareness to the average small business owner running their own site and perhaps convince them of the benefits of having their sites managed beyond the initial launch.
There are issues for the community beyond security though, which I hope will come to light. f***pirate has shown the typical signs of an attention seeker. Attacks like this are all about attention and look back at the quote above. Points 1 and 2 reek of an attention seeker. Point 3 does too, but there’s more there and sadly a kernel of truth.
There probably are SEOs who are profiting more from guru status than from doing seo work and maybe we could all do with a dose of humility. It’s also true that all too often blogs are filled with little more than links to other blogs that link to other blogs that link to a story. I know I’ve been guilty of that myself on occasion though I do always try to add a few of my own thoughts.
By no means do I advocate what pirate did. In fact while he’d like to think he’s a great hacker there’s little understanding here of what a hacker truly is. If you’d like to understand more what it really means to be a hacker read Eric Steven Raymond’s article on How To Become A Hacker. You won’t find any information about how to take down a site or break into a network, but you might learn a little about ethics. Let’s call pirate what he is which is a ‘cracker’ and not someone who embraces the true spirit of being a hacker.
The seo community suffers in many circles from a poor reputation, which is odd when you consider that part of the job is reputation management. Maybe we should all pull together as a community and work to promote the community more instead of promoting ourselves. I think for the most part the community does do this, but we can certainly do more.
When stundubl and wolf howl first went down there were some who thought it all some kind of bizarre link bait scheme and I’ll admit it briefly crossed my mind when I saw Todd’s site down. My apologies Todd, but even though I’m living in happy new age Boulder, I’m a New Yorker at heart and cynicism is built into our genetic code after all. Know that the thought was fleeting and I chose to email and alert Todd of the problem instead of considering this any kind of marketing tactic.
But it did cross my mind as it did others in the community and I think that says something about where seo is. There’s no white hat or black hat, it’s all shades of gray and one has to wonder if anything goes sometimes. How many times have we all seen articles and posts that are easily recognizable as linkbait for the sake of the bait instead of the useful content that’ supposed to sit at the foundation.
It’s sad that the idea crosses people’s minds, but it is fair given how some have taken to sensationalize link bait with hooks to pull links without offering much of substance in return. There will no doubt be some who will always consider what happened yesterday as a publicity stunt. There will be those who see conspiracy and who will see this as nothing more a than marketing ploy. Discussions have been going on for months asking if link bait is ruining the web and I’m sure many who think so will join in on the side of seeing marketing stunts with the hacks. I for one would still like to think that linkbait, in spite of a poor name, can lead to an improved web.
I’d like to point to another quote by said pirate
Who I am?
In-real-life I study and own a web development studio. Online I’m a well known white hat SEO. You can find me at v7n, threadwatch, webmasterworld, digitalpoint and reading stuff from blogs like personified, copyblogger & seomoz (In fact I’m a moderator at one or two of those forums!) I love to help newbie’s on forums, movies and long walks on the beach… I have an “evil” alter ego called F***Pirate.
If we are to believe the above than said pirate lives among us and many of us perhaps talk to this person dialy in one forum or another. It’s possible the above is simply to divide the community and have us mistrust those we encounter, but don’t completely know. I can’t claim to fully understand the mind or motivation of someone who breaks into websites, but I think it’s more the MO to brag about oneself than it is to make something like this up. Sure, details that can be used to catch the person will no doubt be lied about, but the mentality as far as I understand has always been more about puffing out one’s chest as a way to say ‘how much better I am than all of you.’
I hope that this doesn’t lead to all of us casting suspicions on each other. Better minds than mine have already begun to track down the pirate and I suspect in time will figure out his identity. There’s yet to be any real proof that he knows more than how to rewrite a script and script kiddies inevitably leave a trail back to themselves.
The Hope For The Future
What I do hope is that the seo community understands more that there are those both in and out of the community that see us in a less than favorable light. I know we’re aware of the image problem with the industry, but maybe it’s time we all work harder at changing that image lest we forever be seen just a step above used car salesman and peddlers of snake oil.
I won’t claim to have a lot of answers. I think in some respects seo will always suffer an image problem. People are moving online to make money and one of the first things they all realize after they take a site live is they need to find a way to drive traffic to it. Many of those people will happily buy the pitch of anyone who promises fast, quick, and easy results. There will always be some calling themselves SEOs who fill that space.
But I think the rest of us can do what we can to clean up the image of the community as best we can. We can also help to ensure the security of our own sites and the sites of our clients. Something bad happened yesterday in the world of seo, but I hope we can all do our part to turn it into something positive for the community. I hope we can all learn from what happened, see the flaws in our industry, and work to correct them and our standing in the greater community that is the web.