Video Transcript – SEO, US Military and a furniture shop

SEO, US Military and a furniture shop – original post here

Welcome back, Rankers. Have a good week? I did. Caught up with my old mate David Meerman Scott, but we’ll bring you more about that, we did a show with Beers, Blokes and Business podcasts, so make sure you check that out when it comes out. Last week I talked about cheap SEO versus good SEO, we released a limited product, which is now sold out, and I started doing some of the audits today because I’m doing the audits on all these sites that have come in, and one of them was hacked.

Now, you may remember last year in December I brought out a story where I said there’s over a million pages hacked for SEO and I think that was just in Australia at the time. That was December 14th and Mac Carts [SP] about that hacking and back then all I found was sites built in a technology called .ASP and all the hacks were originating out of China and I spoke to our head of dev here, Jine, and she was saying, well, in China, in the Universities, the main thing that they teach is Microsoft technology, which is what .ASP is.

Doing the audits though, I found one site, which was a WordPress site, and it had the same sort of hack. And these hacks are basically Chinese counterfeiting sites injecting their sites into WordPress sites, ISP sites; I even found a Cold Fusion one today, which was a technology from the 90s. And what they do is that they can get ranked in Google inside your site.

Let me give you an example. Here is the site and it looks like cheap NFL jerseys, right? It says here, Jerseystop.us, okay, but then you look up here at the URL and it’s not Jerseystop.us, so you take that off and you go and have a look, and this site is actually selling designer furniture, not NFL jerseys. So they’ve got a site within their site, which is hacked. Now, this site’s in Cold Fusion so you might argue that Cold Fusion is a very old technology but these guys are updating their blog a lot, so it’s an active site obviously used for their business. What they don’t realize is that Google will certainly, in most cases, drop them down at best, and in other cases it may, and this is really annoying, it may rank high some of those pages that have been hacked selling different products.

So then what I did is I just thought, well, let’s just have a look at .gov.au NFL jerseys. And you can see here we’ve got at least 500 government websites in Australia talking about NFL jerseys. Which is a little unusual. And you can see here we’ve got a business site from government, and then down here we’ve got all these Tasmanian sites, and then we’ve got consumer affairs, Victoria, selling cheap NFL jerseys, which is a wonderful. You would think if you’d gotten to consumer affairs, Victoria, you’d be safe on what you clicked. No. Then if you go down here a little bit further we’ve got this site here, which is actually an FTP server. And an FTP server that history shows has been notoriously unreliable and most businesses these days will do a thing called secure FTP.

One of the reasons I was looking at this and it tweaked my interest apart from the site order that I did this morning is that last week we were getting hacked on our WordPress site, or attempted hacks, and I went in and did a whole bunch of updates, made sure everything was secure and, fingers crossed, we’ve been good since then. But that FTP one is an interesting one because you can see, this is the open FTP on a Western Australian government site and you go into here, into this little directory here, and we’ve got all these PDFs relating to free streaming and downloading of movies. I don’t think the Motion Picture Association of American would be too pleased with that. And then if we go back to our little search here, we’re only searching for NFL jerseys, but then if I type in the word cheap or the word replica. I’m still only searching .gov.au sites. You can see here the Berrigan Shire Council in New South Wales, they’ve been hacked extensively, and you can see they’re selling, I don’t even know who this guy is, but it’s obviously quite popular. But you can see they’re .ASP sites so we know that hack existed last year. These guys haven’t actually updated their site.

And then we’ve got that Tasmanian site appearing all the time. That ABC one’s not a hack. Then if we go down even further I’ll just show you one that I found, Bee Social. Let me change that from .gov.au to .com.au. So this site here, this is only 22 hours ago this one’s been hacked. So you can see there, June 22, and this site is hacked and it’s a WordPress site. And then if we take out that Bee Social, and we’re just looking at commercial sites in Australia now and we’re looking at cheap replica, and we can see here we’ve got a heap more, we’ve got 393,000. Now, some of them might actually be legitimate- no, I don’t think you can actually legitimately sell cheap replicas. But here’s the Ipswich Civic Centre, but every government in Australia, Queensland government, New South Wales Government, Victorian Government, Western Australian Government, South Australian Government, I think Northern Territory also and certainly Tasmania, have all been hacked, right? So, no one is immune from this.

This .com.au search that I’m doing, construction company selling fake Oakleys, Ipswich is featured very heavily, training sites, all sorts of sites. No one is immune from this if you haven’t got your site patched. So it can happen to anyone. Then if I go and have a look-, you say, well, that’s Australia, right? Several hundred thousand pages, probably, at least, that are selling cheap replicas and they don’t know it. So then I thought how many in the .au space? We’ve got 404,000 there just in the .au so there’s a lot. And then if we go and have a look, what about the U.S.? This one will make you laugh. Broadband map, which is a U.S. government site about where you can get broadband. But this one was very interesting. This one is, I don’t know, is there anybody in California? This is the Superior Court of California and this is in the County of Modoc. Look at this. They’re selling all of these cheap replicas. That’s a court, that’s a court’s website. Other ones, this will be a County, let’s have a look at that. And you can see here all of a sudden we’re off on a different site. Some of them are injecting entire sites into existing sites. Others are injecting into the existing sites and then you’re getting redirected off, in this case, to another site. And these are government sites in the U.S. So this is obviously a major hack. This one is not a hack. That’s actually a story, this is definitely a hack, what else have we got here? That looks like a WordPress site too, actually.

So there’s lots and lots. How many have we got here? Sixty seven thousand at .gov.au. Let’s go NFL jersey and see what we get. Only 15,500. But some of them are actually real. But once again, this Matthews- let’s have a look and see who they are. This is another site that the user gets redirected to. The Matthews, North Carolina. So let’s go and have a look and see what Google thinks or what Google has indexed for Matthews, North Carolina. So look at all this. Grey jumpsuit, pawn, Armani. Look at all this stuff that Matthews County North Carolina is selling. Heaps of stuff. This site has got 677,000 pages. I don’t think so. I really don’t think so. Because if I click on one of those, and this one, again, is an ISPX site, so I get taken off to this site.

So no one is immune to this now. The counterfeiters are out in force and it looks like the new marketplace isn’t the beaches of Bali, it’s the surf instead of the web. Let’s have a look at the UK. .gov.uk. Might be some business for those SEOs in the UK who I know. So .gov.uk, let’s just go to cheap replica. And you can see the Gibraltar government is doing that, the Lisbon government is doing that. We’ve gotta have a look at that. Once again, these are ASP sites. That one wasn’t though, that was a PHP site. And once again, we’re being redirected somewhere else. So not only could you lose your legitimate rankings if you get hacked like this, you can also actually annoy a lot of people because they might find a result that’s been hacked like this and then go off to a site that they don’t want to be at. So it could hurt your brand, hurt your rankings and hurt your business.

So the moral of the story here is keep your sites updated and when I went and updated ours last week there were definitely a lot of components that we should have updated earlier. Up until now, these sorts of hacks on .PHP sites haven’t been that prolific. Now we’re seeing it a lot. And look, they’re really nice, Kiddlingtonpc.gov.uk, these hackers are even using structured data. So they’re very thorough, as you can see here. Look at this one, it’s got 92,301 reviews, so let’s go and have a look at that page. That must be a great page. We are actually going off to, you can see there, it’s being pulled up in the header, that’s great. So where is the hack here? Let’s have a look. Maybe they’ve fixed it but it’s still in the Google index. Yeah. So, this one’s been fixed. I’ve seen a lot of them that have been fixed but they’re not fixed properly. They haven’t gone and removed all those entries from the Google index. Other ones that I’ve seen where they’ve fixed them they’ve removed the pages but there’s all these internal links pointing to the hacked pages and they don’t know. And so the site is essentially broken as far as Google’s concerned.

S

o we’re going to have a look at a cached version of this page. Let’s see if it- this is on the 30th of May. Look at that, Louis Vuitton, but we get taken off somewhere else. So even Google is indexing things which it shouldn’t. So if I do a quick, let’s just grab this one here, what I’m going to do is just do a quick check. If you’re on a Mac this is a really useful tool to use. So basically just open your terminal window, type in curl, which is capture URL, dash capital I, and then just put the web address in, and it will give you in turn what the server response is when you request that page. So here it says hey, it’s okay, fine. So something else is happening when you actually land on that page and then you’re getting redirected. It’s probably something like a Meta refresh or something like that. But that URL is essentially still inside those sites even though you’re not ending up at that site. And if we have a look at the Modoc County one, this one, Modoc Superior Court, and we just grab that. And we say show me all the pages that you’ve indexed, we’ve only got 77 pages here. But then down here, look at them all. All of these, these were all hacks. As soon as you see Rolex, cheap Canadian Goose. I don’t even know what a cheap Canadian Goose is. It’s probably a Canadian Goose that’s pretty cheap. Someone will correct me on that, but lots and lots and lots and lots.

So we’ve got governments with open FTP that people are just throwing stuff up on. We’ve got government sites that are, in the case of Fair Work Australia, they’re not using that site anymore so obviously no one’s looking at it in government. And we’ve got lots of counties, councils, courts, that are also being hacked. But that’s just the tip of the iceberg, seriously, there are millions and millions of pages out there like this.

Let’s just go back and have a look at the U.S. again. What about .mil? I doubt very much whether .mil will be have hacked, unless Edward Snowden’s still working there. Let’s have a look. Uh, .mil, let’s just go to cheap replica. Oh dear, oh dear. That doesn’t look good, does it? So we’ve got the Navy, we’ve got the Airforce, we’ve got the Army. What else have we got in here? Oh my God. If I go and have a look at one, will I get a knock at the door? Let’s have a look. Once again, this is back in IXPX. Oh, look at that. Comments. So this is more of spam than a hack because it’s a comment. This is from this man’s foxhole. And he’s always ready. He’s probably a very brave and powerful man, but seriously. National Guard, okay. It’s the National Guard. That’s what that, NGB must stand for. So the National Guard in the U.S. has been hacked. .Mil, by the way, is for the military in the U.S.

What else have we got? National Guard, Airforce. This actually might not be a hack. No, that’s not a hack. Navy. Photo of the week, that’s not a hack. That’s not a hack. Let’s have a look. You wouldn’t think U.S. Military would be selling- oh, they are. They’re selling Michael Kors handbags. So this one is Michael Kors honoured by the department of defence, so that’s good, that’s a real one. That is not because it’s in comments, so that’s spam. Okay, let’s go cheap replica again. Oh, maybe NFL jerseys. That’s a good one. NFL jerseys. No, they all look legit. Maybe if I put cheap. No, they all look good too. What about cheap replica? So we’re back here again. But you can see you need to stay on top of this. These are all comments so this is spam rather than a hack.

Okay. But government, military, commercial, everyone is- and look, this stuff, obviously they don’t really care about Google rankings, maybe they do, but if they’re trying to get recruits and those sorts of things that’s going to be hard to do when Google sees a site full of this sort of stuff. And it indicates neglect. Let’s have a look. This is what people are searching for. Who’s this? Access Rent-A-Car. They’re hacked. A lot of these ones aren’t, though. They’re actually legit. Although I don’t think the government of South Africa are. No, what’s SA? Someone will tell me or it will come to mind. We’ll find out. Let’s have a look. We’re getting redirected. But this site was hacked and that URL still remains. Oh, Saudi Arabia, of course. Duh. So Saudi Arabian government has been hacked.

So we’ll just have a quick look. Let’s type cheap replica again. Yeah, that’s a hack. ISP once again. Whoa, wowee, how many have we got? So just that one site alone has got 4,000 pages that have been hacked. That’s the Saudi Arabian government. So the moral here, as I said before, really, now more than ever, make sure your WordPress, the one I saw today was actually a Magento Site with a WordPress blog. Make sure everything is up to date. I’m not going to go into the security tools because I’m not a security expert. I know what I need to patch on my own site. There are plenty of security experts out there though but a lot of the techniques are on your web server, make sure that’s all up to date and patched with security patches, and then also with WordPress itself, if you’re using WordPress, make sure that’s got all its patches in it as well. Speak to your developers. Because, yes, it will affect your rankings, but it’s going to affect your business even bigger when your site gets taken down off the air all together.

That’s it for this week, hopefully that’s helpful. We’ll see you next week. Thanks very much. Bye.