Matt Cutts asked me in a Sphinn comment the following question relating the my post on paid links on Mahalo.com:

Let’s ignore, for the moment anyways, that for absolutely any other website on the internet with the evidence that I presented the process would most likely entail the webmaster proving their innocence rather than the person reporting the paid link proving that they are guilty, and that they would have to do so after they actually got banned. Before I get started, keep in mind… whatsyourconundrum.com is not Conundrum Wine’s main website. Their actual website is http://conundrumwine.com/. The site that is being linked to from Mahalo is a marketing device, a link or PageRank funnel, something that acts as an intermediary link bait, or simply to increase brand recognition. This is actually a great way to help increase your exposure without having to put gimmicky items on your company’s professional website. That main website is not hosted on Mahalo.com’s servers.

Now, Matt is correct. The whatsyourconundrum.com website is indeed hosted on Mahalo servers. Without even looking at the IP address, we know by looking at the whois record the dns servers are ns1.mahalo.com and ns2.mahalo.com:

The reason, I am guessing, is that apparently whatsyourconundrum.com is powered by a white label version of Mahalo’s Answers. What we also see in the whois record is that the domain is owned by Camus Vinyards, and that their administrative email is domainadmin@caymus.com. Following that hint, we see that the caymus.com domain is owned by Caymus Vinyards:

Caymus.com is in turn being hosted on ewinerysolutions.com servers. Ewinerysolutions.com is being hosted on their own servers, so the dns trail stops there. If we go to the eWinery Solutions website, we can see that what they do is offer marketing services to wineries:

The most profitable and fastest-growing segment of the wine industry today is the consumer-direct channel. eWinery Solutions offers you the freedom to market your wines easily and effectively by creating a one-on-one dialogue with your best customers.

Jot on over to their Portfolio page, and we see that Conundrum Wine is in fact a client of eWinery Solutions:

Now, does eWinery offer their services to Conundrum out of the goodness of their heart? Somehow I doubt it. Did Jason agree to lease and host the white-label version of Mahalo Answers to them because of all of the warm fuzzies he knew it would give him? Of course not. In fact, he even refers to this deal as being Mahalo’s first “client”:

Whether the header link was part of the original deal negotiated to set up whatsyourconundrum.com, or a separate cash transaction, the fact remains that this was not a merit based link. It has it’s roots in a commercial transaction that most likely occurred between someone at Mahalo and the people doing Conundrum’s marketing. What I also can’t say is whether or not the clean sitewide links pointing to whatsyourconundrum.com on Jason’s private blog was part of the deal or not… but there are 5 of those links there as well, under the heading of “Daily Reads”:

Hopefully Matt won’t ask me to get all ninja and obtain a copy of the actual invoice… that might prove a little problematic for me.

I never use my uploads directory or Wordpress’s built in media management here on Smackdown, instead preferring to upload and manually insert the html for images myself in my posts (I know, I am weird that way), but my friend Donna has when she has guest blogged here in the past. I therefore knew that the uploads directory existed and had a few images in there, but never really had any reason to look at them. It was totally by accident that I clicked on the Media link in the admin section this morning. I am glad that I did, however, since otherwise I never would have known that I had missed a bit of leftover data from one of the times that I had been hacked last year, a reference to a file named rzf.php.

I use an early warning hacking detection system that Donna came up with last year with and I helped refine, MonitorHackdFiles, that alerts me whenever there are any files modified or added on my blog. This script has been indispensable in helping me to clean up damage from hacks before either my rankings were harmed or an infection spread to my readers. However, based on the folder structure on the database entry that I found, this was from a hack that happened prior to me installing that script. I checked, and the file definitely does not exist, either physically or virtually (I get a 404 trying to access it on the web), which makes sense since I did completely wipe and reinstall Wordpress several times last year. I also always check the wp_posts, wp_users, and wp_options (especially the active_plugins entry) after a hack for any irregularities, but never thought to check wp_postmeta, which is where information about uploads is stored. I have been hacked a few times, and this is apparently the only one that actually used the uploads folder. All of the other hacks hid files amongst the Wordpress system files or injected data into the database. Just to be safe though, from now on I am adding to the checks that I perform to the database to include scanning that table for any non image files, like so:

SELECT * FROM wp_postmeta
WHERE meta_key='_wp_attached_file'
AND (
	RIGHT(meta_value,4) NOT IN ('.jpg','.gif','.png','.avi','.mp3','.mpg','.flv')
	OR meta_value LIKE '%.php%' OR meta_value LIKE '%.pl%'
	OR meta_value LIKE '%.exe%' OR meta_value LIKE '%.js%'
)

This should display the entries in your database that match the contents of your uploads directory, filtering out the most common safe files while definitely including the most suspicious ones.

I couldn’t find anyone discussing the rzf.php file when I looked, but I did find a couple of sites that were hacked from it. It apparently generates a list of links that all point back to itself with various d=xxx parameters:

Each of these pages then generates a list of other self-referential links, plus some added text, and a small percentage of external links. All of the links that I looked at lead back to what appeared to be valid sites, presumably to better hide the actual target. Even though this may be the only function of the file, if the file itself is found in your directory structure, and not just a leftover database remnant like mine was, it is probably best to do a complete cleaning, just to be safe.

By now Google has to be getting more than a little embarrassed about the behavior of Mr. Jason Calacanis and his site, Mahalo.com. Aaron Wall did a very well written piece explaining how Mahalo Makes Black Look White and the spammy techniques they were employing. This isn’t the first time Aaron has blogged about Mahalo either, and talked about exactly how this makes Google look bad. For those who might not know, I have also been blogging about this recently.

While Google will ban smaller websites from their search results or from AdSense on a whim, usually it takes heavier coverage for bigger players to get hit. Like, for instance, when Google Blogoscoped outed BMW for spammy doorway pages. The story spread relatively fast, and Google wound up banning BMW for a short period of time. So when someone has a “special” relationship with Google, as Jason appears to have, and keeps getting second (and third, and fourth, and fifth…) chances to clean up their act, yet continues to snub their nose in Google’s general direction, it makes one wonder. Google has to be at least somewhat concerned that someone in the mainstream media will eventually notice and start to ask why someone like Jason would continually be allowed to get away with this stuff. Considering the unfairness and lack of impartiality of letting a site like Mahalo slide while punishing so many smaller sites for lesser offenses, my guess is that Google doesn’t actually want to discuss their reasons behind ignoring it. And so, each time Google does nothing, Jason decides to push things a little more.

This time it looks like Jason has decided to go ahead and violate the rules closest to Matt Cutts heart. While the layout I am showing here will change with time, since the header contains rotating articles, currently if you go to Mahalo at the top of every page (on the non-Answers side, anyways) you will see the following block of stories that Mahalo is highlighting (usually this area contains trending or hot news items):

(Click to enlarge)

While technically speaking just by looking at them there is nothing to distinguish one of those “featured stories” from another, the one that doesn’t actually belong is the third one in, with the caption “Best Pickup Line Ever?”. The reason that one is different from all the rest is simple… it’s not a Mahalo featured story at all, and has nothing to do with anything going on in the news. It’s an ad. It is a paid link that Mahalo.com sold, one that leads to a site built to market a wine company. There is nothing visual to distinguish or disclose that as an ad, and if we view the source of the page…

(Click to enlarge)

… we can see that there is nothing machine readable (ie. nofollow attribute) to distinguish it as an ad, either.

Matt Cutts has been very, very clear on his take on sites that sell links that pass PageRank, or ones that don’t disclose that they are in fact ads: they are spamming. No if, ands, or buts about it, they deserve to get punished. In fact, he has even gone to far to state that in his view undisclosed paid links violate FTC guidelines.

So, Matt, recently you put out a call for link spam reports, including “paid links that pass PageRank”. Really, though, is there any point in reporting Mahalo to you? Are you going to actually take action, or, like you have done with Jason’s spam in the past, will you continue to simply look the other way? Any other site would be faced with a penalize/ban first, make nice nice with Google later. Hell, with the BMW site you penalized them after they cleaned it up, just to make an example. I get the strangest feeling, though, that won’t happen with Mahalo…

Can you at least say something about this issue…?

Update: in response to a comment below and a question posed by Matt Cutts about what makes me believe that this is indeed a paid link:

The Mahalo Paid Link Evidence Trail.

/sigh

Ok Jason, we get it, you’re desperate. But stealing content from Wikipedia in order to replace what you deleted? Come on!

I am flipping through Mahalo.com today, just seeing if you’re keeping your word or not, when all of a sudden I notice this huge amount of pages with odd names that somehow I missed before:

http://www.mahalo.com/cgs-20625
http://www.mahalo.com/cgs-9896
http://www.mahalo.com/cp-154-526
http://www.mahalo.com/daa-1097
http://www.mahalo.com/daa-1106

These are all nothing more than content stolen from Wikipedia. Your version:

Wikipedia’s version:

You even hyperlinked the same internal linking scheme to the same topics Wikipedia does, regardless of whether or not those pages exist on Mahalo.com. How the hell can you claim this is original content when it is nothing more than cut and paste? I mean, wtf, you just claimed that Wikipedia is nothing more than a free for all a little under 3 weeks ago… does the content somehow take on some magical value after you scrape it and host in on your servers, trying to pass it off as something one of your users wrote? THIS is the “our users build it” content that you were referring to?

News flash, Jason… your users and Wikipedia’s users are not the same people. You lumped Squidoo into the same category back then as well. If I look close enough, will I find content stolen from them too?

Now, to be fair, maybe this content existed all along but was much, much less noticeable when you had all of those other pages of fluff in there, but now that you have deleted 78% of that side of Mahalo, these scraped pages are practically impossible to miss. None of the pages I looked at were actually indexed in Google, but it looks like at least 27,900 of them currently are:

(Click to enlarge)

Considering that Google only has a portion of those indexed, and that at last count there were only 128,324 pages left on that side of your site, that means that at minimum over 21% (and in all likelihood 30% – 40%) of the remaining pages on Mahalo.com are these scraped ones. Is that really what you want on your “Human Powered Search Engine”…?

There are 2 major differences between the original content and your version. 1) The original content cites the sources directly there on the page, whereas Mahalo does not, and 2) Mahalo is using each and every one of these scraped pages to automatically create 2 (and sometimes 3) additional contentless pages under the guise of questions being asked anonymously, questions that no one ever actually asked, but that are there solely for the purpose of bolstering your indexed page count in Google. The first question asked of every drug is What are the side effects of {insert drug}?:

And the second is always Where can I get {insert drug}:

I also saw a “Who makes {insert drug}” question here and there as well. These are empty questions, asked by a bot, that for the most part will never get answered (or even looked at) and were never intended to. Three plus free pages (two of them completely devoid of content) for the price of one scraped page. Jason, seriously, do you really think you are slick doing this?

By the way, a huge number of those pages are less than 100 words in length, yet none of them have the noindex tag. Regardless of of what the length is, however, it’s not what you are claiming Mahalo.com is Jason, it’s more fluff. Wikipedia already gives us those articles. You add nothing to the interwebs by copying them. In all seriousness you should just go through and delete them all.

Jason Calacanis replied to my post from yesterday. In it he discusses how he is indeed deleting many of the spammy pages that I had pointed out. Some, like the duplicate content doorway pages, he continues to defend. Either way, progress is being made.

However, he still kinda kills it by tossing in at the end about how this whole scrutiny on his site is “absurd”, and anyone who calls him on it is being “vicious”:

At the end of the day the absurd microscope we’re being put under by the SEO community is actually making our product better, and yes even improving the SEO of our best quality pages. For that, I thank you guys.

That being said, you really don’t have be so vicious about it. – Jason Calacanis

Jason, there is nothing “absurd” about this shit at all. Ya know, that whole Thou Dost Protest Too Much line? That applies here.

You’re sitting there calling this “vicious” and yet continuing to lie about the situation. You appear to be forgetting that I am not some moron who doesn’t have the facts. You made a statement over on HN and are making a similar statement here trying to implicate that other people put all of those short pages on your site. This isn’t the case, and for ffs, it was explained on Mahalo itself how they got there in the first place. Those pages that I blogged about, and that you are now saying are being noindexed (and which should all be getting removed, not just noindexed) were generated by a bot, one which ran on your site, one that turned people’s searches into static pages, which did so if and only if the page generated clicks, and which then added those pages to your sitemap so Google could more easily find them. This bot was once named “searchclick”, and you actual went out of your way to rename it to “stub” in order to make it sound less conspicuous. Wtf Jason, do you really think there are many things more indicative of awareness of the wrongdoing than going out of your way to actually cover up evidence…?

YOU are the spammer, Jason, you who had people modify whatever original software Mahalo was based on to behave like this. This is not some “consipiricy of the SEO’s” designed to get back at you for anything. You were spamming, acting like a dick when people called you on it, and then on top of that you are getting preferential treatment from Google during this whole thing to boot. Tons of people are getting banned from Google, or AdSense, or both, every day, and they don’t get to talk to a Google rep. They get a form letter and little to no information about what they did wrong (if anything). You get a personal talking to from the head of the Google spam team no less, and you’re response is to whine about how all the “trolls” are being mean to you? Give me a break, Jason.

Matt Cutts himself told you that if you didn’t clean things up that Google might take action. Matt is the head of the Web Spam team. You seriously want us to believe that you thought he was talking about something other than spam when he said that..?

To put things in perspective, not counting the Mahalo Answers side of things (which I haven’t even started to look at) you started out with 12 xml sitemaps each containing up to 50,000 pages in them. The total number of pages was 598,661. After the trimming down, you now have 3 xml sitemaps, with a total of 128,324 pages left. That means that you just whacked 78.6% of the main site, and you still have empty pages in the sitemap. Just looking by hand, it looks like between the remaining empty pages you told me you were going to eventually remove from the sitemap and the fluff that is in there, only about 1 out of 3 of the remaining pages should actually still exist. I pointed one example out on Twitter, but here’s another set so you can again see what I am talking about when I say fluff:

http://www.mahalo.com/jay-z-brooklyn-go-hard
http://www.mahalo.com/jay-z-brooklyn-go-hard-video
http://www.mahalo.com/jay-z-brooklyn-we-go-hard

Same topic with slight rewordings, none with any substantial amounts of content, those could easily be (and should be) a single page. Now, I understand that it takes time to get to all of those pages, but still, the numbers are kind of huge.

If this helps you get a better mental image of why this shit is not an “absurd microscope”, here are some cool infographics for you to look at (these are to scale, by the way, not some made up ratios):

We know those pages didn’t add up to a ton of traffic, Jason, you keep telling us. As I said before it’s not about that, it’s about all the free PageRank they were pulling in. We’ll see where things sit after the cleanup actually gets finished and Google gets around to respidering what is and what isn’t left. My guess? You will be surprised how large an impact this “small portion” of your site was actually having.

Last week, after Matt Cutts gave Jason Calacanis a warning about Mahalo.com’s spammier pages (and probably a few stern looks as well), Jason changed a few items. He had them rename their spambot from “searchclick” to “stub”, thinking a less obvious name would throw off anyone looking into the spam situation. Very briefly they added a noindex meta tag to the content-less pages (a change that they then undid after just one day, of course). Probably the biggest change that they made, however, is that they decided to actually turn off (for now anyways) the bot that was creating all of those pages that were nothing more than scraped content.

What then, you may ask yourself, is Jason going to replace all of these pages with, exactly? I know that’s what I was asking. As I pointed out in my post last month, those autogenerated pages compose the vast majority of the 350,000+ pages on Mahalo.com that Google has indexed. Since Mahalo’s rankings rely in good part on the sheer number of these pages (and the miniscule amounts of PageRank that each is capable of pulling in from scraper sites) simply removing them would be potentially disastrous for Mahalo, both in terms of rankings and subsequently in traffic, and therefore revenue. Jason knows this, so in preparation for getting rid of them altogether (or at least in getting them to outnumber the empty pages, in order to satisfy Matt Cutts that there is more than just spam on the site) he greatly increased the number of actual user generated pages getting pumped out.

The problem, as any webmaster who has relied on obtaining content they themselves did not write can tell you, is that the only economical way to greatly increase content production without greatly increasing your content budget is to sacrifice quality. In this instance it looks like Mahalo decided to simply toss “quality” out the window altogether.

The old automated pages that Mahalo was predominantly made up of were for the most part borderline spam. They did not really add anything to the internet, and gave an extremely poor user experience, but while technically they were spam (being nothing more than AdSense wrapped in scraped content), apparently they were just gray enough for Matt Cutts to warn Jason instead of outright banning him. With these new pages, however, there is nothing “borderline” about it… they directly fly in the face of Google’s Webmaster Quality Guildelines. In fact, Matt Cutts has actually quoted the relevant guidelines on his own blog in the past:

“Don’t create multiple pages, subdomains, or domains with substantially duplicate content.” and “Avoid ‘doorway’ pages created just for search engines, or other ‘cookie cutter’ approaches…” - Matt Cutts, quoting Google Webmaster Quality Guidelines on “what not to do”

Take, for example, this list of pages, all of which were published on Mahalo over the past few weeks:

http://www.mahalo.com/how-to-find-free-wifi-in-boston
http://www.mahalo.com/how-to-find-free-wifi-in-baltimore
http://www.mahalo.com/how-to-find-free-wifi-in-los-angeles
http://www.mahalo.com/how-to-find-free-wifi-in-new-york
http://www.mahalo.com/how-to-find-free-wifi-in-charlotte
http://www.mahalo.com/how-to-find-free-wifi-in-san-antonio
http://www.mahalo.com/how-to-find-free-wifi-in-chicago
http://www.mahalo.com/how-to-find-free-wifi-in-houston
http://www.mahalo.com/how-to-find-free-wifi-in-philadelphia
http://www.mahalo.com/how-to-find-free-wifi-in-phoenix
http://www.mahalo.com/how-to-find-free-wifi-in-detroit
http://www.mahalo.com/how-to-find-free-wifi-in-dallas
http://www.mahalo.com/how-to-find-free-wifi-in-jacksonville
http://www.mahalo.com/how-to-find-free-wifi-in-austin
http://www.mahalo.com/how-to-find-free-wifi-in-san-jose
http://www.mahalo.com/how-to-find-free-wifi-in-san-francisco
http://www.mahalo.com/how-to-find-free-wifi-in-indianapolis
http://www.mahalo.com/how-to-find-free-wifi-in-columbus
http://www.mahalo.com/how-to-find-free-wifi-in-fort-worth
http://www.mahalo.com/how-to-find-free-wifi-in-memphis

Anyone else noticing a pattern here? While some naive reader might think that perhaps there is a substantial difference between finding free wifi in Columbus, Ohio and finding free wifi in Fort Worth, Texas, a quick look at the articles themselves shows this to not be the case. For instance, in the Boston article:

“This how-to guide talks about three popular types of businesses that tend to offer free wifi”

In the Baltimore article:

“This page gives you three different examples of types of places you can go around the city of Baltimore for free wifi wifi when you need it most.”

In the Charlotte article:

“Though there are several types of businesses in Charlotte that offer free wifi, this page focuses on helping you find individual establishments in three popular categories.”

In truth the articles in general all talk about 4 types places to get free wifi: 1) hotels, 2) restaurants/coffee shops, 3) book stores/libraries, and 4) airports. What they do though is mix and match them, for more variety. All of these articles are nothing more than what is known as “rewrites” of each other, and hardly qualify as “unique content”. The whole purpose of doing this is so that they can take a single article and use it to try and rank for all of those different cities. It is the epitome of “substantially duplicate content” that has been “created just for search engines”.

Another of the more blatant rewrite topics they started churning out recently is “how to become a travel agent {insert location here}”:

http://www.mahalo.com/how-to-become-a-travel-agent-los-angeles
http://www.mahalo.com/how-to-become-a-travel-agent-boston
http://www.mahalo.com/how-to-become-a-travel-agent-wyoming
http://www.mahalo.com/how-to-become-a-travel-agent-chicago
http://www.mahalo.com/how-to-become-a-travel-agent-wisconsin
http://www.mahalo.com/how-to-become-a-travel-agent-west-virginia
http://www.mahalo.com/how-to-become-a-travel-agent-vermont
http://www.mahalo.com/how-to-become-a-travel-agent-hong-kong
http://www.mahalo.com/how-to-become-a-travel-agent-rio-de-janeiro

I found those, plus at least 53 more, all published in the past month. Now, while it may seem odd to publish so many different geo-specific copies of “how to become a travel agent in…”, a keyword combination that probably gets little to no traffic whatsoever, by doing it this way it gives them a chance to pick up rankings for the more obvious search phrase, [travel agent {destination}]. In fact, for some of the lesser competition destinations, such as Vermont, we can see that Mahalo does indeed manage to rank:

The last form of Mahalo doorway page that I want to touch on in this post isn’t geo-based, but rather designer-label based. For instance, consider all of these pages having to do with Christian Louboutin, Luxury French shoe and bag designer:

http://www.mahalo.com/christian-louboutin-bridal
http://www.mahalo.com/christian-louboutin-knockoffs
http://www.mahalo.com/buy-christian-louboutin-online
http://www.mahalo.com/christian-louboutin-coupons
http://www.mahalo.com/christian-louboutin-handbags
http://www.mahalo.com/christian-louboutin-sample-sales
http://www.mahalo.com/christian-louboutin-sale

All of these thin pages could easily be combined into a single page, but by doing so Mahalo would lose out on the opportunity to rank for long tail phrases that splitting them up offers. Some of the pages, in fact, offer no actual content whatsoever (such as the “Christian Louboutin Coupons”, which merely tells the user that the Christian Louboutin company doesn’t have coupons), and exist solely in case someone searches for that particular term. Additionally, all of these pages allow for more interlinking on the site, and more chances to pick up stray PageRank.

Obviously Matt’s talk to Jason didn’t result in the Mahalo spam getting cleaned up, and in fact seems to have had the opposite effect. Where it goes from here is anyone’s guess.

Last week at SMX West, during the Ask The Search Engines panel, moderator Danny Sullivan asked Matt Cutts why he didn’t ban Mahalo.com for spamming Google. Matt stated that he had talked to Jason Calacanis, Mahalo.com CEO, about the issues, and warned him that Google might “take action” if Jason didn’t make some changes to the spammy side of Mahalo. Matt also made the following statement, in reference to Aaron Wall’s post on the subject:

All the pages Aaron pointed out now have noindex on them. - Matt Cutts

Matt was referring to all of the autogenerated pages that both Aaron I blogged about in our posts, the ones with no user content whatsoever. A good example of these pages is this page on Aaron Wall himself, http://www.mahalo.com/aaronwall shagging, http://www.mahalo.com/shagging (note: see update #2 below). It is true, in fact, that right after Matt gave Jason a good talking to all of those pages did indeed have noindex added to them. I know. I checked myself. However…

What Matt apparently does not know is that approximately 1 day after the noindex tags were added in, Mahalo.com actually started to lose some rankings (thus supporting my claim that it is all of those pages bolstering their rankings in the first place), and as soon as that happened Jason had the noindex tag removed again:

(Click to enlarge)

So the noindex tag existed just long enough for Jason to show Matt that they had made the change, then got yanked again. Matt made his statement on March 4th, long after the change had been undone, so obviously Jason didn’t bother to let Matt know that the change just didn’t work for him. Yes, Mahalo did turn off their spambot for now (and renamed the bot from “searchclick” to “stub”, since everyone knows what you name your spambot makes all the difference in the world), and he is working on getting more “original content” up on the site (more on that topic in my next post), but for now it looks like Jason has decided to continue to leverage his pure spam pages for rankings, regardless of what Google says.

Update: The post I mentioned about Jason’s new plan to replace the automated empty pages is live and can be found here:

Mahalo.com: Meet the New Spam, Worse than the Old Spam

Update #2: So apparently Jason decided to suddenly fluff out Aaron Wall’s page with actual content after reading this post, probably hoping that people would assume it was never a thin page to begin with. I added in a new link as an example of the pages I am referring to, and here are some more:

http://www.mahalo.com/bmtron
http://www.mahalo.com/lambada
http://www.mahalo.com/bittercup
http://www.mahalo.com/trifles
http://www.mahalo.com/handcuffs

Since I assume Jason will probably try and hide those as well (instead of doing what he said he was going to do in the first place, and just remove or noindex them all en masse), here is a screenshot of what one looks like:

(Click to enlarge)

Yesterday there was a tragic incident involving a lone gunman attacking the U.S. Pentagon. According to reports, the man intended to carry out this attack with 2 handguns and “many magazines” of ammunition.

It probably would have worked, too, except that apparently he had a couple of flaws in his plan… like, forgetting to have Tank upload the martial arts program first. Or not bringing a big assed duffel bag of fully automatic guns with him. Or waiting until after he passed through the metal detectors, for that added element of surprise…

… or not bringing Trinity with him…

Please note – I do agree that this was very sad that the gentleman in question did what he did, regardless of what his reasons are. Also, I do not condone violence of any kind… unless of course they really are holding Morpheus, in which case all bets are off.

The following “guest post” was a comment left on “How To Completely Clean Your Wordpress Installation” by a gentleman named Daniel J. Dick. He makes some excellent points, and due to it’s length I decided to feature the comment in it’s own post, rather than approve it in place. Enjoy.

I think Nick sums up how most of us feel about malicious hackers, script kiddies, and spambots that wreck other people’s stuff.

My apologies to everyone that reads this that are searching out how to fix your blog. It is obviously meant for the little, no good, no life having, soulless human maggot out there that creates viruses, malicious scripts and hacks other peoples stuff. YOU SUCK BIG MOOSE C#&@!!

- Nick

Most of my sites have been on C-panel setups just because of cheapness and laziness on my part. But, I’ve been a Unix / Linux hack for about 30 years, so I grabbed up a VPS, set up Centos 5, Apache, PHP, MySql, Exim, and all the way I like it with a little Perl script to throw anyone who tramples on various triggers into the firewall straight away, and before I even had the thing known to any DNS servers anywhere, it already had trapped about 60 or 70 IP addresses, and they were not false alarms. Now if that many are blocked trying to break into SSH alone, imagine how many would be flooding into the applications that have ports open on any given system, especially AFTER it was known to the world by name!

If you have a website, don’t think in terms of “if” it will be attacked by hackers and spambots, and don’t think in terms of “when” either. Think in terms of enlarging the gaps between times hacking attempts are successful and recoveries are necessary. Think in terms of how many hackers you can trap and report and how many hacking attempts you can block, and how well you can isolate them from the false alarms. If you block them by IP, you’ll find most of your users are on IP addresses shared throughout the comcast and AT&T community, and you cannot block those ranges without blocking out most of your users. So, you may want to block them temporarily, say 2-4 days and release them just to make sure they don’t hit you with a denial of service attack or a brute force attack. This will at least keep your system from being hammered and help reserve your bandwidth and computing resources for constructive work.

Cut back the number of ports you have open. If you put a million door lock onto the front door of your house but the door is made of balsa wood, a 3 year old might kick it in by accident. If you secure your front door and leave your back door open, you’re still out of luck. What are the points of entry? What protections are there on those? If they get in, what can they compromise? Can they use one service to plant a mine for another service?

At one time, everyone laughed at the thought that opening an email could cause a problem. “Email is just a text file.” “You’re just reading it, silly!” True, but what does the email reader do with what it reads? Does it process mime types or any kinds of files? A kidnapper may be unable to unlock the front door of your house, but if he can tell your 3 year old child you won a million dollars and need to open the door to get it, you may end up getting a call with a demand to pay a million dollars in ransom.

So often we think if someone is really competent in security, it will be impossible for any hacker to break in without getting caught. One would like to think that security is a terminal project–one with a beginning and an end, that you can sign off on completion and your work is done forever. It isn’t. No more than ending all war and establishing permanent world peace is a terminal project unless you’re God.

You can set policies, brainstorm, gather ideas, organize them, let them spawn ideas, and let the creative juices flow, and then organize them again until you have a full set of projects, policies and procedures and methodologies for implementing them. You can weigh risks calculating potential losses against costs of prevention and come to an idea of what is most important. You can set up disaster recovery strategies, and in them beware of the fact that when you take backups, there will be times you will be backing up viruses and corruption as well, and many times corruption and viruses may be intertwined into the ongoing collection of data and you’ll need methods for weeding things out whether you like it or not. But, it has to be part of the plan.

But, in the end, it may almost seem like security is about good backups and disaster recovery first and then the rest of the prevention is about performance, reliability, reduction of downtime, protection of reputation, and overall efficiency.

There will be times when there are conflicts between progress and safety. There may be times people feel they cannot get any work done because security is too tight, too insulting, too bothersome, too pedantic, too whatever. And sometimes there will be folks whose die-hard commitment to security is in ignorance hindering progress while providing no real security at all.

It’s a pain, really. And yet every pain has its joy and satisfaction and opportunity to do excellently where others have failed. Without a battle there can be no victory. Without something to overcome, nobody can become an overcomer. It’s a curse and a blessing.

Whew…that was longwinded!
Dan

I don’t know about the rest of you, but for some reason I find this oddly poetic.

(Click to enlarge.)

For those who can’t read it, it’s from http://twitter.com/scientology, and states:

Sorry, the profile you were trying to view has been suspended due to strange activity.

Yeah, like that’s a surprise!