--get your your Linux knowledge
> Linux Reviews > News and headlines > 2005 News archive > March >

Wordpress p0wned by Google for Spamming

SEO is the art of Search Engine Optimization. This can be done using various methods. These methods can be divided into so-called white hat and black hat SEO. Obviously, white-hat SEO is much harder than black-hat SEO and that is probably why there was a few hundred thousand hidden articles at the Wordpress website. Google noticed it and p0wned Wordpress by kicking it down from PageRank 8 to zero.

Running a website is a tough proposition. There are costs to be minimized at every step of the way, there is extremely huge competition as thousands of sites are added to the net every hour and the few dollars actually floating around on the Internet constantly gets divided to increasingly many people. This is why people sometimes get quite desperate and greedy.

Some greedy players turn to the excellent, well-working spamming techniques to the irritation of many. While this does give corporations a cost either in the form of quality anti-spam software or wasted employee time, enough people do react in the desired way to make it profitable. The secret fact is that one in nine people who use the Internet daily from their homes have bought something advertised by spam-mail.

Other greedy players use black-hat search engine optimization. There are many ways of doing this, most involve a very huge set of files with creative keywords of phrases which are linked together in some elaborate way. Search engines hate black-hat SEO and ban the sites.

The maintainer of the official open-source Wordpress blogging software got a bit greedy and created at least 168,000 articles with random keywords hand-picked to trigger attractive, high-paid advertisement results from the Google Adsense advertisement boxes placed on the site. Google figured this out and p0wned his site down from PG8 to PG0. PG means PageRank, and that is what SEO is all about: High pagerank == Hits. A high pagerank means your site is more important to search engines than other pages, so traffic will be directed to your site at no cost to you.

The articles were fed to search engines using cloaking. Cloaking means placing text so it visible only to robots. Google clearly forbids it in their webmasters faq, black-hat SEO involved bending or breaking a few rules.

Wordpress used the old move-it-away trick by placing the links within a text-indent: -9000px; overflow: hidden; styled div tag.

  <div style="text-indent: -9000px; overflow: hidden;">
    <p>Sponsored <a href="/articles/articles.xml">Articles</a> 
    on <a href="/articles/credit.htm">Credit</a>, 
    <a href="/articles/health-care.htm">Health</a>, 
    <a href="/articles/insurance.htm">Insurance</a>, 
    <a href="/articles/home-business.htm">Home Business</a>, 
    <a href="/articles/home-buying.htm">Home Buying</a> and 
    <a href="/articles/web-hosting.htm">Web Hosting</a></p>

Other cloaking techniques involve using the same or similar font and background color, creative sub-domains and small, unnoticeable images or images who look unimportant.

Andy Baio had the chance to talk to Matt Mullenweg about his motive, which turned out to be (surprise!) profit.

Wordpress is a Open Source product used widely. There are some big problems with combining that with black-hat methods:

  • Any default Wordpress installation has a hard-link to the website. These users act as second level carriers for search-engine-spam, meaning they in turn can be p0wned.
  • A tainted distribution point for a product reflects on the product, this does in many ways reflect on the product.
  • Wordpress blogs are frequently spammed with garbage comments. When the developers have no moral, who knows what other tricks they are likely to pull? Why not sell multi-site spamming to the highest bidder?

Part of the black-hat money pays for active development of a free product. But just how much rule-breaking are you willing to aid just to get it "free"?

News and headlines

Meet new people