Not a question, but sharing this in various circles cause it`s important;
Nasty little hack -
In all my years of doing forensic work, this is one of the best/neakiest `hack for links` that I`ve seen. There were a few hints along the way (load times, robots.txt was empty) but nothing along the usual lines as far as red flags.
Ultimately we found it in some PNG files spread across some 22 directories. They originally got access via a plugin that wasn`t updated (WP). Essentially, they used a sort of `black hat CDN` on their servers that would feed Google entire pages, but those pages never showed up on the site because they were on the baddies server. The load time was because it would send normal users to their site and back to the home page, but their hacked page never loaded. Anyway, I`ll write about it once I am done cleaning up.
Interestingly Google didn`t even catch on... it was there since Aug 2016. I will be sending Google the case study once I am done, so this is worth knowing about.
Oh and this is a GREAT case for setting up bi-monthly tracking in SC/GA. Often I feel some clients think my monitoring is just a cash grab.. but if it wasn`t for this, I`d have never caught a sniff of the hack. It was a new client, I was doing my initial run when I came across it... thus it was in place since 2016. Now, one can also think that "Google didn`t catch it, so they weren`t penalized" but hey, they`re bound to eventually, it`s not worth the risk. Funny enough, the client`s rankings/traffic was growing the entire time, and they were never penalized.
Thus we can assume Google never caught it and that it wasn`t a neg-SEO attack.
oh and it`s so awesome, we found via log files that they utilized it for porn in the past... then switched to viagra/cialis. We`re wondering if it`s a black hat link network for hire...
