Christopher J. Buckley

I awake today, to find that SEO expert Matt Cutts’ personal blog has been the victim of a defacement attack. Here’s a screengrab:

This doesn’t appear to be an April Fool’s…
Interstingly, this isn’t a wordpress hack, but appears to be an exploit in the version of Apache (1.3.37) Matt’s webhost were running (note: Matt’s site is not hosted by Google).

Rule number 1 in security: never make your webservers directly publically accessible. Always reverse-proxy to them. You can then inspect silly hack attempts like this and stop them before the client request reaches your webserver.

The team responsible for the defacement have written this to Matt:

Dear Matt,

Sorry it falls on you! We at DarkSeoteam appreciate your blog, respect your work… and you look like a nice guy. But your blog looked like the perfect target. First because you don’t rely on it for income, second because, on the internet, there is no better proof than a punchy example.

As many fellow webmasters, we have been reading the endless threads at webmasterworld, where site owners were complaining for having their websites “Googlewashed”, and income hurt by unscrupulous competitors.

As many fellow webmasters, we were shocked that Google and GoogleGuy did not even dare to comment.

Matt ! Google doesn’t have to feel ashamed for the bugs. Everyone involved in software and algorithms can understand what bug means for real. We all had bugs. The only thing we can’t understand is that Google doesn’t say it’s going to fix it asap.

We won’t make public the way we ranked on “bacon polenta”because we don’t want the technic used spreading on the web. However, it seems that many posters at webmasterworld and threadwatch understood the whole thing. But that’s not the point.

The point is:

Anyone can use Google’s duplicate content filters to ruin a competitor’s website, and steal his ranking and traffic.

Moreover, Matt, the webmasters’ community does not need an immediate fix, but it needs Google to admit that it is not able to differentiate between the original contents and the duplicate one, and it needs to hear that Google is working hard on fixing this severe issue.

Last thing Matt. You said at threadwatch that you were not going to do anything special for your blog. It honors you, but beware that the whole thing could worsen in the next days. Not that we are going to do anything else about it, but our test is very recent. It was just set-up on September 25 (yeah, less than 10 days to get a visit from GoogleGuy, we’re proud lol), and Googlebot has not finished his job yet.

As we said Matt, we’re leaving the test “as it is”. Hopefully you guys in the Googleplex can use it as a “cobaye” to fix your algo. After all, our site is just a lab, and you’re welcome to use it.

The DarkSeoTeam

I’ve just read that the guys at Unofficial SEO Blog believe that ‘Matt’s upgrade of WordPress installation from 2.0.x to 2.1.x might have helped Dark SEO Team to hack it.’ This does not appear to be a wordpress hack, but rather an Apache exploit. It will be interesting if the precise exploit is ever detailed. All this demonstrates is why every enterprise site must use some form of application firewall.