While procrastinating last Friday afternoon, I noticed a distress call show up in my Twitter feed:
Hmm… I might talk to @AlanBleiweiss and @Marie_Haynes. They’ve got loads of experience in this world.
— Rand Fishkin (@randfish) March 30, 2018
Now Marie and Alan are both fine SEOs, but I’ve got to admit when I saw this I had a moment of professional #jel. I mean had Rand not seen The Ultimate List of Pharmaceutical SPAM Keywords? Had Rand not listened in on last week’s phone call with a prospect who wanted to know why his site didn’t show up in Google, where I mentioned that perhaps showing Google content about online casinos was not necessarily hitting the buyer’s journey for a medical waste management site? I mean had he not seen Wix’s Real SEO Heroes #NSFW?
Now that I have the internal linking out of the way, let’s get back to our original programming.
So @Amy91485 was thinking that because their implementation of an A/B test happened right before they got notified of the hack by Google, that it must have been related. But that sounded fishy to me. As the master himself likes to say:
So I jumped into the conversation and had Amy DM me the notification, which specified the hack was on a subdomain of their site which Amy said was no longer in use.
Now as I demonstrated in the Pharmaceutical SPAM post, a quick way to detect a site has been hacked is to search Google for site:subdomain.site.com + typical SPAM keywords. But doing this with Amy’s site not only yielded zero SPAM results, it yielded zero results for the hacked subdomain. This may have been because Amy and team had already shut down the subdomain (which basically solved the hack issue) and/or Google may have deindexed the hacked content once it was detected. So if you looked at Google there was no way to identify the hack and apparently they couldn’t (or didn’t want to) figure it out by searching through their code.
But all they had to do was the same site:subdomain.site.com + typical SPAM keywords search on Bing which hadn’t notified them of the hack and may not be as speedy about purging these results. In about five seconds, I found the evidence of the hack and DM’d it to Amy.
So in the future if you get a hacked site manual action notice from Google and you can’t find the evidence of the hack, check Bing.
Or maybe protect your site with something like CodeGuard and you won’t have to worry about it.