PageRank protector - spam/hack plugin idea.

[JohnM]

With spammers getting better and better at exploiting sites for spam, sooner or later any site running with normal security may be exploited. If you're on shared hosting you may do everything to protect yourself just to experience that somebody else on the shared server had a hole they could exploit.

So what do we do to minimize the negative effect of being exploited ?

Off course monitoring and backups will make it easy to restore soon, but then google`s probably already been there and the damage is done and your hardworked PR gone or set back for a long period of time.

How about a security plugin that checks/scans for changes in the WP install/db, and not only notifies but also automatically locks Google out when something is compromised ?

http://www.aboutonlinetips.com/wordp...urity-plugins/

If the change was harmless, the webmaster could just accept the change and the plugin let robots in again.

Should be pretty easy to make since there are several plugins that notifies about changes, and all that must be added is a function to control settings for robots access.

Comments ? Do I oversimplify ?



John Myrstad

[Martin]

Great list of plugins.

A lot of basic security tips get overlooked as well. I wrote the guide below a while back:

http://www.hahahaimontheinternet.com...security-tips/

[Otto]

I had once thought about making a plugin that would hash all your files, store the hashes, then periodically check them and notify you about changes. I never got around to it, but somebody beat me to it:
http://wordpress.org/extend/plugins/...-file-monitor/

[JohnM]

I have presented the idea to Matt Walters author of the File Monitor Plugin which found it interesting.

Monitors file system for added/deleted/changed files
Sends email when a change is detected
Multiple email formats for alerts
Administration area alert to notify you of changes in case email is not received
Ability to monitor files for changes based on file hash or timestamp
Ability to exclude directories from scan (for instance if you use a cacheing system that stores its files within the monitored zone)
Site URL included in notification email in case plugin is in use on multiple sites

WP Firewall seems like a smart solution to intercept and prevent spam injection exploits. Wp Firewall also sends notices upon attacks so it should be possible to include a function to keep robots out in that plugin based on if the site is under attack or not, so I also emailed the seoegghead duo.

* Detect, intecept, and log suspicious-looking parameters — and prevent them compromising WordPress.
* Also protect most WordPress plugins from the same attacks.
* Optionally configure as the first plugin to load for maximum security.
* Respond with an innocuous-looking 404, or a home page redirect.
* Optionally send an email to you with a useful dump of information upon blocking a potential attack.
* Turn on or off directory traversal attack detection.
* Turn on or off SQL injection attack detection.
* Turn on or off WordPress-specific SQL injection attack detection.
* Turn on or off blocking executable file uploads.
* Turn on or off remote arbitrary code injection detection.
* Add whitelisted IPs.
* Add additional whitelisted pages and/or fields within such pages to allow above to get through when desirable.

http://www.seoegghead.com/software/w...s-firewall.seo

[Ryan]

... and the damage is done and your hardworked PR gone or set back for a long period of time.

You have misunderstood how PR works. Your PR is not affected by spam links on your page.

[JohnM]

@Ryan: Then let in the injection exploiters on your site and watch your PR.

Google quality guidelines:

In particular, avoid links to web spammers or "bad neighborhoods" on the web, as your own ranking may be affected adversely by those links.

[Ryan]

@Ryan: Then let in the injection exploiters on your site and watch your PR.

My PR would not alter at all. However my search rankings would plummet, so no thanks.

You are confusing PageRank with search engine rankings.


stymiee has some nice FAQ on SEO and it's relation to PageRank over at SitePoint ... http://www.sitepoint.com/forums/showthread.php?t=182915 and http://www.sitepoint.com/forums/showthread.php?t=356031

[JohnM]

Just for the sake of an academic debate, but your PR will drop. You will get lots of outbound links which distributes your PR link-juice out of your site. That IS the incentive for blackhat SEO gaming like this.

These spam link injections are normally hidden for the webmaster/guest, they are not intended to be clicked, only to steal link-juice, your PR, as it just happened with Css Tricks.

Maybe I should named the idea PR/SERP protection, but the point is that I`m asking for feedback on the idea.

Since the initial post I have come to conclusion that the best method would be to have some kind of monitoring of attacks and file changes, which when the "alarm" goes, cuts of access to robots, notifies the webmaster, and runs a more thorough scan, and eventually lets robots in again if nothing found.

[Ryan]

Why block bots at all? Wouldn't it make more sense to just email the administrator so they can go in and clear the problem?

I would have thought that blocking bots would lead to a reduction in rankings anyway since it looks like you don't want your site indexed at all.

[Ryan]

Perhaps a system kinda like Akismet, but for your entire site would make sense?

So instead of sending comments back to the processing server, it would send links to your pages instead?