How To Increase Website Traffic – Get Hacked

Written On Day: 236

For the last couple of days there has been a spike in traffic.  Retribution has come at last.  Finally the recognition I deserve.  After almost 9 months of work and waiting, after over 400 hours at the keyboard, the website is taking off.

Increase In Website Traffic

That was my initial reaction after seeing the sudden increase in traffic.  But after some digging around in the website stats I discovered that it was not my hard work paying off – it was somebody else’s.

Clue 1 – Referral Websites That Do Not Link Back To This Website

The first thing I checked after seeing the spike in traffic was who it was coming from.  Who is sending me all the traffic.  Is it Google, is it a guest post I did, was this website featured on some blog, was this website submitted on a social network like reddit.com? 

I quickly discovered that it was none of these.  Using awstats I noticed that the top three websites sending this website traffic are website’s that I have never heard of before.  I checked them out and discovered three things:

  1. They had nothing to do with my niche (make money online)
  2. They were not in English (mostly Russian)
  3. They did not have a backlink to this website

Number 1 and 2 are strange.  But 3 just does not make sense.  How are these website sending me traffic without having a link to this website?  Something is not right.

Strange Websites Sending Traffic

On seeing this the initial smile on my face slowly flattened out. 

Clue 2 – Traffic was not increasing in Google Analytic

Every morning I check the website traffic via two sources: awstats and Google Analytics.  Awstats is a server side analytic tracker.  Every time a request is made of the server then awstats make a note of it.  It could be a human viewing a webpage, or a search engine spider indexing the site, or a hacker trying to gain access.  Server side means that every request the server is asked to do gets recorded.  It is the most detailed and accurate measure of your website’s activity.

Google Analytic on the other hand is a client side analytic tracker.  It is a small java script sitting on every webpage that gets activated only when a browser views the webpage.  Client side analytics is a good measure of how many people are viewing the webpage – every time a browser reads the webpage the Google Analytic script is activated and the page view is recorded.

There is a major drawback to client side analytic tracker: the visitor must permit the running of java script in their browser.  If the visitors browser has java script disabled then the Google Analytic script cannot run and the visitor is not recorded.  For this reason the server side analytic traffic stats will always be higher then the Google Analytic stats.  That is why every morning I check both.  Usually they report the same number of visitor but sometimes Google Analytic is a little lower.

But with the recent traffic spike the numbers being reported where completely different.  Awstats was reporting 218 visitors while Google Analytic was reporting only 54.  Why the large discrepancy? 

The edges of my mouth became heavy and I could no longer hold them up.

Clue 3 – Pages That I Did Not Create Had The Most Amount Of Page Views

Again looking at the awstats I noticed that there where some strange looking pages that where quickly rising in the number of page views.  The odd thing is that they where pages that I did not create.  Pages like:

  • howthiswebsitemakesmoney.com/SpryAssets/_vti_logs/CitiBank/CitiBank/citibankupdate/images/newimages/secure/bankofamerica/signon.php
  • howthiswebsitemakesmoney.com/library/_notes/www.bankofamericaonline.com/www.bankofamerica.com/Onlinesecuritydepartment/bofa-update/session.cgi/cgi-bin2/Signin.Do/
Webpages I did not create

CitiBank?  Bank of America?  What the hell is going on?  What are banking pages doing on my webpages?  I clicked on the links and here is what came up:

Banking Information Page

Request for banking information.  This is not good.

On seeing this my face was completely deformed.  Eyebrows pointing downwards and wrinkles on my forehead.

This Website Was Making Money By Collecting Banking Information

My website had been hacked.  A not so nice person uploaded and ran a script on my webspace.  This website was sending out requests to people asking them to update their banking information.  Those that dutifully complied sent their banking information to the not so nice person.

Based on the stats the request to update banking information was viewed around 500 times.  Unfortunately there is no way for me to tell how many people actually filled out the form.  Or how much money was stolen from those that did.  But to those that did fill it out, and had money stolen, I apologize for the small part this website played.

The funny thing  is that thanks to my low traffic numbers I was able to catch the problem quickly.  Only because my traffic doubled from the usual 70 visitors a day to over 150 visitors a day I able to notice the hack.  If this website was more successful and had 1000’s of visitors a day then it would of taken a lot longer (if ever) for me to notice.  An extra 50 visitors a day would a been a small unnoticed blimp on the radar.

How This Website Makes Money?  By stealing peoples banking information.  This website makes money – but unfortunately in this case I was not be the one receiving it.

How the Hack Was Removed

Although I liked the high traffic numbers I felt the right thing to do was to remove the hack.  I contacted my web host and told them about the problem.  They quickly disabled the infected folders on my website and deleted the hacked files.  Now if somebody tries to access the banking page’s  URL’s they get a 404 error instead of a banking information update page. 

Then I did an IP block for the suspicious websites that where sending traffic to my site.  So now if they try to send traffic to this website they get an access denied message. 

Now my website is back to its old self again.  Traffic is down to where it should be and the website is back to making a couple of dollars a day that go into my pocket. 

I admit, there were casualties – some people lost a lot of money.  But I am glad it happened.  I got the taste for success.  I got to feel, even if for just a brief few days, the excitement of this website finally taking off.  And I learned something – how to make my website is a little more secure.  I benefit from somebody else’s loss – that does not happen to often.

  1. August 25th, 2009 at 20:39 | #1

    Unfortunately this is nothing unusual and this is how most spammers make their money. Simply by referring to a website they have hijacked to get people to leave their confidential information.

    A bit curious though, how did they manage to get into your website?

  2. August 25th, 2009 at 21:19 | #2

    What a terrible story Roman, but thanks for sharing it with us. At least we know what to look for! I’m going to tweet this to see if we can get you some real visitors!

  3. August 25th, 2009 at 21:27 | #3

    Sorry to hear that Roman, a real PITB I bet.

    Oh Mike…..here’s the first visitor you brought with you 😉

  4. August 25th, 2009 at 21:33 | #4

    Good lesson for bloggers to learn. Thanks for sharing this unfortunate mishap with everyone. Thanks Mike for Tweeting about this. I definitely plan to forward this onto others.

    Wishing you a scent-sational day!
    Patty Reiser

  5. August 25th, 2009 at 21:54 | #5

    I agree with the comment above – thanks for letting us know what to look out for – it’s scary how this can happen. Must have been a horrible feeling once you realised the real reason, but I understand the excitement you must have felt before that 🙂

  6. August 26th, 2009 at 00:38 | #6

    Very scary. Thank you for sharing this story. Now I am going to look at awstats much more often. Until now I was only concerned about spammers directly at the blog (I had a some influx from russian-based spammers in the comment section but Askimet took care of these spams). I did not think that there could be problems at the server side as well. Definitely an important hint to be very careful.

  7. roman
    August 26th, 2009 at 08:28 | #7

    @Stefan
    Not sure excatly how they got access to my website. I asked my web host and they said that some of my folders had ‘incorrect permissions’. I am not sure whether it is something I did months ago or whether they where always incorrect.

    They where nice enough and checked all the folders persmissions and made neccesary changes to the permissions.

    They also warned me that I should always have my wordpress blog updated with the latest version because wordpress is always fixing security leaks. I was running 2.7.1, but now have updated to the latest 2.8.4

  8. August 29th, 2009 at 07:57 | #8

    Hacker using your website to spam people. Thanks for sharing this experience. I rarely check my stats.

    David

  9. August 31st, 2009 at 12:01 | #9

    I certainly feel like I should take more notice of my stats! Did nobody get in touch and report this to your ISP? Or were you the first person to notice? Nightmare situation to be in, but thankfully it is resolved now.

  10. roman
    August 31st, 2009 at 12:12 | #10

    @Neeshy
    Hello Neeshy,

    Nobody reported this. And thankfully nobody did – because it usually gets reported to Microsoft and then Microsoft would mark this website as unsafe. If that were to happen then all Internet Explorer users would not be able to access the site without first receiving a warning that this website is unsafe. That would be a nightmare.

    Fortunately, due to the nature of this site, I monitor the stats very closely and so was the first to notice and was able to resolve before anybody somebody else noticed.

  11. October 21st, 2009 at 07:24 | #11

    wow..thats crazy..I never knew that could happen.

  1. No trackbacks yet.
You must be logged in to post a comment.