How P********.com linked 320,000+ Times to Scum

Imagine having a site with less than 800 pages of content and you’re linking to more than 320,000 other sites including some of the most undesirable content/sites online. It just doesn’t make sense using simple math (320,000 links / 800 pages = 400 links per page on your entire site), especially when if or when you finally understand/realize/admit that 8 pages on your site were hacked (compromised).

But, if your site has 4 concurrent sub-domains presenting your production site’s content and there’s a recursive loop (error) that replicates every page 27 times … then you get to the numbers quickly or (8 pages * 4 sub-domains * 27 loops) 864 instances. Your perception was the issue was only present on 8 hacked pages, but if each of the hacked 8 pages only contained 371 embedded links the math follows as such (864 page instances * 371 hacked links = 320,544).

This ratio of pages vs. hacked/manipulated outbound links scores as our lead entity occupying “The Hacked Wall of Shame”. Why? 800 pages / 320,544 outbound spam links means that pages that matter (internal pages) only accounted for .24957% of the “link juice” being utilized. Hackers reveal in these numbers, but site owners can identify and correct these issues in minutes … but, in this example, the exploit was present for 15 months. Wonder how their organic rankings and traffic were impacted? They were 130%+ below expected growth compared to the previous year’s trajectory.

And, no one’s talking about it because any owner of this business would levitate off the floor at the lost opportunity, diminished trust in Google’s eyes, and raw incompetence of the team. Worst of all is 5+ very senior technical resources all agree it looks like an inside job because the open door for the hackers was isolated on a part of the international site not frequented/viewed/monitored by the corporate entity, it was the English language-based, it wasn’t cascaded across mirrored sections of the site, and 3 different levels of moderation were suspended within only this single section (translation = someone knew how, where, and why to embed this exploit and it smells like a 95% internal job … but, it was created 18 months ago so good luck on finding the user/login/person that created the opportunity using log files because they’re completely gone by now).