Dan Nedelko

I’m not going to be smug about my previous (and much more in depth) post about Carol Bartz being nothing short of the fifth horseman of the apocalypse as far as Yahoo is concerned.

Ok, I’ll be a little smug. According to TechCrunch it looks like her tenure is going to be coming to an end, and with that she should never, ever run a tech company again.

If you want more in depth analysis then read my previous post or the amazingly titled “Yahoo’s 360 degree turnaround” on TechCrunch.

Stop. Carol. Now.

Please. (I say that on behalf of all current Yahoo shareholders).

Yahoo is being Bing-ified – What is your strategy?

Sometime next year, Microsoft will fulfill a planned integration to power Yahoo’s search results with Microsoft’s Bing Engine. The move will effectively consolidate 28% of the US search market, giving both companies a platform upon which to seriously battle Google.honeypotmarketing.com, To Bing or Not To Bing?, Aug 2009

You should read the whole article over at Honeypot Marketing.

Image via CrunchBase

Well I’ve never been a fan of Yahoo CEO Carol Bartz and she continues to stupify me with her ridiculous statements which she holds to so dearly.

As covered over at Search Engine Land Bartz was interviewed in the New York Times. She is stunningly moronic in some of her claims:

“Yahoo, according to Ms. Bartz, simply feeds search results for people who have grown curious while reading one of its news stories or watching a video. It doesn’t generally pop into peoples’ minds as the first place to go look for answers during the course of their day-to-day activities.”

How is that possibly the case? On so many levels I would argue the validity of this claim:

1. Yahoo was initially a search directory then a search engine then added portals.
2. If Yahoo doesn’t pop into mind as answering questions for users, then uh, what about Yahoo Answers? What’s the point of that then?
3. Bartz is singlehandedly dismantling Yahoo as a company with unique software technology and turning it into a portal and content company. Granted for many years they have had a content focus but Yahoo Search Marketing and Yahoo Search were always major components of their company.

“The biggest thing for Yahoo is increasing the number of pages people consume and slapping as many display ads as possible across those pages. “My fortunes are tied to my pages,” Ms. Bartz said.”

This is nonsenscial. I have an ad network. We are interested in content pages to serve advertising. Yahoo is a software technology company…er…it WAS a software technology company. How sad for Yahoo to have a such a short sighted myopic CEO.

“According to Ms. Bartz, the majority of Yahoo’s sites will go the way of Sports. In particular, Yahoo will throw investments behind its entertainment, finance and news operations. Ms. Bartz noted that there are plenty of unemployed journalists out there to pick up.”

Well Carol. Hey Carol. Umm Carol….those journalists are unemployed because the notion of traditional journalism and simply serving up that content and selling ads is not the same as it used to be. They are unemployed because many companies in this space are unprofitable.

Excuse me while I go bang my head against a brick wall.

“In addition, Ms. Bartz will remember that Terry Semel, a longtime Warner Brothers executive, was brought in before to turn Yahoo into more of a media company. Mr. Semel’s tenure was perhaps characterized more for losing to Google than anything else.”

Clearly Carol doesn’t believe the notion that if we are not aware of our history we are doomed to repeat the mistakes of the past. I think we can revise this though at this point, Yahoo isn’t in the “losing” position any longer. It has lost. Full Stop.

“Ms. Bartz has decided to correct past mistakes by getting all of the employees on the same page and presenting a more consistent look across Yahoo’s sites. In addition, she’s trying to boost morale and get the energy of the company up again –- a task hurt by the hit Yahoo’s shares took after the Microsoft deal was announced.

“I felt bad for the employees because they think it’s a report card,” Ms. Bartz said.”

Honestly, this woman is a CEO? Of any company? Your share price is a report card of sorts, it’s the market responding to the strategic decisions being made. Clearly this is perceived as being a bad decision. Which it is. It’s a horrible decision.

In fact it’s a series of horrible decisions, capped off by myopic thinking and topped off with a healthy dose of delusion.

Way to go Carol!

Update – Just ran into a fantastic quote from the New York Times Bits Blog:

I’ve got to wonder how much running a sales force that peddles expensive software to engineers and designers has to do with running a free Web site that attracts users through branding and products and makes money through advertising.

March 4, 2009 Update: My plan has worked out very well and everything is back to normal without too much of an interruption. My request for Google site review took a total of 12 hours and it was completely handled through Google Webmaster Tools. Google spidered the entire site for about 6 hours checking every existing page on the site from Mountain View California. Around 6pm EST I was given a new notice in my Webmaster Control panel that the notice would be removed with the next update which took place about 90 minutes later.

I’d like to thanks a few people who gave me some good advice. If this does happen to you make sure that you:

1. Remove any old plugins may have or update them.
2. Ensure the source of the plugin is using best practices for PHP coding. If the plugin is not listed In the Official WordPress Plugins Directory then be careful.
3. Add the following plugins: WP Security Scan and WordPress Firewall (Thanks to Ruud Hein for the suggestion!).
4. Backup your content, themes, and plugins on a regular basis so a roll back is easy in the event that you are attacked again.
5. Be careful of who you send your site to on Twitter! See the end of the post for the official Twitter email I received and this was the source of the attack.
6. This one is obivious but make sure you WordPress version is current as many security fixes are implement in point releases (ie 2.7.1).
7. Secure you Web Server or have your System Administrator or Web Host ensure that everything is in order.

/Update.

I woke up this morning ready to get to work and as per usual I check my sites indexes in Google, Yahoo and MSN. Even though it’s a beautiful sunny day outside I was shocked to see the following:

Bad News for Tuesday Morning to be sure. So the question is what do I do and how do I get this bad message off my Search Listing?

I’m not too concerned to be honest except for the fact that my site is vulnerable to this injection attack. I would love to smack the hacker that instituted this attack.

So first things first:

What is this message all about? Well when I viewed the source of my site I saw what is called an obsfucated injection attack on the footer of every single one of my pages. This is a bit of a pain since I am using WordPress MU with a number of plugins.

That means that  the hackers could have injected their little code block into my theme, my plugins into the core WordPress MU files. Not a pretty thought to have to go through all of those areas to remove these individual code blocks. Bottom line: my site got hacked. What steps do I take to repair the damage that’s been done?

My plan to remove the PHP injection attack:

1. Identify which files on the web server are compromised.
2. Identify if the compromised files are plugins, comments, themes, or WordPress Core files.
3. If the compromised file is a plugin then determine if the plugin should be removed completely (is it the source of weakness?) or simply a victim and should be reuploaded and reactivated.
4. Upload a clean version of WordPress MU core files. This prevents me from having to wade through all of the compromised files.
5. Go through comments and identify any potentially malicious links to malware sites. I am very lucky since I have recently moved the domain to a new server since my previous horrible host disabled access to the phpMySQL instance through the cPanel (yes EMC Web Hosting Sucks NEVER use them). This will not be a huge issue.
6. Go through my theme which is a customized version of Revolution Theme by Brian Gardner. I frequently backup this theme since it is a a simple matter  of uploading the theme to the web server.
7. Visit Google Webmaster Tools and submit a request for Google to audit my site to remove the malicious tagging on my site.
8. Audit the entire site to ensure the malicious code in completely removed.
9. Back up the theme again, ensuring I have the ability to restore clean code in the event that I am on someone’s hacking list.
10. Harden WordPress MU to ensure that this does not happen again.

That’s my plan. I am about half way through it but there are some serious issues at play here since it is not only Google which is tagging my site as malicious (bad for business!). Check out the number of blocks which exist:

Google Malicious Message:

I’m not Malicious but Google thinks I am so next step is to click on the SERP that’s when Firefox jumps in:

After clicking the SERP Firefox jumps in and says I am an attack site. How fascinating but just wait. It’s not over yet when I get to the site:

Firefox toolbar warning

So clearly the powers that be and the tools on my computer are working hard to identify malicious sites. It is very clear that this site could be malicious and even though it was through no intent on my part the bottom line is that my site was hacked and turned into an attack site. This is a good line of warnings to any user and in the time frame that I am repairing the site and hardening my WordPress to ensure this does not happen again I don’t really mind having these messages there.

They are good for users.

Update – Twitter just sent me the source of this injection attack:

Uh oh! We found a bad apple in your Twitter feed.

We detected a link in your account pointing to a phishing site or other harmful material that we identified as malware. Here’s the troublesome post:

“@BlogDuJour hey there try out my blog [ your unsafe link was here ] – I am in the process of redesigning now but should be back to normal soon!”
March 02, 2009 22:07

We removed this update from Twitter. Please be mindful of others in the Twitter community, and post only safe links on Twitter.com.

Thanks! Twitter Support

Related articles

• How to Upgrade to WordPress 2.7 Safely and Ensure Compatibility (list-your-blog.com)
• Notes from the Search Masters Conference at Google (labnol.org)
• Search Engine Tips For Your WordPress Blog – WordPress SEO (kisaso.com)
• How To Make My Site Findable And Visible Inside Google SERPs? Here Is The Google SEO Formula And Visibility Toolkit (masternewmedia.org)