beavis - 12:07 am on Feb 17, 2012 (gmt 0)
This situation is definitely the weirdest and most worrisome event of my 13 year history as a webmaster. Consequently, I need a lot of help from you guys! Here's what has happened:
Over the last few days, I have seen an enormous increase in traffic to mywebsite.com, as per Google Analytics: normally 1-2k/day for years - now 20k/day. The source of the traffic is “adf.ly” and other sites (q.gs and j.gs) that redirect to adf.ly. A brief investigation shows that adf.ly offers a “free URL shortener” and pays publishers who use it. Adf.ly has an Alexa ranking of 127, so it must be fairly legit. I have not interacted with adf.ly in any way.
At first glance, I concluded that some site with lots of traffic was shortening a link to my site in order to make a few bucks, and I was getting some free traffic. All seemed well, and my AdSense earnings were up nicely. However, today the traffic grew to the point that I became more suspicious that something strange was going on, so I looked through GA and found that in addition to adf.ly, some new referrals were coming from www.othersite.com. Looking back, both the adf.ly traffic and the www.othersite.com traffic first appeared right around Christmas.
When I opened othersite.com, I was astonished to see my website! Everything was the same, except the thief replaced all in-page references to my domain name with his domain name. Even more shocking, it is not just my .htm or .php pages that are reproduced under his domain. My Vbulletin forum is up and running on his domain, my form processing script is functional, and even a small section of my site that is ran by a database driven CMS is up and running under his domain! Even more astonishing, I made a small change in one article on my CMS and the change instantly appeared on his site!
1.Please help me understand how the heck this guy has hacked me. I understand how he could download my static pages, edit them and put them on his site, but how is it that he can run my database driven forum, CMS and form processor under his domain? I'm hosted at a very well known USA shared host. Did they hack the host? Did they hack my FTP account? How do I protect myself going forward?
2.What steps should I take to try to get this copy of my site taken down? The registrant of othersite.com is Russian. The IP address of othersite.com is in Germany, but the hosting company is based in Russia. The hosting companies home page says, “We rent dedicated servers in Germany.”
3.I've already discovered that much of my additional Adsense earnings came from the fact that the hacker kept my Adsense code on othersite.com, so I unfortunately will have to tell G that all the extra earnings I've been celebrating are not legit.
4.I'm still puzzled by how adf.ly traffic fits in this puzzle. My best guess is that the hacker actually used adf.ly to purchase high volumes of traffic to othersite.com and it is showing under my Google Analytics account because he kept my GA code on othersite.com. I'm going to report this whole situation to adf.ly, but if there is something I am missing about the role of adf.ly, please let me know.
Any comments or suggestions would be greatly appreciated!