Company is a small alternative health clinic that has an ecommerce operation. October was highest sales ever from normal level of traffic.

Early Nov our traffic from Google is down by half. At that time I thought we were being penalized for something we did, started redesigning an older site that had duplicate content which I removed.

A week ago our traffic from Google was down to 10% of the last 3 years' norm. Sales are down 55%. Only thing keeping us going (barely) is our 40% return customers.

First evidence of hijacking Dec 18:

URLs in our resident stats with hits but no pages, then checked with our subscription stats service and they show slightly changing unique URLS all coming from same IP address with our unique page titles. Page does not exist when you try to browse to it. Checked back - the URLs started up for two days in June then nothing until Nov 7 then URLs come in batches of 6 - 12 every few days for 10 - 20 minutes using one or more of our page titles. Probably copied whole page because images are loading from our server and tracking code was copied. IP address from aol server, some type of proxy account. This activity stops being tracked by our stats service Dec 3, so they probably realized their mistake of copying the tracking code, but there are a few more recent instances of hits with no pages from this ip after Dec 3 in our resident stats. Called AOL, they won;t help without law enforcement involved. Local law enforcement not interested as no $ being stolen. Financial damages to date in lost revenue approaching $50000 since Nov 7.

InURL shows nothing. Read sites on hijacking which suggested taking unique strings from our pages and googling on them in quotes. Did so on the page titles that were showing up in the fly-by-night pages in our stats. Hundreds of hijacked results of three types (explain three types below), appears to be throughout our landing pages, our product pages, only our forum seems to be ok, as it is still indexed. A week ago the site was fully indexed, now only a few pages out of several hundred and the forum are still there. Even querying google for our unique business names in quotes we are on page 5, where as a week ago were number one for that query. Actually now that we are no longer indexed we probably can;t be found on our name even. I'll have to check. Luckily we have a fair number of links in. We have enjoyed organic page one positioning in our quite competitive market for many broad search terms for the past 4 years, which is why I think we were hijacked.

On all 3 types of results querying our page titles and our product names there is one thing in common: the results have their own title but the 2 line description in the result shows our unique data. On many pages this is the ONLY evidence that what they are doing is hijacking us. IN most cases (a few are different) the target URL showing in the results is where you actually end up to see 3 types of results:

1)Most results are Adsense filled pages in our subject matter coming with numerous adsense accounts, each page a different domain but some Adsense account numbers are the same. Also see a few clickbank and ch=[a name]?

2)A few of the results are porn sites, some requiring login but at least one was the most graphic pornography I have ever seen from a free porn site. This came up from hijacking our page title about our massage therapy services in our clinic.

3) A few more are search engines I have never seen that link to us but it looks like they are driving traffic to themselves by stealing our meta info. The search engines are all different but are structured similarly. Do not seem to have ads, but do seem to be hijacking us but maybe they are just getting number one placement on our business name adn page titles because we've been de-indexed, blocked, whatever?

In some cases of #1 there is an unhighlighted link to us on the page well below the ads, in other cases there is no sign of our unique content anywhere in the page or code. In a few cases there is no sign of us in the page but there is one of our unique strings in the code or a hidden link to us.

The details vary in each instance. Also when I have run the same query on one of our page titles a few days later I get entirely different results.

Does anyone know how much evidence I need to submit a reinclusion request for our domains. I intend in the next week to put base href tags on all pages, eliminate all duplicate content ( but I think we were only receiving a minor penalty for that before all this), make all link urls absolute, and fix the half dozen redirects we have to be the correct kind instead of the suspicious refreshes. None of these quality issues appeared to be costing us significantly prior to the hijacking. In other words we were on page one or maybe two or three for most of our key words.

Also our host claims that the dnsreport I ran is incorrect, that they do not allow recursive lookups but do not have the feature disabled so it gets a wrong reading. But they told me they empty the cache every 24 hours. According to DNSreports if recursive lookups were not happening there would be nothing in the cache. Any comments? I sent them a question why don;t they disable recursive lookups if they don;t allow them?

Also found a report of a sql injection vulnerability in our host's new version of shopping cart, we use an older version, have sent them a question about that. Have wondered if the hijackers are working off variables in our source code or our actual database tables which would be a bit more efficient for grinding out pages.

I don't know whether it would be more effective to approach google with a huge volume of evidence which will take a week or two to compile or to just submit what I have and submit more as I uncover it. If it is a moving target with new domains and new adsense accounts being created daily I will never catch up.

Is becoming an adsense member an automated process or does it get a manual review?

Please, any and all comments, suggestions, advice will be very much appreciated.

<Sorry, no specifics.
See Forum Charter [webmasterworld.com]>

[edited by: tedster at 1:39 pm (utc) on Dec. 28, 2006]