I’m leaning towards incompetence myself… that is, my incompetence… but there are a number of interesting features in this little exercise that make me wonder…
Tending to my websites
So I’m minding my own business, that is, tending to the middlin’ size crop of websites I own and operate. I went to visit one of my sites (pre-launch, don’t ask), and got a big, fat Database Error on page load. Well that just sucked because I had a load of other cool things to do this afternoon, like writing original content for my legion of devoted fans (bofem).
Finding an inexplicable error
There isn’t a whole one can do with such an error. The Apache log was not helpful at all, so I downloaded the wp-config.php file, noticed a very odd password—not one of mine or WordPress-generated—so I cycled the database user name (deleted and recreated) and changed the password to something I know is mine.
I also checked the weekly backup schedule and noticed the site hadn’t backed itself up since February 5, 2009, which is 12 days ago (note to self: pay better attention to backups).
Reloading gave me the following:
Fatal error: Call to undefined function wp() in [http://path/to/file/deleted/]wp-blog-header.php on line 14
Perusing the error log
Ok, that’s something searchable, and google returned the usual “Didja try doing this and that?” and “Whaddabout doing this other thing?” That is, nobody had any idea what the problem was.
A couple of results returned by Google stated that this error occurred when there were white space or unprintable characters preceding the <?php at the head of the wp-config.php file. This wasn’t the case in my file, the “< ” was snuggled up tight to the head of the file as it should be (but I didn’t check with od.)
These remarks on unprintable characters tickled my memory, and the double line spacing in the wp-config.php file gave me the bright idea of running it through dos2unix, that handy script that essentially invokes trace to change \r\n to \n. That did the trick, and the site is back in business.
Figuring out what happened
I don’t really know why that happened. It’s never happened before and I admin a couple of dozen WordPress installations.
Here’s a line from the Apache error log:
[Wed Feb 18 16:57:23 2009] [error] [client 98.119.198.74] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so: undefined symbol: compiler_globals in Unknown on line 0, referer: http://www.capjuluca.com/reservations.php
What the heck is this “capjuluca” business?
After some poking around, it turns out this is some high-end resort in British Virgin Islands. And they have links spread all through my error log. Very weird.
It’s just the kind of thing I read about in these “black hat SEO” articles, where unscrupulous search engine experts leverage tiny security flaws or slight mistakes in access permissions to automatically load up websites with junk having nothing what-so-ever to do with the subject matter of the website.
What’s an entrepreneur to do?
Since this cannot help my search ranking, and would probably harm it, I have to do something to fix it.
Finding the outgoing links in my error log really angered me, so I shot an email through the Cap Juluca website contact form, then pinged their info address on the confirmation email they sent me.
Most likely, if this really is an SEO game, I don’t believe the resort owners actually directed their IT or marketing agency to explicitly hack around in websites to game their search rankings. That would be dumb, stupid even. Given it’s a hack, my hunch is it’s from 1 or 2 steps removed from the resort, something like this: (1) Resort hires marketing agency, (2) Marketing agency hires website host/design service, (3) Website service hires “SEO experts” to drive traffic, (4) I find junk in my error log.
By the way, Cap Juluca looks like a nice place to decompress. Wonder if they have decent surf?
{ 1 comment… read it below or add one }
Kind of like movie2b which has hidden backlinks on dozens of DNN dotnetnuke sites all across the planet. The work of hackers, most definitely, but possibly just as removed from the destination site as your example. As Matt Cutts predicted last year, it’s a whole new aggressive ballgame for black hat SEOs – any legitimate site (especially those with high PR) is fair game for SEO hackers to sneak in/sneak out, leaving behind only a hidden link bleeding out linkjuice to their client’s site. And the client is happy while probably having no clue what’s really lending toward their success. My fear is that there’s no really simple way to “manage” hundreds of web properties and ensure none of them have been “affected” – you just don’t know until something blatantly happens like with your site.