I wrote a post on my other blog last summer about Trulia cloaking in order to improve their search results. This morning, I was pinged by Brad Carroll’s blog on the post because Trulia’s SERP position seemed to have disappeared. Brad referenced the post, among others, to show that Trulia’s SEO team has never played it clean, and that it wouldn’t be surprising to see them incur a penalty from big G.
I was pretty intrigued (as I am with all things SEO,) so I read a few more posts, twittered some friends, and then had a thought. Wordpress has some notorious security holes, and there are hackers that like to break into sites and insert nefarious links (mainly to pills/porn/casino sites.) The links they insert are definitely bad neighborhoods, and I have many friends whose sites have been temporarily penalized b/c they were hacked.
But Trulia’s not on Wordpress, right? And their security MUST be tighter than that, right? Wrong…
I ran a site: check to see if any PPC links had been inserted on the domain. Yep.
Viagra = 59 pages w/ links
Levitra = 6 pages with links
I could have gone on and on checking for pill keywords, but that was enough. The hackers inserted the links into the footer, and hid them so as not to alert anyone. Here’s a link to a copy of one of the pages Google currently has indexed. Look at the code, scroll to the bottom, and you can see a TON of inserted, hidden links.
Apparently, the hindsight.trulia.com subdomain is built on a Wordpress install, and some hackers found it. Fortunately for Trulia, it appears they’ve already identified the problem and removed the links. It will take a reinclusion request (which I’m sure they’ve submitted,) and they should be reindexed within the week.
If you want to see Trulia’s hacked pages until/unless it’s corrected, run this search and click on the “cached” link to the bottom right of the page description.
******Update*******
Brad Carroll pointed out that hacked WP installs on subdomains are typically only penalized on that specific subdomain. Another friend of mine is on the SEO team at a large scale ecommerce site whose WP install was hacked on a subdomain, and confirmed that it was isolated to the blog’s subdomain.
There could well be more to the disappearing Trulia rankings!!!
Fascinating stuff. Thanks for the link. Wow. It seems to have taken down a whole company. I did not know about the cloaking!
That’s fascinating… Great research Eric!
Nice piece of investigative work Eric! Wonder if you found it before they did?
I hope there is a special place in hell for these blue pill hackers and spammers.
I remembered the cloaking thing and thought of your post immediately when I saw Kevin post about it.
How interesting.
I had an agent contact us when their Wordpress site was hacked. What is so interesting about this is like Trulia, they had their Wordpress Blog on a subdomain. In their case, only the subdomain was penalized in Google. Their main www domain still does great in the SERPs. Wonder why Google penalized one way for that domain (only slapping the subdomain) and the entire domain for Trulia. Especially considering it was the same hack.
The only direct experience I have with hacked WP installs is on subdirectories. Maybe this is a coincidence and they were hacked & penalized/devalued for something else at the same time?
These hackers are just getting out of control! Gonna have to pay close attention to my site since the entire social network is built on WordPress!
Hey Tony –
Make sure and set up Google alerts to notify you. Set up “site:wannanetwork.com +viagra” and a couple more w/ levitra, cialis, etc… (now I’ll get notified for this comment :))
Thanks, Eric! I will definitely be doing that today!
Eric, That’s the first thought that came to my mind. I wonder if this is the full story or if they got their hand slapped for something else. I never like to down someone’s theory unless I having a better one to offer. What you are saying makes logical sense. But I can’t get past the point that I typically see the penalty only applied to the subdomain. Then again, it’s entirely possible that due to Trulia’s size, Google may be treating them differently. We have seen some manual intervention from Google on larger sites in the past.
It’s tough to say. If they pop back to their original position in ~a week, then it will lend credibility to this theory. I’m IMing a friend right now who works for a large scale site whose WP install on a subdomain was hacked a few months ago to see how they were affected.
However, there’s no doubt that they were hacked.
Alright, just talked to my buddy. In their case, only the subdomain was penalized. There could very well be more to this story.
Yeah. No doubt about that. I wonder if they got the infamous email from Google Webmaster Console. The agent I am helping out said that Google said it would be 30 days minimum even after reinclusion request.
Wow…30 days. The last time I had any experience w/ this was about 6 months ago, and Google fixed the problem within a week. 30 days is a lot of leads.
Perhaps when Google took a look at the site for V links, they saw some of their other less white tactics and hit them with a penalty. @Tony the alerts are a good idea. Not a bad time to back up everything as well. Someone tried to hit my site a few days ago so they may be looking at our market now…
My experience…(was hacked) was that a week was all it took to get back.
I would agree that there is more to the story…interesting that it appears that their city real estate pages are the ones missing in action. If you Google Miami real estate, they are there, but for the index page, not the Miami page itself.
Looks like their city pages might have been hit.
Example: Los Angeles
Trulia links to this page from their index: http://www.trulia.com/CA/Los_Angeles/ I believe that’s the taxonomy they use for all the city pages they promote. If you run a search for trulia los angeles that page is nowhere to be found.
Thoughts?
I heard about Trulia today and you were the first person I thought of Eric. I was not surprised to see a blog entry today on the subject. I wonder if anything has been heard from Trulia on this.
I bet Zillow is loving all the new traffic they are getting since Trulia has been slapped.
Hi Eric!
Hey, thanks for sharing your observations. Just want to bring everyone up to speed. The Trulia Hindsight wordpress blog, which was attached to hindsight.trulia.com – was indeed hacked. We shut the blog down. It didn’t affect Trulia.com.
In a completely separate issue, as some have noticed, some of our SRP pages are not indexed as they were. We submitted an inquiry in Google Webmaster tools and nothing suggests a penalty. We’ll continue to monitor and look forward to hearing from Google. I’ll keep you posted.
Have a good night.
Rudy
Social Media Guru at Trulia
Trulia has been packing in the keywords as of late. They still use the keyword “homes” for sfr’s, but they have been double tagging “condos” as “houses” in an effort to take over the “houses” keyword. It was obnoxious and is misleading to say the least; a condo is not a house. It would not surprise me if Googles human editors busted them for this or anything else.
Scary stuff, I guess it can happen to anyone, especially if your not watching.
Im going to look into google alerts, thanks Erick
Eric – thanks for the tip on adding those drug names, etc. to google alerts.
It will be interesting to see how this plays out.
Oh great..My blog is on WordPress also. Can’t be too careful out there. Hackers are web terrorists and of course we have to implement the proper moderation to detect this.
Hopefully Rudy and Trulia get things straight with google. That’s messed up stuff.
I mentioned this in Eric Blackwell’s Bloodhound blog entry yesterday that my blog was hacked several weeks ago. Apparently, there is a vulnerability in the ability for a new user to register and the newest version of WordPress (2.7). I was able to learn about the problem and find help through this WordPress forum thread.
On a slightly related note, Eric Blackwell mentioned you might have a OBL checker plugin. Have you put something together on this Eric?
Hey Joe –
Sorry to hear you were hacked, but glad to hear you caught it before any damage was done. I was working on a WP notification plugin that would email you every time something was added or changed to your blog, but shelved it. Set up the google site: alerts – you’ll be notified as soon as google sees the links, and you have time to remove them before a penalty is applied.
Yup, because of this post I’ve all sorts of new alerts set up. Thanks for that Eric.
It’s amazing how much damage a bunch of little blue pills can do to a website. Thank god for Google site alerts!
Perhaps Google is just catching up with Trulia for all the tricks and gray area type things that Trulia has been doing over the past few years. They still rank fairly well for my key words. Happily I still out rank them from every one I looked up.
[...] about Trulia’s recent drop in the SERPs. When digging around, I ended up finding a hacked WP install on Trulia’s hindsight subdomain with maliciously inserted links, and immediately attributed the drop to this: [...]
[...] stopped by both my blog and Eric’s blog to confirm that the two issues were unrelated and that Trulia was looking into the issue – Kudos to [...]
[...] Update: Eric Baramlett looked into this a little more. It turns out that Truia had a Wordpress on a subdomain that was hacked. You can read the full story here [...]