For the past couple of weeks, I had noticed that most of the Google ads appearing on the home page of my site were for credit card offers, credit repair services, credit-no-matter-how-much-your-credit-sucks offers, and so on … and I was puzzled about why ads of that type kept appearing. Since the ads are supposed to be contextual, it didn’t seem like any of my posts supported them — especially when I would look at other pages and the ads did seem to reflect my post content very accurately.
I was doing some general cleanup on the site on Friday evening, and ran the site through an RSS feed validator to see how it fared. That’s when I saw errors referencing hundreds of links that I didn’t recognize. It didn’t take me long to track the links to my WordPress header.php file, where I found this:
Click the picture to see it full-sized. It’s obvious to me now that Google was generating ads for my site based on this content. There were, in all, about 600 such links at the very end of header.php. I didn’t put them there, and I don’t know anything about the two sites you can see repeated throughout these links (nor did I try to find out). I removed the 600 lines of code from the header.php file, but on Saturday discovered that several hundred others had been added, referencing two different sites but similar content. In both cases, the blocks of code were surround by <font> tags that caused the text to be hidden.
If you want to see if this has happened to you, bring up your site and select View/Page Source if you’re using Firefox, or View/Source if you’re using Internet Explorer. In my case, the spam links always appeared at the end of the source listing, but you might want to page through the entire listing since I suppose they could appear anywhere.
After the second occurrence, I changed my WordPress admin password as well as my hosting login password. So far it hasn’t occurred again, but I can see that this is yet something I’ll have to keep an eye on. If I figure out how it actually happens, I’ll certainly share it here.
For now, I’ve also removed most of the ads from my site, except those for Amazon.com. I may not put them back….