This morning I recieved a VERY disturbing email from one of our readers:
On Tue, Apr 3, 2012 at 5:56 AM, Jorg Ruis
Tried to contact you Twitter and your contact form several times. Last week Thursday I discovered that someone got in to our backend and submitted quite some links (124 posts to be exact) to seonix.org. He also changed some of the canonicals of posts. I looked up which other domains were linking to him and I see quite some pages from you guys popping up like this one www.shoemoney.com/2008/11/04/making-money-with-local-affiliate-programs (chick the link at ‘affiliate marketing’). He also got to VentureBeat, Crunchbase, W3-edge.com and some others.
All the best,
First and foremost I want to thank Jorg for taking time out to email us. Some of these are years old.
I looked at the post he mentioned then started going through the revisions of the post. It was easy to pinpoint what administrative users account had been comprimised. It was a former employee who had not been on our staff for 2 years.
I searched then site wide and found 36 posts had the links to seonix.com with various keywords as anchor, title, and alt text.
Now I could go through manually and change every one… but some had multiple links per post (average of 2 per post).
But instead I used our awesome seo mass link wordpress plugin
Using this tool I easily found all the links:
I selected all the posts and hit remove all:
Then you can see the results, see previous and current, and even revert all or certain changes.