Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Google

SPAM: Google Hacked? Spam Sites Infesting Search Results 207

Journal by Jeremiah Cornelius

The Google Watchdog blog is reporting that "Spam and virus sites infesting the Google SERPs in several categories" and speculates, ...Google's own index has been hacked. The circumvention of a guideline normally picked up by the Googlebot quickly is worrisome. The fact that none of the sites have real content and don't appear to even be hosted anywhere is even more scary. How did millions of sites get indexed if they don't exist?

This discussion has been archived. No new comments can be posted.

Spam Sites Infesting Google Search Results

Comments Filter:
  • by OptimusPaul (940627) on Monday October 01, 2007 @09:22AM (#20809189)
    in conjunction with the saucer people under the supervision of the reverse vampires are forcing our parents to go to bed early in a fiendish plot to eliminate the meal of dinner. We're through the looking glass, here, people...
  • by InvisblePinkUnicorn (1126837) on Monday October 01, 2007 @09:22AM (#20809197)
    Hacking of Google databases might explain why Google Translator used to translate the Russian name for "Ivan the Terrible" as "Abraham Lincoln" [blognewschannel.com].
    • by AmIAnAi (975049) *
      The Google translation service gives the option to suggest a better translation. It's more likely that this service operates automatically and it just takes enough people suggesting the same translation to force the change through.

      Might be interesting to try. But I would hope that they have monitoring in place to spot a sudden surge in alternative translations.
    • by rumith (983060)
      Besides, it used to translate 'Peter Norton' to Russian as 'Eugene Kaspersky'. :) This trick has been taken down already.
  • SEOs (Score:5, Informative)

    by Chilled_Fuser (463582) on Monday October 01, 2007 @09:23AM (#20809201)

      Using one page of information for Google's spider and then using a redirect for a non-spider user. It's an SEO tactic.

    • Re:SEOs (Score:5, Interesting)

      by glindsey (73730) on Monday October 01, 2007 @09:36AM (#20809329)
      Which raises the question: Why not have GoogleBot do a check also as a normal user-agent (IE/Firefox/etc.) and see if the page is significantly different than when it identifies itself? At the very least GoogleBot could check if there are common blacklist words ("viagra" et al) on the website when identifying itself as IE or Firefox.
      • Re:SEOs (Score:4, Interesting)

        by dschuetz (10924) <`gro.tensad.divad' `ta' `hsals'> on Monday October 01, 2007 @09:41AM (#20809381) Homepage
        I was pretty sure that Google already did some kind of checking for this sort of dodge. It could be that the sites in question have found some way to dodge the dodge -- maybe they figured out when a google revisit (with a different user agent) would occur, or maybe they recognize google IP addresses and always give the scammed page regardless of user agent, or some other similar trick.

        That's what makes this scary -- as I said, I thought google was already on the lookout for such scams, and if they're being beat on such a large scale it might mean a major shift in google's strategy is in order...
        • Re:SEOs (Score:5, Informative)

          by Billosaur (927319) * <wgrother&optonline,net> on Monday October 01, 2007 @09:54AM (#20809541) Journal

          It's more than likely related to IP address than user agent. I used to work in web site metrics, and the number of fouled up user agents and spoofs was always staggering, but IP was a pretty good indicator of who was doing something. No doubt the bad guys have tracked the Google bot's IP over a long period of time and perhaps made some correlations to give them a pretty good idea if the site is being revisited by Google under an assumed user agent. I'm not sure, but it would seem to me that Google would have thought of spoofing it's IPs long ago, to avoid people being able to track them, though I can't say how you'd go about that.

          • by Shimmer (3036)
            Google would have thought of spoofing it's IPs long ago, to avoid people being able to track them, though I can't say how you'd go about that.

            Easy: Hire a relatively unknown 3rd party to perform the comparison for you.
            • by nahdude812 (88157) *
              Or set up relay points with different ISP's - buy a rack or a few U's all around the world running nothing but off the shelf proxy software that only proxies for Google's IP addresses.
          • by glindsey (73730)
            Yeah, spoofing an IP is easy if you're not looking for a response... but if you're spoofing a request (as a GoogleBot would be doing), where does the response go?

            Perhaps Google should create a browser extension -- completely voluntary, of course -- that essentially turns everybody's browsers into a distributed GoogleBot. Of course then they have to deal with malicious nodes poisoning the data, but that could be resolved by having a dozen or so random systems checking the same website and sending their res
          • by mollymoo (202721)

            I'm not sure, but it would seem to me that Google would have thought of spoofing it's IPs long ago, to avoid people being able to track them, though I can't say how you'd go about that.

            The fundamental problem with spoofing IPs for this kind of work is that you need to use the right IP to get any data back. You need to have real IPs which are 'disposable'. A botnet, in other words. Google could, if they were evil, create the world's largest botnet by getting JavaScript embedded in search results pages or

            • by rthille (8526)
              Why not just have the google toolbar compare the page it sees in the end users' browser with that google found when spidering. Very similar to that botnet, but without the nefariousness...
          • by tknd (979052)

            I'm not sure, but it would seem to me that Google would have thought of spoofing it's IPs long ago, to avoid people being able to track them, though I can't say how you'd go about that.

            That's so simple!

            1. Create free "accelerator" application/browser plug-in to gather web site stats.
            2. Distribute application as a beta.
            3. ???
            4. Profit!
      • Re:SEOs (Score:5, Interesting)

        by jmagar.com (67146) on Monday October 01, 2007 @09:42AM (#20809397) Homepage
        Google does this already [bbc.co.uk], perhaps not with spiders, or in the way you described. But they do seek out and destroy sites that are caught faking keyword densities and other SEO tactics on crawl pages vs human pages.
      • Re:SEOs (Score:5, Insightful)

        by Tim C (15259) on Monday October 01, 2007 @09:44AM (#20809413)
        At the very least GoogleBot could check if there are common blacklist words ("viagra" et al) on the website when identifying itself as IE or Firefox.

        So medical supply or information websites shouldn't be indexed by Google?

        I know what you're trying to do, but no word is 100% inappropriate. What if someone is actually looking for information on Viagra, or replica Swiss watches, or cheap stocks? What if someone is looking for information on spam?

        Check for significant differences in content with different user-agents yes, but banned words? That really doesn't seem like a good idea to me.
        • What if someone is looking for information on spam?


          Which spam would that be:

          • spam: Unsolicited bulk email.
          • Spam: A spiced pork and ham product from Hormel.

        • Re:SEOs (Score:4, Insightful)

          by glindsey (73730) on Monday October 01, 2007 @11:27AM (#20810745)

          What if someone is actually looking for information on Viagra, or replica Swiss watches, or cheap stocks? What if someone is looking for information on spam?
          That's a good point. But perhaps combinations of keywords would work -- it's pretty unlikely that you'd see "viagra" and "mortgage" on the same site, for example. If you partner this with checking for significant user-agent differences it could become a pretty good tool, I think.
          • by barakn (641218)
            Results 1 - 10 of about 3,010,000 for viagra mortgage. (0.28 seconds)
            • by glindsey (73730)
              And browsing through the top results, I see almost every one is either (a) about spam or (b) a spam page of its own. This seems to strengthen my theory, not weaken it. Now, combine that with checking to see if the page hides details when User-Agent = Googlebot (as the pages talking about spam should remain relatively unchanged), and you have a fairly aggressive filtering system.
        • by PhilHibbs (4537)
          A legitimate medical supplied web site would contain that information both when crawled by Google and when browsed by Firefox or IE. The GP is suggesting that the site might appear innocuous to Google's crawler but be a spam site to any other visitor. Therefore Google should try faking a browser ID and checking the contents produced. However, the problem with this is that some sites allow Google through but require registration from anyone else.
        • by TeamSPAM (166583)

          Context should matter, but that didn't stop Beaver College [google.com] from changing their name because of porn/child safety filters.

      • Re:SEOs (Score:5, Insightful)

        by suv4x4 (956391) on Monday October 01, 2007 @09:49AM (#20809493)
        Which raises the question: Why not have GoogleBot do a check also as a normal user-agent (IE/Firefox/etc.) and see if the page is significantly different than when it identifies itself? At the very least GoogleBot could check if there are common blacklist words ("viagra" et al) on the website when identifying itself as IE or Firefox.

        It does. It also detects landing pages mentioned above. Apparently it's something more subtle than what one could think of in few mins on Slashdot, and we'll learn soon enough.
        • Re:SEOs (Score:5, Funny)

          by colourmyeyes (1028804) on Monday October 01, 2007 @10:15AM (#20809803)

          Apparently it's something more subtle than what one could think of in few mins on Slashdot
          Blasphemy! In my relatively short time lurking on Slashdot, I've seen nearly all the world's problems, including hideously complicated questions of physics, SOLVED in posts no more than a few paragraphs long.

          It's amazing, really.
        • It's a sticky situation / tactic for both Google and it's webmasters.

          For example, I have a web site that displays the most recent content for returning visitors and the most popular content for visitors who are visiting my site for the very first time. It's also possible for each user to chose which page to see. This is done to increase productivity on the site and to to increase the likelihood of a new visitor becoming a repeat visitor.

          When googlebot visits my page I give it the page with the freshest cont
        • by glindsey (73730)

          Apparently it's something more subtle than what one could think of in few mins on Slashdot, and we'll learn soon enough.
          Damn. So much for my applying to Google with the bullet point "Solved PageRank spamming problems by posting on Slashdot after thinking for about thirty seconds" on my resumé.
      • by walt-sjc (145127)
        They should. Google already has guidelines [google.com] that cover this type of behavior. They should enforce them. It's amazing how many sites (including well known sites) violate these guidelines all the time. You would think that Google, with all it's cash (meaning that it can afford to devote the manpower,) would want to improve the quality of their search results, delisting this crap. If they fail to do so, they will start to lose their user base.
        • by nuzak (959558)
          It's not that Google can't delist the crap when they run across it. It's just much harder to keep it from getting re-indexed immediately after, unless they fix the fundamental weakness that the spammers are exploiting. And the effects of jiggering the ranking algorithm are *very* widespread, and not taken lightly. Google can and has delisted high-profile offenders before (BMW and Ricoh come to mind) but they don't want to have to fight their own processes in playing whack-a-mole with every chickenbone sp
          • by walt-sjc (145127)
            Delisting means removing. It should NOT be re-indexed EVER, until the site owner agrees in writing to stop the bad behavior. It can work off IP addresses. Domain names are free, but IP addresses are MUCH more limited.
      • by dargaud (518470)
        I suggested better than this a long time ago: use the IE/Firefox rendering engine completely, and feed the resulting image to an OCR program. This way, anything written on white_on_white, font=1, display:none and other tricks get ignored. Then compare the results. Ditch the site if there's too much difference.
        • The theory is good, but the execution would be horribly complicated, and computationally intensive, and have a very high margin for error. (Computers don't intuit flow as well as humans, for a relatively minor example.)

          -:sigma.SB

    • by IBBoard (1128019)
      That's not SEO, that's SEM (Search Engine Manipulation - I've patented that version of the acronym). SEO involves optimising a site rather than making it completely different for normal users is manipulation and 'blackhat' tactics. It would be interesting, if a little off-putting, if someone has successfully scammed Google to such a great extent through simple cloaking.

      As for the suggestion of a different user agent, I guess it'd be simple enough to either do a reverse lookup and see if it contains "google"
    • by seanyboy (587819)
      I've renamed my user agent to be googlebot.
      Hopefully (don't know if it works), sites like this will give me the correctly indexed information.
  • by icepick72 (834363) on Monday October 01, 2007 @09:28AM (#20809255)
    Submitter says Google's index has been hacked which could imply the severe case: direct security threat and entry to it, or more likely: managing to get it to index something Google would not want it to index.

    Submitter asks: How did millions of sites get indexed if they don't exist?

    Okay, I call this an idiot story. Millions of sites come into being and go out of being all the time. What does this statement have to do with anything? It seems like submitter has a lack of understanding how basic Google and the web work, but the story has made it to Slashdot. I think the Slashdot IQ level is dropping because this is a Digg story.

    • Re: (Score:3, Informative)

      Millions of sites come into being and go out of being all the time. What does this statement have to do with anything? It seems like submitter has a lack of understanding how basic Google and the web work, but the story has made it to Slashdot.

      If you had bothered reading the article, you would have seen:

      • The .cn sites don't appear to be hosted ANYWHERE. They are simply redirected domain names. How they got ranked in Google in such a short period of time for fairly competitive keywords is a mystery. Google's index even shows legitimate content for the .cn sites.
      • It appears that the faked sites are redirecting the Googlebot to a location where content can be indexed, while at the same time recognizing normal users and redirecting them to a site that includes the malware mentioned earlier. This is an obvious violation of Google's guidelines, but the spammers have found ways to circumvent the rule and hide it from the Googlebot.

      Yes, millions of sites do come into being all the time. Had Google indexed a site, and had said-site disappeared before the index was updated, you would simply either hit a landing page (if that domain was purchased but not set-up) or you would get an error message [carrotsticksareyummy.com]

      The submitter was referring to instances when a fake redirector is being set-up and tricking the googlebot by sending it to websites with content and keywords while sending normal use

    • I think the Slashdot IQ level is dropping because this is a Digg story.

      [some guy] [scary] At least you should thank it's not a Fark.com story!
  • Not hosted anywhere? (Score:3, Informative)

    by Vicegrip (82853) on Monday October 01, 2007 @09:29AM (#20809263) Journal
    The article makes the claim that the "hijacked keywords" are going to redirection websites that do not "appear to be hosted anywhere".

    That seems a little incredible to me. :)

    Invisible, IPless, Chinese web-servers are taking over Google! Personally, I'll just let Google worry about trying to protect its search engines. :)

    • by IBBoard (1128019) on Monday October 01, 2007 @09:43AM (#20809411) Homepage
      Yeah, I think "not hosted anywhere" is somewhat of a simplification for "actually hosted somewhere but never show any content to a normal user because they redirect you to another domain instead". While it might fly for a complete non-techy, I wouldn't have thought /. would have too many people believing in responses from machines that don't exist.
      • by Scrameustache (459504) on Monday October 01, 2007 @10:32AM (#20810017) Homepage Journal

        I wouldn't have thought /. would have too many people believing in responses from machines that don't exist.
        Were getting phantom pings from the ghosts of the still-smoldering servers we slashdotted in our folly!
        I'm scared...
        • by Jonathan_S (25407)

          | I wouldn't have thought /. would have too many people believing in responses from machines that don't exist.

          Were getting phantom pings from the ghosts of the still-smoldering servers we slashdotted in our folly!
          I'm scared...
          But the good news is that you aren't getting them anymore.
          • Were getting phantom pings from the ghosts of the still-smoldering servers we slashdotted in our folly!
            I'm scared...
            But the good news is that you aren't getting them anymore. You grammar nazis should give us a break on monday mornings : )
      • by rk (6314)
        Maybe someone dropped a logic bomb through the trap door.
    • by TheRaven64 (641858) on Monday October 01, 2007 @10:04AM (#20809653) Journal
      Those of us on Internet 3.0, Quantum Edition, have this problem all the time. Quoogle indexes sites without collapsing their wave functions. When you click on a link, the waveform collapses and the server may or may not exist. Web spiders are therefore being replaced by cats [thecheezbu...actory.com].
      • by mgblst (80109)
        I know you are trying to be funny, but how can google index a site without collapsing its wave function? That would go against all quantum theory, wouldn't it?
        • > I know you are trying to be funny, but how can google index a site without collapsing its
          > wave function?

          The Googlebot is not an "observer".

          > That would go against all quantum theory, wouldn't it?

          It would "go against" the Copenhagen interpretation.
  • specific phrases? (Score:5, Interesting)

    by rubberglove (1066394) on Monday October 01, 2007 @09:43AM (#20809399)
    The story would be more interesting if it included an example hijacked search phrase.
    I'd like to check it out myself.
    • Try to search for a driver - any driver! I've run into many pages that require 'registration to download' them. And of course registering costs bucks so its a scam.
    • Re: (Score:3, Informative)

      by wbean (222522)
      There's a sample search phrase posted in the comments to the original blog entry. It produced a lot of funny .cn results for me. Here it is:

      Bayesian networks and decision graphs Finn rapidshare
  • Two problems I see are:
    - Sites offering one content to Google and another to users. This is indeed something that Google frowns on, but not something that seems to be in place to be tested by the spider.
    - Google's fame comes from their PageRank algorithm and unfortunately people now know how to game the results. If Google were to implement multiple algorithms then users could indicate which search type the wish to use. While it certainly makes thing more complicated for Google, it also makes
  • Wait and see. (Score:5, Insightful)

    by eniac42 (1144799) on Monday October 01, 2007 @09:48AM (#20809469) Journal
    People, its just a blog. If someone has really hacked Google, we will hear soon enough. Otherwise scamming and spoofing the ratings with rubbish sites is a sport thats been going on a long, long time..

  • Oh, the irony. We have a /. story talking about spammers exploiting Google, and what side link do we get?

    Compare prices on Spam Software

    I wonder whether some of the software lets you spam Google's listings easily? Perhaps that's how it was achieved?
  • TFA suggests that if you want to search actual Chinese sites, you should use google.cn, not google.com.

    Erm... no, bad idea. Maybe google.cn won't have the same spam, maybe it will, but it most certainly is censored for other reasons as well. (Unless they've stopped doing this and I've completely missed the news -- there is one tank man on the first page of a google.cn image search for "tiananmen square", compared with almost the entire first page being tank men on google.com.)

    And maybe a good suggestion to
  • Spam sites had been indexed before the provider learned about spamming and pulled the plug on the sites.
    • by walt-sjc (145127)
      However, anything with a high pagerank (early in the results) should have more scrutiny by google, and be de-listed quickly. Frankly, I find search engine spam worse than email spam. I can easily filter email spam, but search engine spam is MUCH more difficult since you frequently can't tell if a result is spam without visiting the spam site.
  • Quotes:

    "Some searches (very specific phrases, and I won't list any of them right now - Google knows which they are) return results with a large number of .cn (Chinese) sites."

    "The .cn sites don't appear to be hosted ANYWHERE." (wow!)

    "[...] the Word-Confirm on all of their sites, including the one I will have to use to post this, generate a large number of rogue responses, and the HELPDESK facilities with thousands of consoles and employees each all over the planet watch the responses and other traffic chara
  • I think he needs to run AdAware. Seriously.. I've entered a bunch of the usual suspects into google trying to find these hordes of .cn sites that pop up. No joy yet.. Anyone else found one?
  • by miller60 (554835) on Monday October 01, 2007 @10:06AM (#20809671) Homepage
    Back in May Google launched on online security blog [blogspot.com] as part of a broader effort to detect malware sites, presumably to exclude them from the SERP results. They're clearly behind the curve. But this post [blogspot.com] offers an overview of Google's efforts and ambitions in this area.
  • by Alzheimers (467217) on Monday October 01, 2007 @10:08AM (#20809725)
    Free universal health care
    • by p0tat03 (985078)
      Funny, I live in Canada and I still get lots of pharma spam. That being said, it's usually in the viagra/cialis category...
  • by Animats (122034) on Monday October 01, 2007 @10:52AM (#20810289) Homepage

    I'm not seeing any of this. I'm trying commonly spammed phrases in Google, and seeing nothing unusual.

    • "digital camera" - OK
    • "ink cartridge" - OK
    • "flat screen TV" - PCworld at the top
    • "auto parts" - OK
    • "london hotels" - usual results
    • "britney spears" - usual results
    • "viagra" - Pfizer, Wikipedia, etc.
    • "rebelde" (the Mexican telenovela, one of the top ten searches) - normal
    Not one .cn site in the top 10 for any of these.
  • Worse, I think, is the act of spamming blogs with links. The theory is that, the more links there are pointing to a website, the more popular it must be; so, by using commonly-available, spam-advertised commercial software to pollute blogs with links unrelated to the subject matter, webmasters imagine they can improve their ranking without paying baksheesh to the search engine companies.

    I have had an idea for a hack to WordPress, which will make all links invisible to GoogleBot (and maybe the other sear
  • I read the story with interest as something like this happened to me the other day. It didn't even occur to me that Google had been hacked. I figured the original site had been compromised. A hacked web site can be defaced for shits and giggles, obviously, but it could also have a meta refresh tag added to send the browser off to wherever the defacer wants. With the security hole history of most CMS systems out there, I'm surprised that doesn't happen more often.

    It looks like Firefox 3 will allow disab [diveintomark.org]

  • I was noticing something similar to this earlier. There were quite a few domain names ending in .cn. Seemed mostly like junk domain names, but were very odd for ending in .cn

  • by hurfy (735314) on Monday October 01, 2007 @07:10PM (#20817359)
    I just did an image search and forgot a space. I got a lot of bizarre results, a large number of odd ones come from .hu

    I searched on Opel Manta but forgot the space. With it i got many matches very little junk in 1st 10 pages. Without a space i got weird results starting on 1st page. What does a car name have to do with a naked chick with a Nokia phone? Mud wrestlers? Homer Simpson? Paris Hilton? Dozens and dozens of unrelated pictures it seems.

    Spyware is off ATM so i didn't get any farther than that.

Money is the root of all evil, and man needs roots.

Working...