Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Hacked? Spam Sites Infesting Search Results

Jeremiah Cornelius (137) writes | more than 6 years ago

Google 207

The Google Watchdog blog is reporting that "Spam and virus sites infesting the Google SERPs in several categories" and speculates, ...Google's own index has been hacked. The circumvention of a guideline normally picked up by the Googlebot quickly is worrisome. The fact that none of the sites have real content and don't appear to even be hosted anywhere is even more scary. How did

The Google Watchdog blog is reporting that "Spam and virus sites infesting the Google SERPs in several categories" and speculates, ...Google's own index has been hacked. The circumvention of a guideline normally picked up by the Googlebot quickly is worrisome. The fact that none of the sites have real content and don't appear to even be hosted anywhere is even more scary. How did millions of sites get indexed if they don't exist?

cancel ×

207 comments

Sorry! There are no comments related to the filter you selected.

ATTENTION TACO (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20809171)

IT IS TIME TO GET A REAL JOB

Nothing New (1, Interesting)

mfh (56) | more than 6 years ago | (#20809183)

For years Yahoo was infested with spammers on their front page, but the fact is -- Google is susceptible to an erosion of moral tenacity, just like any other corporation. Someone from within has given the keys to someone who has paid a lot of money to get them. This isn't a hack job... it's an inside job.

They are having a sale on tinfoil (0, Funny)

Anonymous Coward | more than 6 years ago | (#20809215)

You should pick some up.

I call Bullshit!!! (4, Insightful)

Jennifer York (1021509) | more than 6 years ago | (#20809343)

Any evidence to back that up? I seriously doubt that a single individual has the ability to make a change on production boxes without a committee of senior managers approving the change.

Google will adjust, find the method of manipulating the page ranks, and close the hole.

Re:I call Bullshit!!! (5, Insightful)

Billosaur (927319) | more than 6 years ago | (#20809443)

It may not be a question of a single developer making changes, as much as a single developer (or group of them -- safety in numbers) divulging to certain third parties how the algorithms work in the page ranking system. It's very rare any company gives anyone production access to make changes, but then again I've seen that happen too, where something breaks, they give a developer access to patch it in a hurry before the hew and outcry set in, then forget to revoke his/her access. Of course Google is global, so any change would have to propagate through the system vis source control, so tracking it wouldn't be that hard. I doubt any developer, no matter how nefarious, would take the risk.

I Bet It's a Simpler Explanation (5, Interesting)

eldavojohn (898314) | more than 6 years ago | (#20809345)

Google is susceptible to an erosion of moral tenacity, just like any other corporation.
This would be far more interesting but the sad fact is that it's probably the simplest explanation: spammers are merely more sophisticated. I mean, a while ago a few people teamed up to Google bomb Bush as a "miserable failure" [wikipedia.org] and it worked. They exploited Google's page ranking system. It's pretty easy to exploit because they patented it so you merely need to read the patent [uspto.gov] . From there you get an idea of how to exploit it.

I imagine that spammers could band together or simply get botnets 'clicking' as independent IP addresses links that boost their page rank. That's how it worked with Bush, they simply linked his homepage as "miserable failure" and suddenly he was the number one result from that query in Google.

I find this more likely an explanation than someone changing the data or values in the database. There's going to be plenty of evidence left in the logs & it's not like nobody's going to notice. This is Google's bread & butter, no amount of money in the world could entice a worker to mess with it. They would have to be exceptionally stupid as the lawsuits that follow would be in the billions.

Re:I Bet It's a Simpler Explanation (0)

Anonymous Coward | more than 6 years ago | (#20809571)

They would have to be exceptionally stupid as the lawsuits that follow would be in the billions.

Uh...the threat of suing a person for "billions" is pretty fucking toothless if said person doesn't -have- "billions".

Re:I Bet It's a Simpler Explanation (2, Informative)

suv4x4 (956391) | more than 6 years ago | (#20809785)


I imagine that spammers could band together or simply get botnets 'clicking' as independent IP addresses links that boost their page rank. That's how it worked with Bush, they simply linked his homepage as "miserable failure" and suddenly he was the number one result from that query in Google.


I like your post, but Google can't detect if you "click" a link. It doesn't need botnets to click links from different IP addresses.

It just needs the mere *presence* of those links, with the same text, to the same page. Also the hosting servers of those sites should have different IP-s.

The miserable failure bomb was simply a bunch of bloggers posting a link on their blogs. When GoogleBot came around and found the links, the attack was accomplished.

Re:I Bet It's a Simpler Explanation (1)

Arthur B. (806360) | more than 6 years ago | (#20809917)

Hum, google can and does detect if you click a link, link in the google result page are redirections, look closer.

Re:I Bet It's a Simpler Explanation (2, Informative)

suv4x4 (956391) | more than 6 years ago | (#20810113)

We're not talking about the results page, but just links. In sites separate from Google.

Re:I Bet It's a Simpler Explanation (2, Insightful)

Arthur B. (806360) | more than 6 years ago | (#20810479)

Unless the sites happen to have google ads...

Re:I Bet It's a Simpler Explanation (1)

onepoint (301486) | more than 6 years ago | (#20810873)

Also one of the best tools to help your ranking is "vote for this page".

I use it, and I think some of the sites I have voted for have improved in ranking.

Re:I Bet It's a Simpler Explanation (1)

xeoron (639412) | more than 6 years ago | (#20810155)

I know Google has pointed me to various spam filled project pages on sourceforge... hopefully Slashdot's parent company is doing something about it.

Re:I Bet It's a Simpler Explanation (1)

sconeu (64226) | more than 6 years ago | (#20810749)

There's spam/ads on sourceforge? Never seen it... Oh wait... I use AdBlock and FlashBlock.

Re:I Bet It's a Simpler Explanation (1)

gaspyy (514539) | more than 6 years ago | (#20810263)

Please RTFA. The cases mentioned violate the normal guidelines so blatantly that it's hard to imagine how they got through. Anyone who's done a bit of SEO knows that a stunt like this is nearly impossible to pull off.

Calling Bullshit along with this one :Nothing New (1)

bubblah (1095629) | more than 6 years ago | (#20810059)

Amazed this ended up on the front page of slashdot, the article has no "facts" there is nothing other than the wink wink nudge nudge believe me bit here. There is nothing in the article to prove the assertion made here. Let alone the whole thing sounds like someone who is having a hard time with gaming the system, and wants to call conspiracy theory.

Re:Nothing New (1)

Nintendork (411169) | more than 6 years ago | (#20810455)

Uh-hu. Right. My theory is that Bill Gates, George Bush Sr. and Hitler (Now undead) teamed up to thwart Google. Anyone else have a fun theory to throw out there and get modded up for? Apparently, any theory that's entertaining will do!

It was only a matter of time. (-1, Troll)

thatskinnyguy (1129515) | more than 6 years ago | (#20809187)

As with anything with the internet, porn sites have been doing this for years. Yet another thing we owe a debt of thanks to the adult film industry.

It's the Rand Corporation (3, Funny)

OptimusPaul (940627) | more than 6 years ago | (#20809189)

in conjunction with the saucer people under the supervision of the reverse vampires are forcing our parents to go to bed early in a fiendish plot to eliminate the meal of dinner. We're through the looking glass, here, people...

Google index hacked? (5, Funny)

InvisblePinkUnicorn (1126837) | more than 6 years ago | (#20809197)

Hacking of Google databases might explain why Google Translator used to translate the Russian name for "Ivan the Terrible" as "Abraham Lincoln" [blognewschannel.com] .

Re:Google index hacked? (1)

AmIAnAi (975049) | more than 6 years ago | (#20809615)

The Google translation service gives the option to suggest a better translation. It's more likely that this service operates automatically and it just takes enough people suggesting the same translation to force the change through.

Might be interesting to try. But I would hope that they have monitoring in place to spot a sudden surge in alternative translations.

Re:Google index hacked? (1)

rumith (983060) | more than 6 years ago | (#20810169)

Besides, it used to translate 'Peter Norton' to Russian as 'Eugene Kaspersky'. :) This trick has been taken down already.

SEOs (5, Informative)

Chilled_Fuser (463582) | more than 6 years ago | (#20809201)


  Using one page of information for Google's spider and then using a redirect for a non-spider user. It's an SEO tactic.

Re:SEOs (4, Interesting)

glindsey (73730) | more than 6 years ago | (#20809329)

Which raises the question: Why not have GoogleBot do a check also as a normal user-agent (IE/Firefox/etc.) and see if the page is significantly different than when it identifies itself? At the very least GoogleBot could check if there are common blacklist words ("viagra" et al) on the website when identifying itself as IE or Firefox.

Re:SEOs (3, Interesting)

dschuetz (10924) | more than 6 years ago | (#20809381)

I was pretty sure that Google already did some kind of checking for this sort of dodge. It could be that the sites in question have found some way to dodge the dodge -- maybe they figured out when a google revisit (with a different user agent) would occur, or maybe they recognize google IP addresses and always give the scammed page regardless of user agent, or some other similar trick.

That's what makes this scary -- as I said, I thought google was already on the lookout for such scams, and if they're being beat on such a large scale it might mean a major shift in google's strategy is in order...

Re:SEOs (4, Informative)

Billosaur (927319) | more than 6 years ago | (#20809541)

It's more than likely related to IP address than user agent. I used to work in web site metrics, and the number of fouled up user agents and spoofs was always staggering, but IP was a pretty good indicator of who was doing something. No doubt the bad guys have tracked the Google bot's IP over a long period of time and perhaps made some correlations to give them a pretty good idea if the site is being revisited by Google under an assumed user agent. I'm not sure, but it would seem to me that Google would have thought of spoofing it's IPs long ago, to avoid people being able to track them, though I can't say how you'd go about that.

Re:SEOs (1)

Shimmer (3036) | more than 6 years ago | (#20810163)

Google would have thought of spoofing it's IPs long ago, to avoid people being able to track them, though I can't say how you'd go about that.

Easy: Hire a relatively unknown 3rd party to perform the comparison for you.

Re:SEOs (0)

Anonymous Coward | more than 6 years ago | (#20810217)

I'm not sure, but it would seem to me that Google would have thought of spoofing it's IPs long ago, to avoid people being able to track them, though I can't say how you'd go about that.

Maybe Google should take a page out of MediaDefender's playbook and rent IP space from organizations that aren't utilizing their allocated blocks.

Re:SEOs (1)

glindsey (73730) | more than 6 years ago | (#20810687)

Yeah, spoofing an IP is easy if you're not looking for a response... but if you're spoofing a request (as a GoogleBot would be doing), where does the response go?

Perhaps Google should create a browser extension -- completely voluntary, of course -- that essentially turns everybody's browsers into a distributed GoogleBot. Of course then they have to deal with malicious nodes poisoning the data, but that could be resolved by having a dozen or so random systems checking the same website and sending their results for comparison.

This way, no spam/scammer could filter by IP, since the IPs would be everywhere.

Re:SEOs (4, Interesting)

jmagar.com (67146) | more than 6 years ago | (#20809397)

Google does this already [bbc.co.uk] , perhaps not with spiders, or in the way you described. But they do seek out and destroy sites that are caught faking keyword densities and other SEO tactics on crawl pages vs human pages.

Re:SEOs (5, Insightful)

Tim C (15259) | more than 6 years ago | (#20809413)

At the very least GoogleBot could check if there are common blacklist words ("viagra" et al) on the website when identifying itself as IE or Firefox.

So medical supply or information websites shouldn't be indexed by Google?

I know what you're trying to do, but no word is 100% inappropriate. What if someone is actually looking for information on Viagra, or replica Swiss watches, or cheap stocks? What if someone is looking for information on spam?

Check for significant differences in content with different user-agents yes, but banned words? That really doesn't seem like a good idea to me.

Re:SEOs (1)

Bender0x7D1 (536254) | more than 6 years ago | (#20810119)

What if someone is looking for information on spam?


Which spam would that be:

  • spam: Unsolicited bulk email.
  • Spam: A spiced pork and ham product from Hormel.

Re:SEOs (0)

Anonymous Coward | more than 6 years ago | (#20810633)

So medical supply or information websites shouldn't be indexed by Google?

Correct. Why should anyone be looking for any medical supplies on *Google*? You should get medical supplies from the local state-licensed pharmacy through consultation with your doctor, not from some fly-by-night operation. There is no reason to do an end run around your doctor for medical care. I don't know of anyone who was able to get "better treatment" by doing something their doctor didn't suggest.

(This is why I hate "talk to your doctor about ..." Big Pharma ads. If you doctor didn't already bring it up, you don't need it.)

Sorry, [/rant].

Re:SEOs (3, Insightful)

glindsey (73730) | more than 6 years ago | (#20810745)

What if someone is actually looking for information on Viagra, or replica Swiss watches, or cheap stocks? What if someone is looking for information on spam?
That's a good point. But perhaps combinations of keywords would work -- it's pretty unlikely that you'd see "viagra" and "mortgage" on the same site, for example. If you partner this with checking for significant user-agent differences it could become a pretty good tool, I think.

Re:SEOs (4, Insightful)

suv4x4 (956391) | more than 6 years ago | (#20809493)

Which raises the question: Why not have GoogleBot do a check also as a normal user-agent (IE/Firefox/etc.) and see if the page is significantly different than when it identifies itself? At the very least GoogleBot could check if there are common blacklist words ("viagra" et al) on the website when identifying itself as IE or Firefox.

It does. It also detects landing pages mentioned above. Apparently it's something more subtle than what one could think of in few mins on Slashdot, and we'll learn soon enough.

Re:SEOs (5, Funny)

colourmyeyes (1028804) | more than 6 years ago | (#20809803)

Apparently it's something more subtle than what one could think of in few mins on Slashdot
Blasphemy! In my relatively short time lurking on Slashdot, I've seen nearly all the world's problems, including hideously complicated questions of physics, SOLVED in posts no more than a few paragraphs long.

It's amazing, really.

Re:SEOs (1)

garett_spencley (193892) | more than 6 years ago | (#20810465)

It's a sticky situation / tactic for both Google and it's webmasters.

For example, I have a web site that displays the most recent content for returning visitors and the most popular content for visitors who are visiting my site for the very first time. It's also possible for each user to chose which page to see. This is done to increase productivity on the site and to to increase the likelihood of a new visitor becoming a repeat visitor.

When googlebot visits my page I give it the page with the freshest content. I do this for obvious reasons. I want to google to "see" all of the fresh content that my site is offering. I don't consider this to be "cloaking". I'm not trying to trick Google or do anything malicious. Each and every single user has the option of seeing the freshest page and my page is 'smart' in that it detects if a user has visited my site before and decides what page to present the user with.

Google's guide for webmasters says "before doing something, ask yourself ... would you do this if search engines did not exist, and could you justify what you are doing to a competitor". That's kind of a grey one. Yes, I can easily justify it to a competitor, most of my "competitors" do the similar things. And yes I do offer those two different pages to all of my surfers so that's completely independent of search engines. And I can justify giving the specific page to Googlebot by saying "well, Googlebot is a returning visitor it just doesn't store cookies so if I don't detect Googlebot and give it the fresh content page it will always see the most popular and then it will appear to Googlebot as if my site is rarely to never updated". I just hope that Google sees it the same way.

And so far I've never had any problems with Google blacklisting me or dropping me from the index. So I'm assuming (hoping?) that Google's algorithms are smart enough to distinguish between "completely different / malicious" and "subtly different" and that each case would be passed to a human for manual inspection before dropping from the index or blacklisting would occur. But my point is that there is a lot of grey area. Spammers and Cheaters ruin it for everyone. They ruin it for Google and they ruin it for the honest webmasters who want to get better rankings without spamming or cheating anyone but have to be extremely careful to make sure that other people would agree with their opinion that what they're doing isn't spamming.

Re:SEOs (1)

glindsey (73730) | more than 6 years ago | (#20810799)

Apparently it's something more subtle than what one could think of in few mins on Slashdot, and we'll learn soon enough.
Damn. So much for my applying to Google with the bullet point "Solved PageRank spamming problems by posting on Slashdot after thinking for about thirty seconds" on my resumé.

Re:SEOs (1)

walt-sjc (145127) | more than 6 years ago | (#20809695)

They should. Google already has guidelines [google.com] that cover this type of behavior. They should enforce them. It's amazing how many sites (including well known sites) violate these guidelines all the time. You would think that Google, with all it's cash (meaning that it can afford to devote the manpower,) would want to improve the quality of their search results, delisting this crap. If they fail to do so, they will start to lose their user base.

Re:SEOs (1)

dargaud (518470) | more than 6 years ago | (#20810063)

I suggested better than this a long time ago: use the IE/Firefox rendering engine completely, and feed the resulting image to an OCR program. This way, anything written on white_on_white, font=1, display:none and other tricks get ignored. Then compare the results. Ditch the site if there's too much difference.

Re:SEOs (0)

Anonymous Coward | more than 6 years ago | (#20810827)

At the very least GoogleBot could check if there are common blacklist words ("viagra" et al) on the website when identifying itself as IE or Firefox.

Once again we have the amazing phenomenon of a slashdotter instantly solving a problem that the morons who are working on it couldn't. If only the rest of world would get their research from slashdot. All of the world's problems would be solved overnight.

And here the solution is so obvious. Just ban any product that's been mentioned in spam. So simple. Those people at Google are such dopes. How could they not have thought of that??! I mean, what could possibly go wrong?

Re:SEOs (1)

IBBoard (1128019) | more than 6 years ago | (#20809475)

That's not SEO, that's SEM (Search Engine Manipulation - I've patented that version of the acronym). SEO involves optimising a site rather than making it completely different for normal users is manipulation and 'blackhat' tactics. It would be interesting, if a little off-putting, if someone has successfully scammed Google to such a great extent through simple cloaking.

As for the suggestion of a different user agent, I guess it'd be simple enough to either do a reverse lookup and see if it contains "google" or log the range of Google's IPs. I'd have thought Google would have thought of that, but they can't have too many ways that they check with Googlebot not showing up as Googlebot that can't be traced back to them or eventually discovered and made redundant.

Re:SEOs (1)

zeromorph (1009305) | more than 6 years ago | (#20809623)

I've patented that version of the acronym

Don't patented acronyms you insensitive clod!

I noticed something this morning (1)

techpawn (969834) | more than 6 years ago | (#20809239)

In my GMail account there where over 60 pieces of spam in a mailbox that has maybe 1 or 2. I wonder if these are related.

Google hacked, sites don't exist, um ... (3, Insightful)

icepick72 (834363) | more than 6 years ago | (#20809255)

Submitter says Google's index has been hacked which could imply the severe case: direct security threat and entry to it, or more likely: managing to get it to index something Google would not want it to index.

Submitter asks: How did millions of sites get indexed if they don't exist?

Okay, I call this an idiot story. Millions of sites come into being and go out of being all the time. What does this statement have to do with anything? It seems like submitter has a lack of understanding how basic Google and the web work, but the story has made it to Slashdot. I think the Slashdot IQ level is dropping because this is a Digg story.

Re:Google hacked, sites don't exist, um ... (1)

spleen_blender (949762) | more than 6 years ago | (#20809287)

I agree completely. Oh have you seen the latest lolcats calendar for 2008? It is so rad you just have to digg it!

Re:Google hacked, sites don't exist, um ... (0)

Anonymous Coward | more than 6 years ago | (#20809405)

I think the Slashdot IQ level is dropping


Gee yah think? Thank you Captain Obvious.

Re:Google hacked, sites don't exist, um ... (3, Informative)

Clandestine_Blaze (1019274) | more than 6 years ago | (#20809881)

Millions of sites come into being and go out of being all the time. What does this statement have to do with anything? It seems like submitter has a lack of understanding how basic Google and the web work, but the story has made it to Slashdot.
If you had bothered reading the article, you would have seen:

  • The .cn sites don't appear to be hosted ANYWHERE. They are simply redirected domain names. How they got ranked in Google in such a short period of time for fairly competitive keywords is a mystery. Google's index even shows legitimate content for the .cn sites.
  • It appears that the faked sites are redirecting the Googlebot to a location where content can be indexed, while at the same time recognizing normal users and redirecting them to a site that includes the malware mentioned earlier. This is an obvious violation of Google's guidelines, but the spammers have found ways to circumvent the rule and hide it from the Googlebot.
Yes, millions of sites do come into being all the time. Had Google indexed a site, and had said-site disappeared before the index was updated, you would simply either hit a landing page (if that domain was purchased but not set-up) or you would get an error message [carrotsticksareyummy.com]

The submitter was referring to instances when a fake redirector is being set-up and tricking the googlebot by sending it to websites with content and keywords while sending normal users to malware-infested sites. This is a completely different situation than "Millions of sites come into being and go out of being all the time." In this case, those sites are still there and are appearing pretty high up in the index, while redirecting unsuspecting users to other websites. They exist in the physical sense, but that's about it.

I think the Slashdot IQ level is dropping because this is a Digg story.
Or because the readers simply don't bother to read the articles they comment on any more.

Re:Google hacked, sites don't exist, um ... (0)

Anonymous Coward | more than 6 years ago | (#20810009)

You're putting a lot of words into submitter's mouth. Your description is good. Submitter's is not.

Re:Google hacked, sites don't exist, um ... (1)

Clandestine_Blaze (1019274) | more than 6 years ago | (#20810273)

Good point. I suppose I misinterpreted the parent's response to the article itself and not the summary, which they were commenting on. Whoops. :\

Not hosted anywhere? (2, Informative)

Vicegrip (82853) | more than 6 years ago | (#20809263)

The article makes the claim that the "hijacked keywords" are going to redirection websites that do not "appear to be hosted anywhere".

That seems a little incredible to me. :)

Invisible, IPless, Chinese web-servers are taking over Google! Personally, I'll just let Google worry about trying to protect its search engines. :)

Re:Not hosted anywhere? (4, Interesting)

IBBoard (1128019) | more than 6 years ago | (#20809411)

Yeah, I think "not hosted anywhere" is somewhat of a simplification for "actually hosted somewhere but never show any content to a normal user because they redirect you to another domain instead". While it might fly for a complete non-techy, I wouldn't have thought /. would have too many people believing in responses from machines that don't exist.

Where do all the calculators go when they die? (3, Funny)

Scrameustache (459504) | more than 6 years ago | (#20810017)

I wouldn't have thought /. would have too many people believing in responses from machines that don't exist.
Were getting phantom pings from the ghosts of the still-smoldering servers we slashdotted in our folly!
I'm scared...

Re:Where do all the calculators go when they die? (1)

Jonathan_S (25407) | more than 6 years ago | (#20810943)

| I wouldn't have thought /. would have too many people believing in responses from machines that don't exist.

Were getting phantom pings from the ghosts of the still-smoldering servers we slashdotted in our folly!
I'm scared...
But the good news is that you aren't getting them anymore.

Re:Not hosted anywhere? (1)

rk (6314) | more than 6 years ago | (#20810901)

Maybe someone dropped a logic bomb through the trap door.

I never use the first few pages of a 'search' (1)

sjwest (948274) | more than 6 years ago | (#20809639)

Its my way of penalising seo'ers. Its worth thinking about

Re:Not hosted anywhere? (4, Funny)

TheRaven64 (641858) | more than 6 years ago | (#20809653)

Those of us on Internet 3.0, Quantum Edition, have this problem all the time. Quoogle indexes sites without collapsing their wave functions. When you click on a link, the waveform collapses and the server may or may not exist. Web spiders are therefore being replaced by cats [thecheezbu...actory.com] .

Re:Not hosted anywhere? (1)

mgblst (80109) | more than 6 years ago | (#20809899)

I know you are trying to be funny, but how can google index a site without collapsing its wave function? That would go against all quantum theory, wouldn't it?

Re:Not hosted anywhere? (1)

John Hasler (414242) | more than 6 years ago | (#20810757)

> I know you are trying to be funny, but how can google index a site without collapsing its
> wave function?

The Googlebot is not an "observer".

> That would go against all quantum theory, wouldn't it?

It would "go against" the Copenhagen interpretation.

Maybe it work like this... (0, Redundant)

EvilSpudBoy (1159091) | more than 6 years ago | (#20809283)

Probably the reason they don't have content is the sites respond differently to requests from googles search engine then to requests from users. It would seem that they recognize googles search engine, either from the user agent or from the ip range, and then respond with content. It seems they get the content by proxying US sites. Which I don't think is anything new it's just being done on a larger scale.

When they served the proxied content to google, they could rewrite links on the fly to point to their own domains. They could basically appear like they mirror the whole internet. When a request comes in from a user, since it isn't a google user agent, it would just send it to their trojan infested site.

Re:Maybe it work like this... (1)

Dachannien (617929) | more than 6 years ago | (#20809369)

This should be fairly easy for Google to get around, by re-requesting pages within a short time frame using, say, the IE user-agent string, perhaps from a different IP address. If the pages come up hugely different, toss the page out of the index altogether.

Re:Maybe it work like this... (1)

EvilSpudBoy (1159091) | more than 6 years ago | (#20809699)

I imagine they do this. So maybe it is something more sophisticated, but still a variation on the same theme. They could know all of Google's IP ranges or maybe instead of doing that, they know a list of ip's that are definately not google.

Instead of trying to know all of google's ip ranges, and blacklist those, they could just whitelist ip ranges that they know don't belong to google. Because they know they belong to various isp's etc. So the whitelist ip's get the spam page. The unknown ip's get the content pages

Re:Maybe it work like this... (1)

digitalchinky (650880) | more than 6 years ago | (#20809807)

And sadly simplistic in the extreme to counter for any spammer that has at their disposal thousands upon thousands of throw away domain names. Access logs would show in short order which IP's are visiting those sites. Unless google has a huge IP block that nobody knows about, it's not going to work for more than 5 minutes or so.

Re:Maybe it work like this... (1)

tbannist (230135) | more than 6 years ago | (#20810031)

As someone pointed out above, they actually do that, but it seems someone has managed to figure out the alternate IP addresses that they use to verify the search engine results and spoofed those as well.

It could be an ex-employee (either fired, quit, or possibly a contractor) who's sold the information to some black hats, or it could be any number of other things. There's money to be made by subverting Google's index, so you have to know that there are people working on ways to do so all the time.

More interesting (1)

Finallyjoined!!! (1158431) | more than 6 years ago | (#20809285)

At least the spam sites are more interesting than pages and pages of price comparison crap :-)

Re:More interesting (1)

TractorBarry (788340) | more than 6 years ago | (#20810255)

Try this

http://www.givemebackmygoogle.com/ [givemebackmygoogle.com]

It's not perfect as you can't customise the block list but it's a start. Even better make your own version to run on localhost so you can have your own block list etc.

Browser agent string (0, Redundant)

140Mandak262Jamuna (970587) | more than 6 years ago | (#20809323)

The sites could show one content to Googlebot and another to normal visitors. Google has to test with a different agent string and if the contents differ, they just have to junk the whole domain. I am sure they already do.

Re:Browser agent string (0)

Anonymous Coward | more than 6 years ago | (#20809833)

What if they show different content to any bot? What if they evaluate the IP to verify it's Google's? Note that a few false positives don't harm the spammer: It means that some people actually get the content they want, instead of the malware. As long as the number of false positives isn't too high, the spammer can just use a combination of heuristics and present indexable content whenever just one indication shows a possible Google source. Say, one test for the Google agent string, one test for reading robots.txt (which should catch all bots, including Google's), and one test for known Google IP. Another possibility would be to show content until indexed by Google (because before that, it's unlikely that any human would access the site anyway), and only then switch the page to malware for normal users. Of course all that can be combined with standard "SEO" techniques.

And those measures are just what immediatly came to my mind. I'm sure a real spammer will use serious thought for designing methods to spam Google, thus possibly coming up with much more effective measures.

Re:Browser agent string (1)

FooAtWFU (699187) | more than 6 years ago | (#20810129)

The sites could show one content to Googlebot and another to normal visitors.
Or it could be tricky. Offer the same text/html content, but make part of the content User-Obvious / Bot-Invisible content (images or something thrown together with JavaScript) and downplay or hide the Bot-Obvious content with tricky style sheets or more JavaScript (or just put in a bunch of newlines so it's way down the page). Ultimately it becomes some sort of weird Turing test for Google to be able to detect this sort of stuff.

Google used as a spam relay (0)

P3NIS_CLEAVER (860022) | more than 6 years ago | (#20809385)

I was getting pharmaceutical spam that linked to Google; when you clicked the link it relayed you from Google to the pfishing site (No certificate, the site looked completely bogus). I complained about it on their bulletin board, unfortunately Google makes it very difficult to give them feedback on their site.

Re:Google used as a spam relay (0)

Anonymous Coward | more than 6 years ago | (#20810357)

Because googling for 'google spam report' is difficult?

http://www.google.com/contact/spamreport.html [google.com]

specific phrases? (5, Interesting)

rubberglove (1066394) | more than 6 years ago | (#20809399)

The story would be more interesting if it included an example hijacked search phrase.
I'd like to check it out myself.

Re:specific phrases? (1)

zoefff (61970) | more than 6 years ago | (#20809683)

google them in news.google.com?

Google's Algorithm (1)

Midnight Thunder (17205) | more than 6 years ago | (#20809453)

Two problems I see are:
  - Sites offering one content to Google and another to users. This is indeed something that Google frowns on, but not something that seems to be in place to be tested by the spider.
  - Google's fame comes from their PageRank algorithm and unfortunately people now know how to game the results. If Google were to implement multiple algorithms then users could indicate which search type the wish to use. While it certainly makes thing more complicated for Google, it also makes it more complicated for people trying to game the system, since it is harder to know which algorithm to target.

Re:Google's Algorithm (1)

Asgerix (1035824) | more than 6 years ago | (#20810161)

Sites offering one content to Google and another to users. This is indeed something that Google frowns on, but not something that seems to be in place to be tested by the spider.
This is definitely tested by "the spider". This link [bbc.co.uk] has already been posted in this thread.

Google's fame comes from their PageRank algorithm and unfortunately people now know how to game the results. If Google were to implement multiple algorithms then users could indicate which search type the wish to use. While it certainly makes thing more complicated for Google, it also makes it more complicated for people trying to game the system, since it is harder to know which algorithm to target.
If Google implemented multiple algorithms, there would still be one best target candidate: The default algorithm.

Wait and see. (5, Insightful)

eniac42 (1144799) | more than 6 years ago | (#20809469)

People, its just a blog. If someone has really hacked Google, we will hear soon enough. Otherwise scamming and spoofing the ratings with rubbish sites is a sport thats been going on a long, long time..

At least as long as soccer, which (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#20809905)

At least as long as soccer, which was believed to have originated somewhere between Santa Fe and Taos, back in the mid-70s. It has become a legitimate sport in many of the countries which have adopted it, for exmaple, Romania and South Africa. Howver, soccer is not a real sport. Soccer is more of a kick-ball-aournd-huge-field-for-a-hour-and-a-half, with player positions such as wing, panzie, and wussie. Many a game results in a tie. A zero to zero tie. These games - most games - are decided by which side's cheerleaders jiggle the most. Due to the slowness of the game, it is customary that before, during, and after games, boxing and wrestling matches are held alongside the soccer match.

Re:Wait and see. (4, Insightful)

tbannist (230135) | more than 6 years ago | (#20810079)

Actually, it's worse than that. It's a blog that can't provide any actual evidence that anything they claim is true. As far as we know, the entire story is bogus because the blogger has provided nothing to prove that any of his claims are true.

Ironic side link (1)

IBBoard (1128019) | more than 6 years ago | (#20809501)

Oh, the irony. We have a /. story talking about spammers exploiting Google, and what side link do we get?

Compare prices on Spam Software

I wonder whether some of the software lets you spam Google's listings easily? Perhaps that's how it was achieved?

Horrible solution... (1)

SanityInAnarchy (655584) | more than 6 years ago | (#20809511)

TFA suggests that if you want to search actual Chinese sites, you should use google.cn, not google.com.

Erm... no, bad idea. Maybe google.cn won't have the same spam, maybe it will, but it most certainly is censored for other reasons as well. (Unless they've stopped doing this and I've completely missed the news -- there is one tank man on the first page of a google.cn image search for "tiananmen square", compared with almost the entire first page being tank men on google.com.)

And maybe a good suggestion to ignore Chinese sites, for now, but then, why would it work in China, but not here? Seems to me, this tactic would work anywhere, so the only way to be sure you're not infected is to run a secure browser and wait for Googlebot to be updated.

Let me tell you how it happened (1)

unity100 (970058) | more than 6 years ago | (#20809515)

Spam sites had been indexed before the provider learned about spamming and pulled the plug on the sites.

Re:Let me tell you how it happened (1)

walt-sjc (145127) | more than 6 years ago | (#20809789)

However, anything with a high pagerank (early in the results) should have more scrutiny by google, and be de-listed quickly. Frankly, I find search engine spam worse than email spam. I can easily filter email spam, but search engine spam is MUCH more difficult since you frequently can't tell if a result is spam without visiting the spam site.

Nutcase conspiracy theory adopters web2.0 version (2, Insightful)

georgeb (472989) | more than 6 years ago | (#20809535)

Quotes:

"Some searches (very specific phrases, and I won't list any of them right now - Google knows which they are) return results with a large number of .cn (Chinese) sites."

"The .cn sites don't appear to be hosted ANYWHERE." (wow!)

"[...] the Word-Confirm on all of their sites, including the one I will have to use to post this, generate a large number of rogue responses, and the HELPDESK facilities with thousands of consoles and employees each all over the planet watch the responses and other traffic characteristics [...]"

How the HECK did _this_ get on /.? It's a new low, I swear.

Re:Nutcase conspiracy theory adopters web2.0 versi (0)

Anonymous Coward | more than 6 years ago | (#20809933)

Well, the last of your quotes isn't from the blog article itself, but from a comment done by an anonymous poster. I'm sure you can find enough examples of much worse crap on Slashdot, especially posted by Anonymous Cowards (myself not included! :-)), thus you shouldn't rate the blog based on that.

Re:Nutcase conspiracy theory adopters web2.0 versi (0)

Anonymous Coward | more than 6 years ago | (#20809981)

Cool. You hooked up a couple of sentences from the blog entry with a quote from an anonymous response. (yes, the AC who wrote the response is a nutcase)

Way to smear the article!

Wow, you just noticed? (0)

Anonymous Coward | more than 6 years ago | (#20809591)

I don't know how many times in the last year I've been looking for something, only to be taken to a page where none of the search terms even appeared and there was absolutely no content whatever - only advertising.

However, Google doesn't seem to have suffered as much as the other search engines.

-mcgrew [google.com] (mcgrew.info)

PS- I was going t use a Google search results page with "mcgrew dead technologies" as an illustration of WTF TFA was talking about, but the top three results [google.com] all are mine; the first two point to my site, the next points to a K5 article I wrote, the last a K5 comment I made, and I haven't neeb to K5 for the last two years or more! So perhaps this is a case of mountain-molehill?

Re:Wow, you just noticed? (0)

Anonymous Coward | more than 6 years ago | (#20810261)

The link to your program, Art.zip, is broken. Care to provide an up-to-date one, Mr. McGrew?

Cameras (0)

Renraku (518261) | more than 6 years ago | (#20809599)

Everytime I search for digital cameras to do price checks, I get a bunch of fraud/spam sites in the Adwords.

Every fucking time.

I would nail Google to the wall for hosting scam/fraud sites if I could.

Re:Cameras (1)

kevin.fowler (915964) | more than 6 years ago | (#20809729)

The fact is that most US camera sites online are run from NY/NJ and are fly-by-night garbage that thrive on word of mouth and black-hat SEO. They make money. They spend money in adwords. Google likes money.

Sure it's not his browser that's porked? (2, Interesting)

AskChopper (1077519) | more than 6 years ago | (#20809655)

I think he needs to run AdAware. Seriously.. I've entered a bunch of the usual suspects into google trying to find these hordes of .cn sites that pop up. No joy yet.. Anyone else found one?

Re:Sure it's not his browser that's porked? (1, Interesting)

Anonymous Coward | more than 6 years ago | (#20809861)

I just randomly found some.

Search for "vnc pips e61" without the quotes and check page 7. There are some in other pages, but that one has the most.

Google is working on this ... (3, Informative)

miller60 (554835) | more than 6 years ago | (#20809671)

Back in May Google launched on online security blog [blogspot.com] as part of a broader effort to detect malware sites, presumably to exclude them from the SERP results. They're clearly behind the curve. But this post [blogspot.com] offers an overview of Google's efforts and ambitions in this area.

Simple way to eliminate pharmaceutical spam (2, Funny)

Alzheimers (467217) | more than 6 years ago | (#20809725)

Free universal health care

Re:Simple way to eliminate pharmaceutical spam (0, Troll)

computersareevil (244846) | more than 6 years ago | (#20809883)

I presume you will personally pay for it all? TANSTAAFL, idiot.

Re:Simple way to eliminate pharmaceutical spam (1)

p0tat03 (985078) | more than 6 years ago | (#20809991)

Funny, I live in Canada and I still get lots of pharma spam. That being said, it's usually in the viagra/cialis category...

Re:Simple way to eliminate pharmaceutical spam (0)

Anonymous Coward | more than 6 years ago | (#20810023)

Incorrect. I am not sure how much hot air has been blown into the free universal healthcare theme, but:

Do you regularly see news reports where the provision of health insurance funded care does not include provision of a certain drug because it is too expensive? Literally, the insurance company says, "Hey you, this disease you have is really rare, and the drug cocktail that would cure it is quite expensive, so you can't have it, and although we are aware you are stuck with a high level of pain for the rest of your life, we can only say that we empathise"?

Because that is what they actually do in all countries with free and universal healthcare.

I am not talking about "experimental treatments" here (which I would believe US health insurance does not cover either) - in the case of a proven drug, that drug may either be 1) Completely unprovided, i.e. across the board it is not provided to anyone barring special appeal, or 2) Not provided in your specific instance, e.g. if you are old. Old people routinely get the message (or rather, they don't, it's better if they never learn of it, but if they bothered to look it up they would get the message) that drug X which might help their condition is too expensive so it will not be provided to them.

Hence why private health insurance and private clinics still exist (the private clinics often more to do with the 2-year waiting lists on operations) and people go abroad, usually to the US, because their countries have no experience with treatments for certain diseases as they are too rare and thus the alternative is being left to die by the state.

What hijacked phrases? Not seeing this. (4, Informative)

Animats (122034) | more than 6 years ago | (#20810289)

I'm not seeing any of this. I'm trying commonly spammed phrases in Google, and seeing nothing unusual.

  • "digital camera" - OK
  • "ink cartridge" - OK
  • "flat screen TV" - PCworld at the top
  • "auto parts" - OK
  • "london hotels" - usual results
  • "britney spears" - usual results
  • "viagra" - Pfizer, Wikipedia, etc.
  • "rebelde" (the Mexican telenovela, one of the top ten searches) - normal
Not one .cn site in the top 10 for any of these.

Re:What hijacked phrases? Not seeing this. (1, Funny)

Anonymous Coward | more than 6 years ago | (#20810607)

(It's likely something is inserting "site:*.cn" into the article author's searches...)

You don't say? (1)

acro85 (1164045) | more than 6 years ago | (#20810551)

...is this really news? It's been going on forever, I hope google isn't just now noticing this.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>