Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Spam Sites Infesting Google Search Results

Journal written by Jeremiah Cornelius (137) and posted by CmdrTaco on Mon Oct 01, 2007 08:16 AM
from the hate-when-that-happens dept.
Spam Businesses Google The Internet
The Google Watchdog blog is reporting that "Spam and virus sites infesting the Google SERPs in several categories" and speculates, ...Google's own index has been hacked. The circumvention of a guideline normally picked up by the Googlebot quickly is worrisome. The fact that none of the sites have real content and don't appear to even be hosted anywhere is even more scary. How did millions of sites get indexed if they don't exist?
+ -
story

Related Stories

Journal: Google Hacked? Spam Sites Infesting Search Results by Jeremiah Cornelius (137)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Spam Sites Infesting Google Search Results 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • It's the Rand Corporation (Score:3, Funny)

    by OptimusPaul (940627) on Monday October 01 2007, @08:22AM (#20809189)
    in conjunction with the saucer people under the supervision of the reverse vampires are forcing our parents to go to bed early in a fiendish plot to eliminate the meal of dinner. We're through the looking glass, here, people...

  • Google index hacked? (Score:5, Funny)

    by InvisblePinkUnicorn (1126837) on Monday October 01 2007, @08:22AM (#20809197)
    Hacking of Google databases might explain why Google Translator used to translate the Russian name for "Ivan the Terrible" as "Abraham Lincoln" [blognewschannel.com].
    • The Google translation service gives the option to suggest a better translation. It's more likely that this service operates automatically and it just takes enough people suggesting the same translation to force the change through.

      Might be interesting to try. But I would hope that they have monitoring in place to spot a sudden surge in alternative translations.

  • SEOs (Score:5, Informative)

    by Chilled_Fuser (463582) on Monday October 01 2007, @08:23AM (#20809201)

      Using one page of information for Google's spider and then using a redirect for a non-spider user. It's an SEO tactic.

    • Re:SEOs (Score:5, Interesting)

      by glindsey (73730) on Monday October 01 2007, @08:36AM (#20809329)
      Which raises the question: Why not have GoogleBot do a check also as a normal user-agent (IE/Firefox/etc.) and see if the page is significantly different than when it identifies itself? At the very least GoogleBot could check if there are common blacklist words ("viagra" et al) on the website when identifying itself as IE or Firefox.

      • Re:SEOs (Score:4, Interesting)

        by dschuetz (10924) <slash&david,dasnet,org> on Monday October 01 2007, @08:41AM (#20809381) Homepage
        I was pretty sure that Google already did some kind of checking for this sort of dodge. It could be that the sites in question have found some way to dodge the dodge -- maybe they figured out when a google revisit (with a different user agent) would occur, or maybe they recognize google IP addresses and always give the scammed page regardless of user agent, or some other similar trick.

        That's what makes this scary -- as I said, I thought google was already on the lookout for such scams, and if they're being beat on such a large scale it might mean a major shift in google's strategy is in order...

        • Re:SEOs (Score:5, Informative)

          by Billosaur (927319) * <wgrother@optonli[ ]net ['ne.' in gap]> on Monday October 01 2007, @08:54AM (#20809541) Journal

          It's more than likely related to IP address than user agent. I used to work in web site metrics, and the number of fouled up user agents and spoofs was always staggering, but IP was a pretty good indicator of who was doing something. No doubt the bad guys have tracked the Google bot's IP over a long period of time and perhaps made some correlations to give them a pretty good idea if the site is being revisited by Google under an assumed user agent. I'm not sure, but it would seem to me that Google would have thought of spoofing it's IPs long ago, to avoid people being able to track them, though I can't say how you'd go about that.

      • Re:SEOs (Score:5, Interesting)

        by jmagar.com (67146) on Monday October 01 2007, @08:42AM (#20809397) Homepage
        Google does this already [bbc.co.uk], perhaps not with spiders, or in the way you described. But they do seek out and destroy sites that are caught faking keyword densities and other SEO tactics on crawl pages vs human pages.

      • Re:SEOs (Score:5, Insightful)

        by Tim C (15259) on Monday October 01 2007, @08:44AM (#20809413)
        At the very least GoogleBot could check if there are common blacklist words ("viagra" et al) on the website when identifying itself as IE or Firefox.

        So medical supply or information websites shouldn't be indexed by Google?

        I know what you're trying to do, but no word is 100% inappropriate. What if someone is actually looking for information on Viagra, or replica Swiss watches, or cheap stocks? What if someone is looking for information on spam?

        Check for significant differences in content with different user-agents yes, but banned words? That really doesn't seem like a good idea to me.

        • Re:SEOs (Score:4, Insightful)

          by glindsey (73730) on Monday October 01 2007, @10:27AM (#20810745)

          What if someone is actually looking for information on Viagra, or replica Swiss watches, or cheap stocks? What if someone is looking for information on spam?
          That's a good point. But perhaps combinations of keywords would work -- it's pretty unlikely that you'd see "viagra" and "mortgage" on the same site, for example. If you partner this with checking for significant user-agent differences it could become a pretty good tool, I think.

      • Re:SEOs (Score:5, Insightful)

        by suv4x4 (956391) on Monday October 01 2007, @08:49AM (#20809493)
        Which raises the question: Why not have GoogleBot do a check also as a normal user-agent (IE/Firefox/etc.) and see if the page is significantly different than when it identifies itself? At the very least GoogleBot could check if there are common blacklist words ("viagra" et al) on the website when identifying itself as IE or Firefox.

        It does. It also detects landing pages mentioned above. Apparently it's something more subtle than what one could think of in few mins on Slashdot, and we'll learn soon enough.

        • Re:SEOs (Score:5, Funny)

          by colourmyeyes (1028804) on Monday October 01 2007, @09:15AM (#20809803) Homepage

          Apparently it's something more subtle than what one could think of in few mins on Slashdot
          Blasphemy! In my relatively short time lurking on Slashdot, I've seen nearly all the world's problems, including hideously complicated questions of physics, SOLVED in posts no more than a few paragraphs long.

          It's amazing, really.
      • They should. Google already has guidelines [google.com] that cover this type of behavior. They should enforce them. It's amazing how many sites (including well known sites) violate these guidelines all the time. You would think that Google, with all it's cash (meaning that it can afford to devote the manpower,) would want to improve the quality of their search results, delisting this crap. If they fail to do so, they will start to lose their user base.
    • That's not SEO, that's SEM (Search Engine Manipulation - I've patented that version of the acronym). SEO involves optimising a site rather than making it completely different for normal users is manipulation and 'blackhat' tactics. It would be interesting, if a little off-putting, if someone has successfully scammed Google to such a great extent through simple cloaking.

      As for the suggestion of a different user agent, I guess it'd be simple enough to either do a reverse lookup and see if it contains "google"

  • Google hacked, sites don't exist, um ... (Score:4, Insightful)

    by icepick72 (834363) on Monday October 01 2007, @08:28AM (#20809255)
    Submitter says Google's index has been hacked which could imply the severe case: direct security threat and entry to it, or more likely: managing to get it to index something Google would not want it to index.

    Submitter asks: How did millions of sites get indexed if they don't exist?

    Okay, I call this an idiot story. Millions of sites come into being and go out of being all the time. What does this statement have to do with anything? It seems like submitter has a lack of understanding how basic Google and the web work, but the story has made it to Slashdot. I think the Slashdot IQ level is dropping because this is a Digg story.

    • Millions of sites come into being and go out of being all the time. What does this statement have to do with anything? It seems like submitter has a lack of understanding how basic Google and the web work, but the story has made it to Slashdot.

      If you had bothered reading the article, you would have seen:

      • The .cn sites don't appear to be hosted ANYWHERE. They are simply redirected domain names. How they got ranked in Google in such a short period of time for fairly competitive keywords is a mystery. Google's index even shows legitimate content for the .cn sites.
      • It appears that the faked sites are redirecting the Googlebot to a location where content can be indexed, while at the same time recognizing normal users and redirecting them to a site that includes the malware mentioned earlier. This is an obvious violation of Google's guidelines, but the spammers have found ways to circumvent the rule and hide it from the Googlebot.

      Yes, millions of sites do come into being all the time. Had Google indexed a site, and had said-site disappeared before the index was updated, you would simply either hit a landing page (if that domain was purchased but not set-up) or you would get an error message [carrotsticksareyummy.com]

      The submitter was referring to instances when a fake redirector is being set-up and tricking the googlebot by sending it to websites with content and keywords while sending normal use

  • Not hosted anywhere? (Score:3, Informative)

    by Vicegrip (82853) on Monday October 01 2007, @08:29AM (#20809263) Journal
    The article makes the claim that the "hijacked keywords" are going to redirection websites that do not "appear to be hosted anywhere".

    That seems a little incredible to me. :)

    Invisible, IPless, Chinese web-servers are taking over Google! Personally, I'll just let Google worry about trying to protect its search engines. :)

    • Re:Not hosted anywhere? (Score:5, Interesting)

      by IBBoard (1128019) on Monday October 01 2007, @08:43AM (#20809411) Homepage
      Yeah, I think "not hosted anywhere" is somewhat of a simplification for "actually hosted somewhere but never show any content to a normal user because they redirect you to another domain instead". While it might fly for a complete non-techy, I wouldn't have thought /. would have too many people believing in responses from machines that don't exist.

    • Re:Not hosted anywhere? (Score:5, Funny)

      by TheRaven64 (641858) on Monday October 01 2007, @09:04AM (#20809653) Homepage Journal
      Those of us on Internet 3.0, Quantum Edition, have this problem all the time. Quoogle indexes sites without collapsing their wave functions. When you click on a link, the waveform collapses and the server may or may not exist. Web spiders are therefore being replaced by cats [thecheezbu...actory.com].
      • I know you are trying to be funny, but how can google index a site without collapsing its wave function? That would go against all quantum theory, wouldn't it?

  • specific phrases? (Score:5, Interesting)

    by rubberglove (1066394) on Monday October 01 2007, @08:43AM (#20809399)
    The story would be more interesting if it included an example hijacked search phrase.
    I'd like to check it out myself.

    • Re: (Score:3, Informative)

      by wbean (222522)
      There's a sample search phrase posted in the comments to the original blog entry. It produced a lot of funny .cn results for me. Here it is:

      Bayesian networks and decision graphs Finn rapidshare
  • Two problems I see are:
    - Sites offering one content to Google and another to users. This is indeed something that Google frowns on, but not something that seems to be in place to be tested by the spider.
    - Google's fame comes from their PageRank algorithm and unfortunately people now know how to game the results. If Google were to implement multiple algorithms then users could indicate which search type the wish to use. While it certainly makes thing more complicated for Google, it also makes

  • Wait and see. (Score:5, Insightful)

    by eniac42 (1144799) on Monday October 01 2007, @08:48AM (#20809469) Journal
    People, its just a blog. If someone has really hacked Google, we will hear soon enough. Otherwise scamming and spoofing the ratings with rubbish sites is a sport thats been going on a long, long time..

    • Re:Wait and see. (Score:5, Insightful)

      by tbannist (230135) on Monday October 01 2007, @09:37AM (#20810079)
      Actually, it's worse than that. It's a blog that can't provide any actual evidence that anything they claim is true. As far as we know, the entire story is bogus because the blogger has provided nothing to prove that any of his claims are true.
  • Oh, the irony. We have a /. story talking about spammers exploiting Google, and what side link do we get?

    Compare prices on Spam Software

    I wonder whether some of the software lets you spam Google's listings easily? Perhaps that's how it was achieved?
  • TFA suggests that if you want to search actual Chinese sites, you should use google.cn, not google.com.

    Erm... no, bad idea. Maybe google.cn won't have the same spam, maybe it will, but it most certainly is censored for other reasons as well. (Unless they've stopped doing this and I've completely missed the news -- there is one tank man on the first page of a google.cn image search for "tiananmen square", compared with almost the entire first page being tank men on google.com.)

    And maybe a good suggestion to
  • Spam sites had been indexed before the provider learned about spamming and pulled the plug on the sites.
    • However, anything with a high pagerank (early in the results) should have more scrutiny by google, and be de-listed quickly. Frankly, I find search engine spam worse than email spam. I can easily filter email spam, but search engine spam is MUCH more difficult since you frequently can't tell if a result is spam without visiting the spam site.
  • Quotes:

    "Some searches (very specific phrases, and I won't list any of them right now - Google knows which they are) return results with a large number of .cn (Chinese) sites."

    "The .cn sites don't appear to be hosted ANYWHERE." (wow!)

    "[...] the Word-Confirm on all of their sites, including the one I will have to use to post this, generate a large number of rogue responses, and the HELPDESK facilities with thousands of consoles and employees each all over the planet watch the responses and other traffic chara
  • I think he needs to run AdAware. Seriously.. I've entered a bunch of the usual suspects into google trying to find these hordes of .cn sites that pop up. No joy yet.. Anyone else found one?

  • Google is working on this ... (Score:4, Informative)

    by miller60 (554835) on Monday October 01 2007, @09:06AM (#20809671) Homepage
    Back in May Google launched on online security blog [blogspot.com] as part of a broader effort to detect malware sites, presumably to exclude them from the SERP results. They're clearly behind the curve. But this post [blogspot.com] offers an overview of Google's efforts and ambitions in this area.

  • Simple way to eliminate pharmaceutical spam (Score:3, Funny)

    by Alzheimers (467217) on Monday October 01 2007, @09:08AM (#20809725)
    Free universal health care

  • What hijacked phrases? Not seeing this. (Score:5, Informative)

    by Animats (122034) on Monday October 01 2007, @09:52AM (#20810289) Homepage

    I'm not seeing any of this. I'm trying commonly spammed phrases in Google, and seeing nothing unusual.

    • "digital camera" - OK
    • "ink cartridge" - OK
    • "flat screen TV" - PCworld at the top
    • "auto parts" - OK
    • "london hotels" - usual results
    • "britney spears" - usual results
    • "viagra" - Pfizer, Wikipedia, etc.
    • "rebelde" (the Mexican telenovela, one of the top ten searches) - normal
    Not one .cn site in the top 10 for any of these.
  • I just did an image search and forgot a space. I got a lot of bizarre results, a large number of odd ones come from .hu

    I searched on Opel Manta but forgot the space. With it i got many matches very little junk in 1st 10 pages. Without a space i got weird results starting on 1st page. What does a car name have to do with a naked chick with a Nokia phone? Mud wrestlers? Homer Simpson? Paris Hilton? Dozens and dozens of unrelated pictures it seems.

    Spyware is off ATM so i didn't get any farther than that.

    • I call Bullshit!!! (Score:4, Insightful)

      by Jennifer York (1021509) on Monday October 01 2007, @08:37AM (#20809343) Homepage
      Any evidence to back that up? I seriously doubt that a single individual has the ability to make a change on production boxes without a committee of senior managers approving the change.

      Google will adjust, find the method of manipulating the page ranks, and close the hole.

      • It may not be a question of a single developer making changes, as much as a single developer (or group of them -- safety in numbers) divulging to certain third parties how the algorithms work in the page ranking system. It's very rare any company gives anyone production access to make changes, but then again I've seen that happen too, where something breaks, they give a developer access to patch it in a hurry before the hew and outcry set in, then forget to revoke his/her access. Of course Google is global, so any change would have to propagate through the system vis source control, so tracking it wouldn't be that hard. I doubt any developer, no matter how nefarious, would take the risk.

        • Re: (Score:3, Interesting)

          by Metasquares (555685)
          They've had people working on their algorithms for quite some time now. I doubt it's in the state where it's something you can just give away all at once... or precisely target, for that matter. It's probably hundreds of thousands of lines of code by now, if not more. They should have systems in place to notify them when that much data is copied at once.

          Still waiting for them to allow weighting of search terms, though :)

      • Re: (Score:3, Insightful)

        by zymano (581466)
        No it's not. Whenever you ask just a computer program to weed out spam , it will always be outwitted by average human intelligence.

        There are websites strictly devoted to google ranking.

        Let me add this about Google. The google corporation really isn't 100% innovative. Their search uses common links to rank. This has led to evolution of the spammers. They load their pages with links to spam. So my point to slashdot is......

        If google is so damn loaded with money and that their search tech uses common user l

    • Google is susceptible to an erosion of moral tenacity, just like any other corporation.
      This would be far more interesting but the sad fact is that it's probably the simplest explanation: spammers are merely more sophisticated. I mean, a while ago a few people teamed up to Google bomb Bush as a "miserable failure" [wikipedia.org] and it worked. They exploited Google's page ranking system. It's pretty easy to exploit because they patented it so you merely need to read the patent [uspto.gov]. From there you get an idea of how to exploit it.

      I imagine that spammers could band together or simply get botnets 'clicking' as independent IP addresses links that boost their page rank. That's how it worked with Bush, they simply linked his homepage as "miserable failure" and suddenly he was the number one result from that query in Google.

      I find this more likely an explanation than someone changing the data or values in the database. There's going to be plenty of evidence left in the logs & it's not like nobody's going to notice. This is Google's bread & butter, no amount of money in the world could entice a worker to mess with it. They would have to be exceptionally stupid as the lawsuits that follow would be in the billions.
    • This should be fairly easy for Google to get around, by re-requesting pages within a short time frame using, say, the IE user-agent string, perhaps from a different IP address. If the pages come up hugely different, toss the page out of the index altogether.

      • And sadly simplistic in the extreme to counter for any spammer that has at their disposal thousands upon thousands of throw away domain names. Access logs would show in short order which IP's are visiting those sites. Unless google has a huge IP block that nobody knows about, it's not going to work for more than 5 minutes or so.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.