Slashdot Mirror

← Back to Stories (view on slashdot.org)

Millions of Pages Google Hijacked using ODP Feed

Posted by CmdrTaco on from the well-this-isn't-going-well dept.

The Real Nick W writes "Threadwatch reports that millions of pages are being Google Hijacked using the 302 redirect exploit and the ODP's RDF dump. The problem has been around for a couple of years and is just recently starting to make major headlines. By using the Open Directory's data dump of around 4 million sites, and 302'ing each of those sites, the havoc being wreaked on the Google database could have catastrophic effects for both Google and the websites involved."

14 of 427 comments (clear)

  1. Law of the Internet by Cytlid · · Score: 5, Insightful

    For every Good Thing, there are at least 100 different ways to abuse it.

    --
    FLR
  2. Do what I'm going to do... by Not_Wiggins · · Score: 4, Insightful

    buy GOOG on the dip as many non-techie investors panic sell. 8)

    --
    Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
  3. Web presence pressure by gitana · · Score: 5, Insightful

    As web presence -defined as within about the first 10-20 results of a search- becomes more and more important to "success," black hat techniques such as this, to eliminate competitors, will become more and more common. Google, or any other search tool needs to be able to stay above the fray and not be subject to hacks such as this.

  4. Re:Robot.txt by PornMaster · · Score: 4, Insightful

    I do think the figure of millions of pages being hijacked is a little steep, though.

    Why? It can be completely automated. A million is no harder than four.

    --
    500GB of disk, 5TB of transfer, $5.95/mo
  5. Re:Easy to prosecute, hmmm? by jridley · · Score: 4, Insightful

    Prosecute for what? Is there a law against redirecting web pages? I think this would be a pretty difficult prosecution. Google's going to have to take technical steps on this one.

  6. Search engines should devalue redirects by Animats · · Score: 4, Insightful
    Redirects to a page should be treated as having far less PageRank value than the page itself. That will fix the problem.

    It will also break many "click trackers", "portals", "directory sites", "search engine optimizers", and other annoyances, which is probably a plus for Google users. You know, those sites where you click on some phrase in Google and, three redirects later, you're at some irrelevant porno site.

  7. Re:RTFA by Zeinfeld · · Score: 4, Insightful
    Read the fucking article - you don't have to have any access to the victim site to do this - you only need to have a higher pagerank than them.

    The article is confused and baddly written. It does not explain the exploit being used ever. So stop dumping on people. It is not at all surprising that people don't get what is going on when the description is crud.

    What is really going on has nothing to do with 302, or at least very little. What these people are doing is to set up fake web sites using content filched from genuine Web sites. This allows (or is beleived to allow) them to climb the google rankings.

    I don't see why someone would use a 302 response when they can just copy the entire content unless there is some sort of bug in Google's pagerank that is not being explained. Copying the entire content is much simpler.

    So what the attacker does is to set up their site so that when the googlebot comes round it publishes some legitimate content, then when other folk follow the site from a google search they get pages infested with spyware or the like.

    This would certainly explain the number of times I have done a Google search and ended up at an idiotic 'search site' that does nothing for me.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  8. Re:Not a surprise by GoogleGuy · · Score: 5, Insightful

    Hey, if you've run across spammy sites, have you filled out a spam report and used the keyword slashdot? I mentioned in a earlier comment from a different story that you can do this. We got eight reports last time, and the responses are on their way. We do check that data to look for new tricks that spammers are trying.

  9. Re:Ugh. This is so not true. by Dynamoo · · Score: 4, Insightful
    You contact user support and use the keyword "canonicalpage" in your report.. So how much reports has all this work gotten me? The last time I checked, it was under 30

    Well shucks GG, not every webmaster is glued to WMW and other forums.. and even if they did the signal/noise ratio on this topic is so low that you probably couldn't find the information even if you were looking. It's hardly an obvious reporting mechanism. Although posting it on /. should help some, so that's appreciated. Thanks.

    But look - what we have here are a whole bunch of webmasters who have been nuked off the face of the earth by 302 redirects and just don't have the technical knowledge to try and fix it. Mom and Pop stores, hobbyists, nonprofits etc etc. These people are just gonna get pasted.. they'll just be wondering why they don't get any visitors any more.

    This is a HUGELY serious problem - and it's getting worse all the time as more and more people deliberately try to exploit the 302 bug. I've been hit by this bug myself, and let me tell you that unless you know EXACTLY what to look for you'd be stuffed - all you'd see is your traffic flatlining.

    The key issue here - and it's the kind of issue that will really, really hit the headlines when it's exploited is redirection. Sure, I can use a 302 and send Googlebot to the correct page.. so first of all I basically 0wn the content of that page not the publisher. *Then* I insert an exploit into the 302 redirect.. and hey presto, I've 0wned hundreds of thousands if not millions of computers. *That's* going to make unpleasant reading for Google when it hits the headlines - "Use Google and Get Owned". Nasty.

    --
    Never email donotemail@WeAreSpammers.com
  10. Re:302 by ari_j · · Score: 3, Insightful

    Thanks. And remember, identitiy theft is not a joke, unless you steal the identity of a clown.

  11. Re:Exactly. by loraksus · · Score: 3, Insightful

    I sort of agreed, it was really bad about a month or two ago, but has been getting better for most of the "commonly searched" terms. Some fairly obscure searches still turn up a bit of crap, but you can't do it for everyone.
    A "Don't show me any results from this subnet + domain from now on" feature would be nice, as would google banning some of the worst offenders (which it seems to have done).

    --
    1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcfv gbhnjmk,l.;/
  12. OK, I'll bite ... by isometrick · · Score: 3, Insightful

    Look, there *was* circumstancial evidence for the "Greg Duffy" thing ... i.e. just enough to make it a discussion. I agree that fearmongering is not the way to go. I appreciate that you looked into the issue (and my first instinct is to trust your explanation, that is was a DNS issue).

    However, if this is Google's PR method, I think you are kind of asking for it! In the absence of information, the internet community will speculate until the cows come home. I'm not saying it's right, I'm just saying that's reality. Even though I said on my site that I thought Google didn't do anything underhanded I bet a lot of people were still not convinced. Google can do a little better than this, and although you have been fairly nice to me (thanks) this response is a little flamebaity for PR. Please understand that I mean no offense, it's just constructive criticism. Even if everything you say is true, a representative of the company should always at least attempt to sugar coat something like your last paragraph.

    Also, on a more personal note, maybe Google should embrace the people that are involved in researching these problems instead of using this broken communications policy. I know that in my case I contacted you guys 5 *months* ago about the Google Print problem I described and never got any followup except for my t-shirt (which I really like). I have some great ideas about possible solutions to the problem I described, and as far as I can see Google has not fixed the root of the problem. When are you guys going to contact me?

    -Greg Duffy

  13. Simple Answer by rabtech · · Score: 4, Insightful

    There is a simple solution for Google: Only honor 302 redirects when the original and target domains match (or points to a subdomain of the original domain.)

    In all other cases treat a 302 (temporary) as a 301 (permanent) redirect, thus giving credit for the content to the actual hoster of the content.

    This allows webmasters to continue using 302s to setup logical URLs to mask the organization of underlying content but eliminates the ability to hijack completely.

    --
    Natural != (nontoxic || beneficial)
  14. Re:Ugh. This is so not true. by glesga_kiss · · Score: 3, Insightful
    Google has login accounts, so let logged-in users have a link saying "report spam site".

    As an alternative, I'd love a cookie based version of this that you could click "ignore all results from this domain". After a couple of weeks you'd get rid of most of them on your personal browser. Make the lists sharable even. All the pagerank wannabies can do is start from scratch with new URLs.