Google Warns About Search-Spammer Site Hacking

Al writes "The head of Google's Web-spam-fighting team, Matt Cutts, warned last week that spammers are hacking more and more poorly secured websites in order to 'game' search-engine results. At a conference on information retrieval, held in Boston, Cutts also discussed how Google deals with the growing problem of search spam. 'I've talked to some spammers who have large databases of websites with security holes,' Cutts said. 'You definitely see more Web pages getting linked from hacked sites these days. The trend has been going on for at least a year or so, and I do believe we'll see more of this [...] As operating systems become more secure and users become savvier in protecting their home machines, I would expect the hacking to shift to poorly secured Web servers.' Garth Bruen, creator of the Knujon software that keeps track of reported search spam, added that some campaigns involve creating up to 10,000 unique domain names."

Confirmation

[Drakkenmensch]

Anyone who frequently uses google knows this already. Plug in any kind of search and you're bound to get a slew of crap results along the lines of:

Download [term] full version

Torrent [term] keygen

Torrent [term] latest version

Torrent [term] hacked no-cd

You'll get those even when searching for books.

Re:Confirmation

I've had my webpages up for years, but hadn't actually added anything new for a while so hadn't felt the need to stop by my site and do maintenance. This spring, Google sent me an email warning me that they were taking my site off their search engine for spamming. (Though they did suggest it had probably been hacked.)

It was horrible. My pages had indeed been hacked and had "invisible" links written all over them. Some of them actually had all their real content deleted in favor of what looked like nothingness. New pages and directories had been added, sometimes imitating my own pages and sometimes not bothering, all filled with these spam links. And even better, none of the links actually led to the spammers' site! They all led to hundreds of other dormant websites, all on my own ISP, so I couldn't even block traffic. Sickening. They'd even come back in various months and added new layers of spam links. Brazen. And my own inattention had made it possible.

What I didn't realize was that my ISP had made some supposedly "user-friendly" modifications in settings that had opened up pretty much everything on my account to any little annoyance who came knocking. I complained to them, explained how many other pages were affected that they were hosting, and pretty much got nothing in return.

I could clean things up and change that, and I did. I could get Google to put me back on the search engine, and I did. I can resolve to leave my ISP next time I'm up for renewal, and I will. But the nuisance and violation of it all was horrible. Also, there's no guarantee that the spammers won't come back, with better cracking software, and mess up my pages again. One less bit of peace of mind for me, and no trouble at all for them.

We don't need more authentification. We need to catch the people who do this and throw them in prison; and if they're in foreign countries, we need to get them extradited or convicted where they live. And nations ought to cooperate over this. On their own scale, and without any motive but profit, these sorts of spammers are destroyers of all they touch and enemies of all mankind. (After all, they are seriously messing up everybody's results and traffic, not just being an annoyance at my site.) If there was no profit and much loss in doing this, I think this sort of person would leave everybody's webpages alone.

Only a year now?

[Nick]

Or perhaps he meant it's only been popular in the last year or so. I've seen this going on for the last three years at the least.

Re:And what about search farms?

[Shakrai]

Does that actually "report" it or does it merely remove it from your search results?

Re:And what about search farms?

What's being done about those?

Google is making money off of them.

I'm sorry, but you simply cannot offer a "service" like this and at the same time claim relevant search results are your top priority. These two things are inherently at odds with each other.

Re:And what about search farms?

[sys.stdout.write]

Are you logged in to your Google account?

Rampant hijacking of .edu domains

This is particularly bad at the .edu domains. It is shocking and inexplicable that the IT departments at these universities don't know what's going on with their own servers and in their own zone files. There are literally thousands of hijacked subdomains under valid .edu domains. How can the network administrators not know what's going on? Don't they check their logs? Don't they see the google referrers for this spammy content? Could they be responsible for it themselves, or maybe getting a payoff for looking the other way? Just look at the results of this google search and see just how bad it is:

http://www.google.com/search?hl=en&safe=off&q=%22low+cost+payday+loans%22+site%3A.edu&aq=f&oq=&aqi=

These schools are required by law and regulation to protect their student's private information. If their servers are so badly compromised, how can their students and employees trust them with their personal and financial information? It displays shocking disregard for security or utter incomptence, or perhaps even corruption on the part of the IT staff, and seriously needs to be investigated, and corrected, without delay!