Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Warns About Search-Spammer Site Hacking

Posted by CmdrTaco on from the secure-your-borders dept.

Al writes "The head of Google's Web-spam-fighting team, Matt Cutts, warned last week that spammers are hacking more and more poorly secured websites in order to 'game' search-engine results. At a conference on information retrieval, held in Boston, Cutts also discussed how Google deals with the growing problem of search spam. 'I've talked to some spammers who have large databases of websites with security holes,' Cutts said. 'You definitely see more Web pages getting linked from hacked sites these days. The trend has been going on for at least a year or so, and I do believe we'll see more of this [...] As operating systems become more secure and users become savvier in protecting their home machines, I would expect the hacking to shift to poorly secured Web servers.' Garth Bruen, creator of the Knujon software that keeps track of reported search spam, added that some campaigns involve creating up to 10,000 unique domain names."

16 of 59 comments (clear)

  1. And what about search farms? by vintagepc · · Score: 5, Insightful

    I don't know about you, but something else that REALLY annoys me is pages that contain lists of words just so they come up on many searches... with no actual content. Or sites like "Buy *search term* at low prices" and they don't even sell what you're looking for. What's being done about those?

    --
    Evolution - Est. 4500000000 B.C. Don't piss in the gene pool.
    1. Re:And what about search farms? by Shakrai · · Score: 2, Interesting

      Does that actually "report" it or does it merely remove it from your search results?

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:And what about search farms? by Yvan256 · · Score: 2, Informative

      I don't see any "X" (or any other icons) with my search results.

    3. Re:And what about search farms? by 0100010001010011 · · Score: 2, Informative

      CustomizeGoogle is a firefox plugin(which hasn't been updated for 3.5 yet) lets you ignore domains.

      I had a ton on there.

      http://www.fixya.com/ seems to have risen up now that I'm searching on how to fix some lawn equipment I inherited.
      "Yard Machines fix belt" and it comes back with http://www.fixya.com/tags/yard_machines_deck_diagram_belt

      Of course this is 100% useless.

      Those sites are fun to mess with friends. "Dude, did you know that there's an entire webpage on fixing your impotency?"

    4. Re:And what about search farms? by D-Cypell · · Score: 3, Insightful

      While I don't know for absolute certain, I *strongly* suspect that that data is collected and operated on. Most of the big sites are about so called 'collective intelligence', or collecting information about person A so that you can have a better idea of what you want to be providing to person B. This goes into what links are cicked, at which times of the day, how long people spend on a site or page etc etc. To have a function that is so incredibly explicit as 'This is crap, don't show me it again', and to *not* use that to refine future page generations would be deeply stupid, and stupid is one thing the guys at google aint.

    5. Re:And what about search farms? by sys.stdout.write · · Score: 2, Interesting

      Are you logged in to your Google account?

    6. Re:And what about search farms? by ex0a · · Score: 2, Insightful

      CustomizeGoogle is a firefox plugin(which hasn't been updated for 3.5 yet) lets you ignore domains.

      From the CustomizeGoogle page the reported version allowed is up to 3.6a1pre for anyone reading this not checking into the addon because of the parent. This addon is really handy.

    7. Re:And what about search farms? by sabernet · · Score: 2, Informative

      If that really worked, I wouldn't still see so many damn "experts-exchange" results since I'm sure I've 'x'ed at least 5 dozen of them.

  2. Universal Authentication by ParticleGirl · · Score: 4, Insightful

    I found this pretty interesting: "Authentication [across the Web] would be really nice," says Tunkelang. "The anonymity of the Internet, as valuable as it is, is also the source of many of these ills." Having to register an e-mail before you can comment on a blog is a step in this direction, he says, as is Twitter's recent addition of a "verified" label next to profiles it has authenticated."

    The idea of universal authentication has been tossed around for a while. I feel like the biggest drawback is privacy (we'd have to trust some universal authentication system to hold onto some identifier even if posting anonymously) and the biggest obstacle is the need for universal participation. It's kind of too late to make an opt-in system. But I've liked the idea ever since early sci-fi interwebs (read: Ender's Game) had SOME kind of authentication.

    --
    Do something about world hunger. Click here
    1. Re:Universal Authentication by truthsearch · · Score: 2, Insightful

      Authentication would of course help for properly secured web sites. But many sites have content injected nefariously. One common method is to break into shared hosting servers via ftp or ssh and place javascript or html at the bottom of every html file.

      --
      Developers: We can use your help.
  3. Confirmation by Drakkenmensch · · Score: 4, Interesting

    Anyone who frequently uses google knows this already. Plug in any kind of search and you're bound to get a slew of crap results along the lines of:

    Download [term] full version

    Torrent [term] keygen

    Torrent [term] latest version

    Torrent [term] hacked no-cd

    You'll get those even when searching for books.

    1. Re:Confirmation by IBBoard · · Score: 4, Informative

      Except that that's not what the summary mentions. The summary is talking about people hacking websites to get more "good" links to their site, rather than having to rely on standard link farms that are then blacklisted. It's like comment spam, only with hacking of servers instead.

  4. PageRank is a bullseye by spyrochaete · · Score: 2, Insightful

    If your website's front page has a PageRank score of 3/10 or higher it is a prime candidate for hijacking. Google gives extra clout to hyperlinks from sites with a high PageRank (aka "link juice"), so it's easiest for a malicious party to hijack a small number of high-ranking sites than a large number of low-ranking sites. The higher your PageRank the greater your risk.

  5. Re:Easy to spot? by Shadow-isoHunt · · Score: 2, Insightful

    That doesn't work, because you can't possibly determine whether they're legitimate links or not(if the linking is done properly). For example, how do you differentiate inbetween something that starts as a result of an independently reported news event(or a slashdotting...), or something that starts as the result of hacking? If you want to waste the cycles, you can start mapping the event to find it's potential point of origin to see if it's a news site or something, but it's still going to hurt the little guys.

    --
    www.isoHunt.com
  6. Google needs web spam to profit. by Animats · · Score: 3, Informative

    Google can't solve this problem because their business model requires web spam.

    Google is in the advertising business, not the search business. Search is a traffic builder for the ads. Google's customers are their advertisers, not their search users. They have to maximize ad revenue. The problem is that more than a third of Google's advertisers are web spammers, broadly defined. All those "landing pages", typosquatters, spam blogs, and similar junk full of Google ads are revenue generators for Google. Every time someone clicks on an AdWords ad, Google makes money, no matter what slimeball is running the ad. Google can't crack down too hard, or their revenue will drop substantially. Google does have some standards, but they're low.

    Google went over to the dark side around 2006. In 2004 and 2005, Google sponsored the Web Spam Summit, devoted to killing off web spammers. From 2006, Google sponsored the Search Engine Strategies conference, where the "search engine optimization" people meet. That was a big switch in direction, and a sad one.

    As we demonstrate with SiteTruth, it's not that hard to get rid of most web spam if you're willing to be a hardass about requiring a legit business behind each commercial web site. Google can't afford to do that. It would hurt their bottom line.

    However, cleaning up web search results with browser plug-ins is a viable option. Stay tuned.

  7. I've seen one of these hacked sites by maccallr · · Score: 2, Informative

    I saw this in the wild a few weeks ago. I had a google email alert running for my bank, which pointed me to a page which was blog-like but when you looked closer it was completely auto-generated gibberish. They had built the whole thing based on a list of banks and insurance companies. As it was under envsci.rutgers.edu I guessed they had been compromised.

    I reported it to the webmaster and I see that it is gone (both from Google's index and the server). Not a word of thanks though. How long does that take...

    Maybe someone here will give me a medal instead?