Google To Send Detailed Info About Hacked Web Sites

← Back to Stories (view on slashdot.org)

Google To Send Detailed Info About Hacked Web Sites

Posted by kdawson on Tuesday October 13, 2009 @04:28PM from the see-yourself-as-others-see-you dept.

alphadogg writes "In an effort to promote the 'general health of the Web,' Google will send Webmasters snippets of malicious code in the hopes of getting infected Web sites cleaned up faster. The new information will appear as part of Google's Webmaster Tools, a suite of tools that provide data about a Web site, such as site visits. 'We understand the frustration of Webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged,' wrote Lucas Ballard on Google's online security blog. To Webmasters who are registered with Google, the company will send them an email notifying them of suspicious content along with a list of the affected pages. They'll also be able to see part of the malicious code." Another of the new Webmaster Tools is Fetch as Googlebot, which shows you a page as Google's crawler sees it. This should allow Webmasters to see malicious code that bad guys have hidden on their sites via "cloaking," among other benefits.

15 of 58 comments (clear)

Gentlemen, check your Webmaster tools by symbolset · 2009-10-13 16:38 · Score: 4, Interesting

This is a great service. Google should set up an opt-in email notification as well.
It helps the webmasters build better sites and teaches them to check the Google website tools that allow them to groom their site for best indexing on Google. That's great.

--
Help stamp out iliturcy.
1. Re:Gentlemen, check your Webmaster tools by madhurms · 2009-10-13 16:50 · Score: 2, Informative
  
  I dont know why the summary did not link to the official google blog. Here is the link: http:http://googlewebmastercentral.blogspot.com/2009/10/fetch-as-googlebot-and-malware-details.html/
2. Re:Gentlemen, check your Webmaster tools by Pieroxy · 2009-10-13 17:20 · Score: 3, Informative
  
  Did you mean http://googlewebmastercentral.blogspot.com/2009/10/fetch-as-googlebot-and-malware-details.html ? Your link got garbled by some evil force...
  
  --
  Write boring code, not shiny code!
Google needs to clean up their own act first, by Animats · 2009-10-13 17:11 · Score: 4, Informative

Google has a malware hosting problem of their own.
Google Spreadsheets can be abused to create phony login pages. Here's one for "Free Habbo credits", designed to collect Habbo logins. It's been reported via the usual "Google abuse" mechanism, repeatedly, and it's still up. It's been up since October 28, 2008.
We track major domains being exploited by active phishing scams. ("Major" here means only that it's in Open Directory, with about 1.5 million domains.) There are 39 exploited domains today. Only 7 have been on that list since 2008. The most abused site is Piczo.com, which is a hosting service/social network/shopping site for teenagers.
Just about everybody else has cleaned up their act. 18 months ago, that list had 174 entries, including Yahoo, eBay, Microsoft Live, and TinyURL. All those companies have become more aggressive about checking for phishing scams that were injected into their domain. Google's cluelessness in this area ought to be embarrassing to someone.
1. Re:Google needs to clean up their own act first, by aj50 · 2009-10-14 00:42 · Score: 3, Insightful
  
  An ordinary scam (like the Habbo one listed above) is different from a phishing attack (which requires that the attacker impersonates another entity).
  You have absolutely no hard evidence (other than your own experience and cynicism) that the site collecting Habbo logins isn't doing so for purely honest reasons and will only use them to deposit 500 credits in each account submitted.
  This comes down to a matter of trust. If you trust random people on the Internet, you're going to get screwed over.
  
  --
  I wish to remain anomalous
2. Re:Google needs to clean up their own act first, by tlhIngan · 2009-10-14 03:06 · Score: 2, Interesting
  
  Google has a malware hosting problem of their own.
  Google Spreadsheets can be abused to create phony login pages. Here's one for "Free Habbo credits", designed to collect Habbo logins. It's been reported via the usual "Google abuse" mechanism, repeatedly, and it's still up. It's been up since October 28, 2008.
  We track major domains being exploited by active phishing scams. ("Major" here means only that it's in Open Directory, with about 1.5 million domains.) There are 39 exploited domains today. Only 7 have been on that list since 2008. The most abused site is Piczo.com, which is a hosting service/social network/shopping site for teenagers.
  Just about everybody else has cleaned up their act. 18 months ago, that list had 174 entries, including Yahoo, eBay, Microsoft Live, and TinyURL. All those companies have become more aggressive about checking for phishing scams that were injected into their domain. Google's cluelessness in this area ought to be embarrassing to someone.
  Let me guess - you want Google to remove people's documents arbitrarily? That's what you're saying.
  Right now, Google's right to not do anything - how would you feel if someone just took down one of your documents arbitrarily? Not even a DMCA notice, just a vague "this is a hacker tool" thing? And how do you differentiate between "fake login page" and "log in page mockup"? After all, when designing a UI, you can do it in any medium you feel comfortable in.
  So yeah, Google is clueless. They're so clueless, they'd rather not remove someone's document because there can be many legitimate reasons for it to be there. And I suppose, as much as Google would like to remove it, doing so sets a bad precedent. Your Google Doc annoys someone? Click "report abuse" and Google will take it down. Better than DMCA notice.
  At best, Google can remove it from the index. But allowing Google to arbitrarily remove any document by an anonymous person invites a whole new can of worms. Might as well ban bullets, they've been used to harm people.
Good idea, but... by PrimaryConsult · 2009-10-13 17:35 · Score: 4, Interesting

If Google's determination on whether a site has malicious content is based solely on crawling it, wouldn't a hacker be able to manipulate robots.txt to ignore the file with the malware? These tools would allow a hacker to test that theory out, by trying different things on his own sites and seeing what generates an email, instead of waiting around for Google to re-crawl them and having to check each one to see if it is filtered...
Poor Google IT webmasters! by snikulin · 2009-10-13 17:51 · Score: 2, Funny

Default Apache e-mail is webmaster@localhost
Re:web health should be a communal effort (and fre by DrEldarion · 2009-10-13 18:54 · Score: 2, Informative

Registered webmasters (registration is free) of infected sites do not need to specially enable the feature -- they will find links to it on the Webmaster Tools dashboard.
Google does not charge for Webmaster Tools.
Re:Who requests by mftb · 2009-10-13 19:30 · Score: 3, Informative

It's an opt-in notification system - nobody's forcing you to do anything. Also, robots.txt has been around since long before google.
Happened over here by orta · 2009-10-13 19:37 · Score: 3, Interesting

This happened to my site and the google webmaster tools were helpful but frustrating, it took 2 weeks of my site being banned in all major browsers before they officially sanctioned it OK. It did give me a list of all the URLS where there was problems, so it wasn't too hard to debug.

--
my band is more brutal techno punk than yours
1. Re:Happened over here by johndoejersey · 2009-10-13 23:34 · Score: 2, Interesting
  
  My experience was less than 8 hours. A day or two later I realised I missed my .htaccess file had been gazumped as well. Though google seemed to miss that one....
Re:Who requests by complete+loony · 2009-10-13 22:59 · Score: 2, Interesting

Company? what the...
You obviously have no idea about the early days of the internet and HTTP. The whole point of HTTP was to publish documents, if you host something you are implicitly allowing other people to fetch a copy of it.
robots.txt came about in the very early days of HTTP. An enterprising hacker wrote a crawler to index the whole internet (which wasn't that big at the time). But his crawler got stuck fetching pages from one machine with dynamically generated pages. This obviously tied up the bandwidth, CPU and disk IO of the server which annoyed it's owner. So the 2 people had a polite conversation via email and the opt-out robots.txt was invented.

--
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
Academic cloaking by tepples · 2009-10-14 00:02 · Score: 2, Informative

A number of pay-to-view web forums allow the Googlebot to freely navigate it, but requires payment from users. Among other boards, those involving erotica.
This sort of cloaking is frustrating even for people who aren't porn fans. A lot of scholarly journals spam search engine result pages with their cloaked, noarchived pages <cough>elsevier and springerlink</cough>. Even more frustrating is that Google provides no way for users 1. to exclude noarchived pages from its results or 2. to report sites that violate Google's stated cloaking policy.
1. Re:Academic cloaking by skeeto · 2009-10-14 04:02 · Score: 2, Interesting
  
  You can report sites that use cloaking here: http://www.google.com/contact/spamreport.html . I don't know what good it does since the sites I have reported have never been acted upon.