Slashdot Mirror

← Back to Stories (view on slashdot.org)

SEO Via DNS "Piggybacking"

Posted by samzenpus on from the slip-in-there dept.

An anonymous reader writes "There is an interesting story over at the SANS Internet Storm Center that shows details on about 50 organizations that have had new machine names added to their DNS zone information. These were then pointed to sites used to boost the search engine cred of pharma, personals, and porn sites. If you outsource your DNS, how would you ever catch something like this?"

16 of 74 comments (clear)

  1. My hobby by Hentes · · Score: 2

    is signing up the contact emails of SEO companies to v1agr4 mailing lists. Fight spam with spam.

    1. Re:My hobby by TechLA · · Score: 2

      Exactly this, there are many reputable SEO companies and individuals. Just like with everything else, some people misuse things for their own gain. SEO is not about spamming search engines, it's improving the site in question, both to search engines and users. This results in better experience to everyone.

    2. Re:My hobby by citizenr · · Score: 5, Funny

      Excuse me, but might I point out that SEO is not spam.

      Thats what SEO salesperson would say.

      --
      Who logs in to gdm? Not I, said the duck.
    3. Re:My hobby by squiggleslash · · Score: 2

      Let's turn down the heat a notch. I work in a publishing company maintaining a collection of newsletter style websites, my colleagues use the term SEO rather a lot, we've employed at least one SEO consultant. This is my experience of what SEO is:

      My company publishes free content that it also syndicates, for free. Anyone who wants to can republish our content, as long as they link back to us. This isn't particularly unusual, especially as my employer sells premium products on the back of the free stuff (one in every few articles is, in fact, an ad, ultimately.)

      What it found were a number of issues with this, not the least of which is that many times if you searched for our content on Google, one of the syndicated copies would be first on the list, and our sites would be way further down in the list.

      A quick look at Google Webmasters also showed that we were getting a lot of hits for stuff that had nothing to do with us, while not getting hits for things that we did have.

      What went wrong and what did we do to fix it? Well, once you have a site that's gotten over a particular size and which has rather a lot of complexity (and we have multiple such sites), inevitably the site starts to gather rather a lot of crud. SEO, in this context, means taking a step back and figuring out where the problems are in the site. Sometimes they're obvious - bad uses of tags, a lack of meta data - and sometimes they're not - a lack of semantic HTML is a common problem and extremely easy to do by accident.

      And that's what we've been doing. No-one's ever recommended link farms to us (and we'd fire any consultant who does - link farms are a great way to get permanently banned from Google.)

      When you hire an SEO consultant, you might hire a kooky black-hat person (and when I was building sites for clients, I had clients who'd come to me saying they'd been in touch with a "consultant" who promised to make their site #1 in 24 hours...) but that doesn't mean all SEO consultants are going to be like that, not least because that's a great way for an SEO to lose business in the long run.

      Going through your site and ensuring that it uses semantic mark-up, that it has proper meta data, etc, is something that ultimately improves visibility. And it's very easy to not do by accident. It's also very easy to only half do if you think you know what you're doing but actually your skills lie in data manipulation, or cosmetic web design, or converting video formats, or whatever.

      As I said, this is my experience. And as I said, yes, I've had people come to me (outside of my employer) asking whether they should work with rather dubious SEOs. But in normal parlance, SEO is a fairly reasonable activity, and actually, all the things that legitimate SEOs recommend are stuff that helps the web rather than damages it.

      --
      You are not alone. This is not normal. None of this is normal.
  2. By checking? by h4rr4r · · Score: 2

    You could just do a zone transfer and check. If they don't allow that, find someone who does.

    1. Re:By checking? by petermgreen · · Score: 3, Insightful

      How do you know if the records in the zone you transfer are the complete set of records in the live zone?

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
    2. Re:By checking? by h4rr4r · · Score: 2

      Well, djbdns is dead, so what else is left of any worth?

    3. Re:By checking? by causality · · Score: 3, Informative

      Well, djbdns is dead, so what else is left of any worth?

      I've been really happy with Unbound. Prior to that, I used MaraDNS until I found that Unbound was snappier from the perspective of my Web browser not having to wait as long for hostname resolution.

      My own needs are rather modest. It is possible there is some killer feature you absolutely must have that neither of those supports. If not, I think you'd like them.

      --
      It is a miracle that curiosity survives formal education. - Einstein
  3. Re:Facebook? Really? by Sarten-X · · Score: 2

    Facebook's another victim here, more or less. From TFA, it appears one approach is promoting malicious Facebook apps. Personal opinions of Facebook aside, it seems reasonable. If I trust Initech.com, I'd be me likely to approve a Facebook app from facebook.initech.com.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  4. Re:Facebook? Really? by Rosco+P.+Coltrane · · Score: 2

    Facebook's entire history is one of shady behind-the-user's-back shit.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  5. Maybe you should not outsource your DNS... by Czech+Blue+Bear · · Score: 4, Insightful

    I believe that DNS, along with other IT infrastructure (and accounting) is so crucial that it should never be outsourced. By outsourcing, you are in fact giving away your keys to your webs/infrastructure/money. Of course that all kinds of bad stuff can happen then.

    1. Re:Maybe you should not outsource your DNS... by msobkow · · Score: 2

      I don't understand why you'd want to outsource DNS. It's trivial to set up a DNS server, and I'd want to be able to remap servers on a whim in case any issues arose.

      I set up a one-machine DNS on this box just so the VMWare image can be properly resolved by the host image. It took longer to download the latest bind software than it did to configure it.

      --
      I do not fail; I succeed at finding out what does not work.
    2. Re:Maybe you should not outsource your DNS... by subreality · · Score: 2

      Setting up BIND is easy.

      Setting up several high-reliability, geographically-distributed, no-common-failure-modes sites is hard, and it's a prerequisite for DNS. If you mess up, pushing out new NS and glue records is slow. It takes a long time to recover, and your web site is down and your mail is bouncing the whole time.

      Some large companies have multiple reliable sites and it's not a burden to host their own. Most mid-to-small guys are better off using at least an outsourced secondary DNS service. Tiny companies have better things to do than trying to host their own public infrastructure, and should outsource anything that's available as a cheap, convenient service like DNS.

  6. Zone transfers? by Anonymous Coward · · Score: 3, Informative

    The referenced site had many examples, such as buy-viagra.4kidsnus.com
    having been added as an extra host (subdomain! There is even a
    www.buy-viagra.4kidsnus.com!) to 4kidsnus.com.

    Now how did that get added to 4kidsnus.com?

    Someone suggested checking a zone transfer. That seems not to work
    here at the dnsexit.com supplied nameservers.

    I do NOT see any buy-viagra.4kidsnus.com in a zone transfer for 4kidsnus.com. I DO see a separate zone transfer to the domain buy-viagra.4kidsnus.com itself.

    Usually public zone transfers don't work, but they happen to
    be supported for 4kidsnus.com.

    4kidsnus.com. SOA ns2.dnsexit.com

    (from dns2.dnsexit.com)

    Hmmm ... slashdot claims this hits their 'lameness' filters
    due to so many 'junk; characters ... like spaces and digits?

    Well ... apparently they are not going to accept it with
    any useful data so ... try a 'dig @ns2.dnsexit.com. 4kidsnus.com.' Here is a truncated version of what I found.

    One finds the SOA (nameserver at ns2.dnsexit.com),
    NS records (dns{1,2,3,4}@dnsexit.com), a few MX records
    (at google) a wild carded CNAME (*.4kidsnus.com are all
    aliased to the CNAME 4kidsnus.com) and address for
    4kidsnus.com (50.73.38.13) and one host with its own,
    separate A record, pbx.4kidsnus.com at 74.189.21.58.

    I don't see buy-viagra.4kidsnus.com at all.
    However one can get a separate zone transfer for that
    domain (with a host at www.buy-viagra.4kidsnus.com):

    dig @ns2.dnsexit.com buy-viagra.4kidsnus.com. axfr

    buy-viagra.4kidsnus.com. SOA ns2.dnsexit.com. admin.netdorm.com.
    buy-viagra.4kidsnus.com. NS ns1.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns2.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns3.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns4.dnsexit.com.
    buy-viagra.4kidsnus.com. A 67.55.117.204
    www.buy-viagra.4kidsnus.com. CNAME buy-viagra.4kidsnus.com.
    buy-viagra.4kidsnus.com. 28800 IN SOA ns2.dnsexit.com. admin.netdorm.com. ;; SERVER: ns2.dnsexit.com

  7. Re:Maybe the domain owners are involved? by tliston · · Score: 2

    In addition to sending notifications to site owners, I did communicate with several of them and they were shocked to find out about the alteration of their domain information. I also spoke with some of the DNS providers and I found nothing to indicate that they were involved (also, from TFA, the domains are spread across multiple DNS providers). As I said in the write-up, my bet is on a combo of poorly chosen passwords and overly generous/non-existent account lockout policies on something like a cPanel interface.

  8. SEO is whitehat - and a good thing! by Coolhand2120 · · Score: 2

    A good web author knows how the search engine works with their site. Things like overuse of a keyword, not enough content or excessive boiler plate content will cause your site to rank low. While things like canonical urls, matching meta description with page content, lots of diverse keywords in narrative format and links pointing to pages that contain the link text in prominent locations all will help your position in a search engine.

    I'm sure there are some SEO companies that sell people bullshit, but that story is as old as time, you'll find con artists in every business. This is not "hacking" or "spamming" or even gaming the search engine. It's presenting a semantically correct page that both humans and spiders can understand well. You can get a good rank without doing anything nefarious. Just from my own searching, as a non-author, I can see nefarious stuff rarely works and when it does it's fleeting.

    When I do SEO on a site I use a program like http://www.seoengine.com/ to tell me what's wrong with my page. More good info on SEO can be found at Google webmaster blog And A bunch of great videos from the Google guys (Tons about SEO):.