Search Engine Watch
SEO News

Go Back   Search Engine Watch Forums > Search Engines & Directories > Google > Google Web Search
FAQ Members List Calendar Forum Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
Old 08-13-2006   #21
offshelfnet
hoodia gordonii plus
 
Join Date: May 2006
Location: Canada
Posts: 35
offshelfnet is on a distinguished road
Quote:
Originally Posted by FreeAgent
I'm not finding any of the results you are talking about. Are you still seeing these results on your end?
what tools are you using?
offshelfnet is offline   Reply With Quote
Old 08-13-2006   #22
Marcia
 
Marcia's Avatar
 
Join Date: Jun 2004
Location: Los Angeles, CA
Posts: 5,476
Marcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond repute
Quote:
tools
offshelfnet, something real basic, quick and easy to do if you see something odd, when doing a Google site: search and there's no cache showing is to run the URL by here:

Rex Swain's HTTP Viewer
Marcia is offline   Reply With Quote
Old 08-13-2006   #23
Marcia
 
Marcia's Avatar
 
Join Date: Jun 2004
Location: Los Angeles, CA
Posts: 5,476
Marcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond repute
Quote:
You might want to ask reddoormedia the following questions:
Reddoormedia is apparently the web designer, and if the OP said in the first post in the thread that it's his/her client, chances are pretty good that he/she is reddoormedia since it's listed on the RDM site that this grocery store is a client.

Quote:
- Why is there no redirect from non-www to www on the site?
As a matter of fact, it usually doesn't even occur to most average webmasters and designers that a redirect like that needs to be done.

Quote:
- Why are there links to reddoormedia without anchor text in them?
That can very easily happen, and in fact does happen all the time when using Dreamweaver. You remove a link from a page and think it's gone, and often only the anchor text is gone but the underlying link in the code is still there. I don't know how many times I've caught that happening and had to correct it by hand in the HTML.
Marcia is offline   Reply With Quote
Old 08-14-2006   #24
BrianWhite
Newbie
 
Join Date: Aug 2006
Posts: 3
BrianWhite will become famous soon enoughBrianWhite will become famous soon enough
Hi, I'm Brian White and I'm on the webspam team at Google with Matt. We've discovered that the likely explanation is that a third party gained access to a number of sites and dropped files in these accounts (including a modified .htaccess using rewrite rules) for the purpose of rewriting the home page through a proxy script. The proxy script adds links when Googlebot visits, and in a sinister twist, adds the rel=nofollow link to cap off PageRank bound for any external URL not under control of this third party. As Danny noted, they also add a NOARCHIVE meta tag to disable the cached version in results.

We've taken care so that the malicious party doesn't receive benefit of PR from the affected websites.

We don't know how the third party got the files on the webhosts, but cPanel seems to be the common denominator. We're in touch with some hosts who appear be affected by this.

At the risk of allowing the folks who created this to adapt, you can use Google Translate to confirm the behavior. Check any of the affected sites (no Cached link) on the Google search ["hairy sex porn free"] via Translate to see the cloaking, since the proxy script checks for a visit from Googlebot IP addresses, and doesn't discern between a regular crawl visit and a Translate request.

Last edited by BrianWhite : 08-14-2006 at 04:43 PM.
BrianWhite is offline   Reply With Quote
Old 08-14-2006   #25
Marcia
 
Marcia's Avatar
 
Join Date: Jun 2004
Location: Los Angeles, CA
Posts: 5,476
Marcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond repute
There were some instances last month of servers being randomly compromised. Here's one instance in a thread at another forum

http://forum.abestweb.com/showthread.php?t=75731

There was a credit site showing up for the guy's domain instead of his usual site. I was curious and asked DaveN if he knew how that could be done, and he said he had heard about 3 other instances that same week, done by that same credit site.
Marcia is offline   Reply With Quote
Old 08-17-2006   #26
FoodWriter
Member
 
Join Date: Aug 2006
Posts: 5
FoodWriter is on a distinguished road
An experience different but similar in some ways.

I am very new to this, so please forgive my ignorance of the protocalls if I have breached any. I was led to this forum by Adam Audette of LED Digest because of certain similarities to my situation. My situation did not involve credit card companies but instead involved a porn site using my server and I would suspect links to the pages involving my domain name in the path.

My site, which is a high end food and travel review site (www.gourmetvoyageurs.com) was recently used to "parasitically" host porn pages on my hosting server which is a company called www.seanic.net. I was alerted to some problems with my site because after being at or close to the top for searchs involving the hotels and restaurants I review for many years now by Google, suddenly I discovered my site was dropped completely and my Google AdSense revenue stream pratically dried up. My visitor tracking confirmed the huge drop in visitors. A search on Google for the stories that have always come up showed they were gone so was any link to my site name, my name other than the many sites that link to my site.

When I opened up my server using the FTP in my site building program GoLive, I found a couple of folders (I am a Mac user so I guess these can also be called directories), that I did not recognize. When I opened them, one had a php file it in and the other had hundreds of html porn pages (about 17 megs worth) but no image files. I checked the posting dates and they were all the same day and uploaded within a few minutes of each other on 23 June this year. It was the latter part of June and all of July that my traffic was severely reduced. I can't believe it was a co-incidence the the porn pages were uploaded and Google identified my domain in their link and cut off my site within a few days of each other. Franckly I don't blame Google, but am hopeing that now that my server space has been purged (I hope!) of the files, Google will come back. But I don't count on it. But they are loosing AdSense revenue just as I am.

Posts from other LED'ers go into a lot of detail in both more probing questions about my server situation as well as what I can do. Most of it way above my head. I am a visual designer; not technical in any way. My hosting company has only suggested making my password more random rather than identifiable words with numbers and changing it often. I am the only person to access my server files from my end. They feel someone hacked in using a guessing dictionary software system.

There are no .htaccess folders or files and even the CGI folder is empty. I have reuploaded all my site files to replace the directories and files that had been on the server previously incase there were other porn directories hiding from view. There had been a second set in my CSS styles folder. Cute.

Does anyone have any ideas about how to prevent this in the future and how to keep my account with the host server more secure? I can't afford expensive hosting, since the income from this site is very small. It is really a self financed foodie site.

If anyone has actually read as far as this, thank you.

Peter D'Aprix
FoodWriter is offline   Reply With Quote
Old 08-17-2006   #27
BrianWhite
Newbie
 
Join Date: Aug 2006
Posts: 3
BrianWhite will become famous soon enoughBrianWhite will become famous soon enough
Hi Peter,

Thanks for sharing your story. It's important that more people understand the particulars of different varieties of site defacement. These actions are requiring site owners to be more vigilant over the files within their own hosting accounts, unfortunately.

From Google's perspective, we often see sites that are under new ownership by spammers, and they keep organic pages around as red herrings to throw casual observers off the scent. We err on the side of doing what's right for the user, and in your case, we did remove the site from our results.

It sounds like you have remedied the problem for now. I checked to see if you have submitted a reinclusion request, and I see none for gourmetvoyageurs.com. I recommend that you follow these instructions to submit a reinclusion via Google Webmaster Central (recently Google Sitemaps):

http://www.google.com/support/webmas...y?answer=35843

If you include the same text as in this thread, the folks responsible for reinclusions will undoubtedly schedule a reinclusion.
BrianWhite is offline   Reply With Quote
Old 08-17-2006   #28
FoodWriter
Member
 
Join Date: Aug 2006
Posts: 5
FoodWriter is on a distinguished road
Many thanks Brian

Thank you Brian both for your recommendations and your interest in the matter both personally and on behalf of Google. My background is in the visual arts photographically and graphically. So the complexities of the internet, especially those that change before I can wrap my mind around what existed 5 mintues ago, are daunting for me.

You see, I did not know that a reinclusion request would work as I have heard so much about NOT submitting sites to Google or anyone elses submission machine since everything on the web get spidered anway. Some have even suggested that it is a good way to be rejected, not reconsidered.

May I pass on this information you posted to the other wed designers at LED Digest? It seems others have been in similar boats. The specifics always seem to be a bit different.

As you say, the naiveté of yesteryear is being stripped away bit by bit. Since there is only one of me and I don't have enough hours in the day to monitor all my sites as well as my clients' sites against "parasitic" gate crashers, I may have to reduce my web presence and focus on many fewer sites. I could spend a day a week just changing passwords and combing through all the directories on the site servers which would not result in billable hours. Even then, I would probably not recognize some nasties when I saw them.

So thanks again and I will follow your advice.

Peter.
FoodWriter is offline   Reply With Quote
Old 08-17-2006   #29
JohnW
 
JohnW's Avatar
 
Join Date: Jun 2004
Location: Virginia Beach, VA.
Posts: 976
JohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud of
BrianWhite welcome to SEW! Great first post. Of course when outing a (mostly) secret SEO tool to the public you might as well go all the way and include the url hack for english/english ;-)

We all hope to hear more from you!
JohnW is offline   Reply With Quote
Old 08-17-2006   #30
FoodWriter
Member
 
Join Date: Aug 2006
Posts: 5
FoodWriter is on a distinguished road
What's secret?

Hi JohnW

Now your response puzzles me. Is it an insider joke or what? Am I misunderstanding you, but it sounds as though Brian's suggestion and link to a Webmaster Help Center that is not behind even a sign-in that to my inexperiened mind has been put up just exactly to help ignorant web-trying-to-be masters navigate our way through the constantly changing pitfalls of web design and the internet world is hardly an "outing" of information but a distribution of very important information. Am I completely misreading this? Perhaps you could throw a bit more light on this for the rest of us so what you are saying can become a bit more clear.

But I certainly second your appreciation of Brian for his very clear and helpful response even though I am afraid I hit the submit button before pasting in the post he suggested I include in the reinclusion request; learning curve!

Many thanks.

Peter.
FoodWriter is offline   Reply With Quote
Old 08-17-2006   #31
JohnW
 
JohnW's Avatar
 
Join Date: Jun 2004
Location: Virginia Beach, VA.
Posts: 976
JohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud of
Sorry if this was confusing. I was teasing him a bit for letting this out, but its not really a huge secret.

Spotting cloaked pages has however, been something that not to many people have known how to do. Until now ;-)

Using the translate tool lets you see in your browser whatever content was aimed at Gbot so in effect you can use it to see a cloaked page that was meant only for Google. It makes you look like you are coming from G's IP range (you are, because the tool is a proxy). And you can play around with it to translate english to english making it perfect for this application.
JohnW is offline   Reply With Quote
Old 08-17-2006   #32
FoodWriter
Member
 
Join Date: Aug 2006
Posts: 5
FoodWriter is on a distinguished road
Ohmagod! Sorry I asked! All way over my head. For us duffers out here, just put "ingroup joke" and we won't waste your time with explanaitions.

Thanks

Peter.
FoodWriter is offline   Reply With Quote
Old 08-18-2006   #33
Marcia
 
Marcia's Avatar
 
Join Date: Jun 2004
Location: Los Angeles, CA
Posts: 5,476
Marcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond repute
Quote:
From Google's perspective, we often see sites that are under new ownership by spammers, and they keep organic pages around as red herrings to throw casual observers off the scent. We err on the side of doing what's right for the user, and in your case, we did remove the site from our results.
That's good to know, I'd never have thought of that. In some cases though, the real site owner can open the door themselves.

To reply to a thread here at SEW earlier this week I looked at the Google search for a one word "adult pharmacy product" and saw a page ranking on an otherwise legit-looking site. Doing a site: search, there were 11,800 doorway pages with redirects to pharm and p0rn sites. I don't appreciate being redirected to sneaky nasties with popup windows, headed over and filed a report and when looking again a day or so later that site was gone and no longer there for the search.

I phoned the owner yesterday, since the pages were in a members area wth a signup and he may not have been aware. He said that he had been informed and that the feature was disabled and all those pages removed - which they were, but the pages are still cached (and still redirect).

There were also some redirected AOL hosted pages in that search, also redirected, and this is where that HTTP header checker I posted about comes in handy. I popped the URL into it and even though a 200 was returned, you could see the Javascript redirect in the source code.

On that same note, right clicking for Google translation doesn't help if we've got Javascript enabled since we'll get redirected, but going directly to the Language Tools and copying and pasting the URL in does work. Even without English to English.
Marcia is offline   Reply With Quote
Old 08-18-2006   #34
Robert_Charlton
Member
 
Join Date: Jun 2004
Location: Oakland, CA
Posts: 743
Robert_Charlton has much to be proud ofRobert_Charlton has much to be proud ofRobert_Charlton has much to be proud ofRobert_Charlton has much to be proud ofRobert_Charlton has much to be proud ofRobert_Charlton has much to be proud ofRobert_Charlton has much to be proud ofRobert_Charlton has much to be proud ofRobert_Charlton has much to be proud of
Brian - Thanks for that post. You were very helpful at the Google Dance too. Thank you. I hope we see you more around here.

Quote:
Originally Posted by JohnW
...include the url hack for english/english
You don't need to do anything. Leave it set to German to English... or anything to English. "Translate" won't find any German words so it will leave what's there alone... et voila, English to English!
Robert_Charlton is offline   Reply With Quote
Old 08-18-2006   #35
JohnW
 
JohnW's Avatar
 
Join Date: Jun 2004
Location: Virginia Beach, VA.
Posts: 976
JohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud ofJohnW has much to be proud of
Marcia, good point, I missed it.

>won't find any German words so it will leave what's there alone

Robert that's awesome. Sometimes the simple solution is the hardest one to see.

Last edited by JohnW : 08-18-2006 at 07:39 AM.
JohnW is offline   Reply With Quote
Old 08-27-2006   #36
Marcia
 
Marcia's Avatar
 
Join Date: Jun 2004
Location: Los Angeles, CA
Posts: 5,476
Marcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond reputeMarcia has a reputation beyond repute
Quote:
We don't know how the third party got the files on the webhosts, but cPanel seems to be the common denominator. We're in touch with some hosts who appear be affected by this.
BTW, the site referrred to in msg #25 above is Cpanel hosting, and after checking by IP, so is the site posted about in this current thread

Google Search Results: Thousands Of Pages I Never Made + search.ug
Marcia is offline   Reply With Quote
Old 08-17-2008   #37
claude916
Newbie
 
Join Date: Aug 2008
Posts: 1
claude916 is on a distinguished road
Re: sitemaps hacked??

Hello MattCutts, It seems that I have the same problem with the suspicious webhost cloaking. I have important questions to ask for your expertise...

How can we 'trap' the hosting company in the act? I 'did' have problem with the hosting customer rep and I am starting to feel that he might do this to my website.

(1) First, can how can I find out when the redirect first indexed by yahoo? (porn links appeared in from one folder in my domain)
(2) Can I get proof or support from yahoo WHEN and HOW it was recorded from my domain? Another word, these porn links actually came from a folder from my domain, not a redirect from someone else....
(3) Can I find out WHEN this folder that housed all the porn links html first created?
(4) Can I sue the hosting company?

Thanks Matt!
claude916 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off