Macromedia and/or FullAsAGoog RSS Feeds Being Used By Spammers

Posted By: Cameron Childress | March 23, 2005 10:14AM
Related Categories: Misc

It all started with reading this thread on Slashdot about Google Hijacking. For those just tuning in, here's a summary of what Google Jacking is from clsc.net's article on it:
"An explanation of the page hijack exploit using 302 server redirects. This exploit allows any webmaster to have his own "virtual pages" rank for terms that pages belonging to another webmaster used to rank for. Successfully employed, this technique will allow the offending webmaster ("the hijacker") to displace the pages of the "target" in the Search Engine Results Pages ("SERPS"), and hence (a) cause search engine traffic to the target website to vanish, and/or (b) further redirect traffic to any other page of choice."
Here's what happens (credit mla_anderson on the Slashdot thread):
  1. Googlebot goes to scammer's site
  2. Googlebot is given a 302 (redirect) to the victim's site
  3. Googlebot indexes the victim's site as belonging to the original URL
  4. Googlebot goes to the victim's site
  5. Googlebot realizes this URL is already indexed and "belongs" (according to the Google code) to the scammer.
  6. The victim's site get's lower rankings as the page is not even indexed, the scammer's site gets a higher ranking.
  7. The spammer removes the 302 and replaces the page with a spammy page of their own choosing, advertizing porn, viagra, whatever. (added at 12:00 PST)
A more detailed listing of how it works can be found in this comment. If you have a Macromedia Centric blog picked up by an aggrigator and want to test if your blog has been Google Jacked, type the following into Google:
allinurl:yourdomain.com
If some of the search results include pages containing the exact content and title as your blog, yet have a different domain, you've been Google Jacked. Admittedly, and per the descriptions in the above linked paged, this could be by accident some of the time, but the biggest offender in this case for me is edelina.com. Go ahead, type that domain into your browser (I'm not giving them any more link visibility by linking to them). It's a craptastic cornucopia of spammy junk, and they have a 302 redirect up an entire family of Macromedia centric blogs. I've checked others, and we are virtually all there as far as I can tell. Google Hijacking is worse than someone simply syndicating your blog content on their site because it's actually faking our Google to think that it *is* your site vie 302 redirects, which mean "temporarily moved" as opposed to 301 which mean "permanently moved". After a little more investigation, I found that the DNS host for edelina.com is Abadon Studios based out of Aliso Viejo CA. Searching for "Abadon Studios" in Google also reveals that they have a metric ton of other craptastic ethically questionable SEO domains. for all sorts of things. The worst part of it is that the slimeball behind all of this seems to be using Fusebox, which means he's "one of us". If you are effected by this, instructions on what to do about it can be found posted by GoogleGuy on the Slashdot thread. It boils down to contacting Google's user support and using the word "canonicalpage" in the complaint. I would encourage anyone with an effected blog to make a complaint.

Comments (8)

Add Comment ]

Sean Corfield edelina.com does seem a little strange - it sort of looks like an aggregator for a lot of blogs but then all the links on the left hand side all refer back to edelina.com. The Abadon Studio site is an interesting bit of Flash and seems to actually be a website development shop so that part seems kosher...

# Posted By Sean Corfield | March 23, 2005 11:14 AM

Paul Kenney I just checked this out, and I've been affected by this. Don't know about you, but I want a search that is explicitly for my domain to only show pages in my domain. Regardless of how it is happened, Google needs address this and fix this rather unsightly bug.

# Posted By Paul Kenney | March 23, 2005 11:29 AM

Simon Horwith interesting. Yes, also they've begun messing with my blog as well and yes, I reported it

# Posted By Simon Horwith | March 23, 2005 11:31 AM

Linda Can this be happening with normal sites too? I noticed about 2 weeks now that search terms containing my site's name (which is not a blog) are redirecting to other sites which do not even have anything to do with my site's topic.

I have noticed this through my subscription to Google Alerts for my site url.

# Posted By Linda | March 24, 2005 5:01 PM

Cameron Certainly. Googlejacking can happen to any site ont he internet indexed by Google. Click through to some of the lniks in my post and you can find out more about it.

-Cameron

# Posted By Cameron | March 24, 2005 5:14 PM

Eduard Tabara Hello.
I am the owner of the edelina.com. And yes, i am a CF Developer. And no, i don't use FuseBox. There was a lot of bad words about the site, so i want to clarify it.
The reason why i made that kind of links is to can track the views/clicks. How else do you imagine i will can do that if not to direct first to one of my scripts that will record the click and then will redirect to the original site? if i am missing something tell me please. I didn't intend somehow to do any bad things like taking someones glory, if you understand what i mean. As you may see i am not hiding and give here my real email address and my real name. I suppose there were right you first to write me an email about all this and only if getting no reply from me to publish something like this. Am i wrong? Everything have at least 2 sides, and not necessary all the time both being black. So, if you Cameron or anyone else told me i get from their glory i did change the way things work.
Go take a look at fullasagoog.com agregator (this being the model i used when playing with my agregator) and you will see it use exactly the same process.
So i consider it was RUDE indeed to not even try to understand first the problem and to see what the owner may say.
Thx for attention,
Ed
P.S. If anyone want to continue the dispute directly with me, or give any REAL advices instead of just complaining without at least trying to understand the problem, i will be glad to respond to any constructive email. Sorry if my post sounds a bit rude, but i really got shocked by all this. I am not too bad developer and some people do know me, so this kind of articles doesn't sound as fun or good.
P.P.S. for those who will want to get in contact with me, here is my email address: eduard@abadonstudio.com

# Posted By Eduard Tabara | April 19, 2005 10:45 AM

Eduard Tabara And BTW about the "302 redirects". There is a simple CFLOCATION in my code right after the click tracking code is executed and no intended 302 redirect or something. so, i bet an EXCUSE will be welcome.
ah! and btw, there is no other google hijacking as well. all is used are SEO tricks used officially by anyone working with SEO and the ideas was taken from official SEO sites.

# Posted By Eduard Tabara | April 19, 2005 12:51 PM

Add Comment ]

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)





Leave this field empty:

Categories

coldfusion misc user groups standards security technology flex adobe max sumo fitness coworkingatlanta commonspot version control travel svn robots that rock productivity music bluedragon air wireless san diego javascript webdirections vpn scalability mysql jobs fusebox etech cfeclipse

Recent Posts

Archives By Month