Hmmm, that's interesting. I have been quite busy building a site, or I would have given this a crack myself. How about looking at the page's contents (the page being opened) and searching them for 1bu.com?? IMO blocking IPs should be the last resort, especially since you would be blocking quite a few people out. Of course, if you don't care about that geographic section ..... maybe you should block it out anyway and save on bandwidth.
I'm not sure what you mean - the page is modified after it is retrieved from your website. I looked at the headers, and it seems that the evil proxy passed the original browser request headers intact, leaving no way of identifying these requests. Blocking IPs is a high-maintenance solution (once this code gets out, I would imagine lots of people will use it), but the only alternative is that SE's will do a good job at banning these kinds of entries. Remove SE's from this equation and the problem is not much different if somebody runs a mock-up copy of your website. J.D.
JD, you're right. SEs will probably block these kind of sites out, but until then the one's who are not happy about people getting to their content via 1bu.com need to do something on their own to block the site. If the things I suggested before don't work ... how about this? I see that they are changing the title of the page and adding a four digit number at the end of the title. So, make sure none of your pages have a title ending with a 4 digit number and then, do this: 1. Grab the title of the page (As a string) 2. Grab the last four characters of the string 3. run a check to see if this is a valid number or text. If it's a number, display a blank page containing your URL. Make this a dynamic link to your actual site (grabbed off a file or a table rather than a static link). This will ensure that the lnk doesn't have the 1bu.com suffix.
You are thinking of a client (e.g. browser) - there's nothing you can do on the server except to block IPs (i.e. the server never receives anything to make this decision). I'm blocking a couple I found, but, like I said, it will be an ongoing battle as this technique spreads through the web. J.D.
Hmmm, maybe you're right. I might give it a shot myself next month once I'm done with my other commitments. There must be a permanent solution that works for all such sites. Just out of interest, have a look at this page: http://links-directory.newzealandphotography.co.nz.1bu.com/art-photography.php It's one of the pages on my website. The Adsense ads are working (unlike the other "infected" sites). The footer with the link isn't there and only some of the external links have been replaced by the 1bu.com version. So, maybe they have got a few pages on their server and some being created on the fly.
Yep, it seems that the pattern has changed. Now they are only replacing fully-qualified URLs of certain types (e.g. they are ignoring .us). I would say that this engine of their's is a work in progress and will keep changing as they are looking for new buyers. J.D.
I'm happy to announce that I just noticed 1bu.com and 1bu.net are now gone from the google index. I sent a spam report and it looks like it may have had impact. Maybe for another reason, but hey - they be gone! Now we can stop arguing about this and move on to making more money :'>
It is threads like this one and the security threats that idiots like this are to the internet and to Google itself that make them move quickly. Thanks for bringing this to the communities attention man
this hijacking is very annoying. To find out that all your hard work and time has been stolen and reused and theres not much you can do about it..
There is a lot you can do about it, expose the scam artists on forum and put pressure on the Search Engines to invest in security
I too sent a letter to goggle from the point of view that it dilutes my adsense campaign. They forwarded that to the indexing dept. They both responeded with a note and the standard legal stuff as well. I'm happy with the response, it's suggestions, and that it may have helped.
http://www.1bu.com/setfilter/set.asp 1bu.com filters and visits the function : You add in the back of existing websites .1bu.Com or .1bu.net is visited, Can filter FLASH above , webpage virus , hostile code ,etc. ; Can convenient increase filter telecommunication wait for ISP filter yellow , illegal website that lose ,etc. also, benefits your use. If you are a network station owner, do not hope your websites are filtered and visited , Can be very easy to cancel by oneself . For example: www.18x.com.1bu.com,www.xxx.com.1bu.com,.... http://www.1bu.com/setfilter/ins1.asp Does everybody know why 1001 slanders 1bu desperately? 1001 one new account number, he one Chinese, one a ugly one , improper Chinese. I come from China too, find this ugly fellow , remind everybody. 1001 colludes in the department of some of Chinese Government, is carrying on the omni-directional blow to some legal websites, y365.Com , 8u8.Com and 1bu.Com belongs to the same company, once famous websites of China, 1001 houses in company,steal idea of 8u8 the Companies,finding but not facing by prosecution, July of 2004 ,Chinese police have dismantled the server of 8u8.com stealthily , it is unable to continue providing service to cause 8u8.com ltd. (find and made a recording on videotape) http://www.alexa.com/data/details/traffic_details?&range=2y&size=medium&compare_sites=&y=t&url=8u8.com#top http://www.alexa.com/data/details/traffic_details?&range=2y&size=medium&compare_sites=&y=t&url=Y365.com#top 8u8.com CEO has gone to Tian An-men for this, apply to parade , has been caught back. This is ugly thing and conspiracy, there are not the things of democracy and legal system . http://www.zhengqi.net/ One is upright, the Chinese website not fearing death , have it about these things . Perhaps I say these are a disaster to them , they will continue being persecuted . sorry!
http://www.1bu.com/setfilter/set.asp 1bu.com filters and visits the function : You add in the back of existing websites .1bu.Com or .1bu.net is visited, Can filter FLASH above , webpage virus , hostile code ,etc. ; Can convenient increase filter telecommunication wait for ISP filter yellow , illegal website that lose ,etc. also, benefits your use. If you are a network station owner, do not hope your websites are filtered and visited , Can be very easy to cancel by oneself . For example: www.18x.com.1bu.com,www.xxx.com.1bu.com,.... http://www.1bu.com/setfilter/ins1.asp Does everybody know why 1001 slanders 1bu desperately? 1001 one new account number, he one Chinese, one a ugly one , improper Chinese. I come from China too, find this ugly fellow , remind everybody. 1001 colludes in the department of some of Chinese Government, is carrying on the omni-directional blow to some legal websites, y365.Com , 8u8.Com and 1bu.Com belongs to the same company, once famous websites of China, 1001 houses in company,steal idea of 8u8 the Companies,finding but not facing by prosecution, July of 2004 ,Chinese police have dismantled the server of 8u8.com stealthily , it is unable to continue providing service to cause 8u8.com ltd. (find and made a recording on videotape) http://www.alexa.com/data/details/traffic_details?&range=2y&size=medium&compare_sites=&y=t&url=8u8.com#top http://www.alexa.com/data/details/traffic_details?&range=2y&size=medium&compare_sites=&y=t&url=Y365.com#top 8u8.com CEO has gone to Tian An-men for this, apply to parade , has been caught back. This is ugly thing and conspiracy, there are not the things of democracy and legal system . http://www.zhengqi.net/ One is upright, the Chinese website not fearing death , have it about these things . Perhaps I say these are a disaster to them , they will continue being persecuted . sorry!
It's nice to know the Chinese police are doing something. But this problem is bigger than that! This is worse than bandwidth theft, my sales dropped 50% when some guy in Germany started hosting my whole site in this manner and intercepted my rankings! All my urls! Peon... I have seen that message about how to stop this but I do not understand it at all. If you can help? What can we do on our servers to stop these guys? Here is the latest from Germany - here is google's site displayed in their domain, with a nice sexist photo right on the front! http://www.google.links.ringtones.ag I'd think the women at google would be tearing the house down to get this guy stopped for that assault to our dignity, alone. But on a more expensive note, he is stealing their bandwidth and that's illegal - at least here! I've written his hosting company - no action yet! Here is the owner of the site - anybody wanna call him? Domain ID47062-LRCC Domain Name:RINGTONES.AG Created On:28-Jun-2004 05:33:30 UTC Expiration Date:28-Jun-2006 05:33:30 UTC Sponsoring Registrar:Key Systems GmbH (R26-LRCC) Status:OK Registrant ID:AGRS-132388 Registrant Name:Michael Dieckmann Registrant Street1eterskamp 33 Registrant City:Celle Registrant Postal Code:29227 Registrant CountryE Registrant Phone:+49.491792030158 Registrant FAX:+49.49895529807 Registrant Email:m-dieckmann@gmx.de Admin ID:AGRS-132388 Admin Name:Michael Dieckmann Admin Street1eterskamp 33 Admin City:Celle Admin Postal Code:29227 Admin CountryE Admin Phone:+49.491792030158 Admin FAX:+49.49895529807 Admin Email:m-dieckmann@gmx.de Tech ID:SRP-7276 Tech Name:Hostmaster Hostmaster Tech Organization:united-domains AG Tech Street1:Gautinger Strasse 10 Tech City:Starnberg Tech Postal Code:82319 Tech CountryE Tech Phone:+49.8151368670 Tech FAX:+49.81513686777 Tech Email:hostmaster@united-domains.de Name Server:SERVER1-NS1.UDAGDNS.NET Name Server:SERVER1-NS2.UDAGDNS.NET Name Server:SERVER1-NS3.UDAGDNS.NET This guy would have been taken off line in a second in the United States and affiliate program would have dumped him, those are the rules. But although I've contacted both, neither has done a thing. He is still in business and his server is still active. I don't know what is happening with this company - here it is, to save you all the trouble: inetnum: 82.165.32.0 - 82.165.47.255 netname: SCHLUND-CUSTOMERS descr: Schlund + Partner AG descr: NCC#1999110113 country: DE admin-c: UI-RIPE tech-c: UI-RIPE remarks: INFRA-AW remarks: in case of abuse or spam, please mailto: abuse@schlund.de rev-srv: nsa.schlund.de rev-srv: nsa2.schlund.de rev-srv: ns.ripe.net status: ASSIGNED PA mnt-by: SCHLUND-MNT changed: ncc@schlund.net 20040611 source: RIPE route: 82.165.0.0/16 descr: SCHLUND-PA-4 origin: AS8560 notify: guardian@schlund.net mnt-by: SCHLUND-MNT changed: ncc@schlund.net 20040611 source: RIPE role: Schlund NCC address: Schlund + Partner AG address: Brauerstrasse 48 address: D-76135 Karlsruhe address: Germany remarks: For abuse issues, please use only abuse@schlund.com remarks: For NOC issues, please look at our AS 8560 phone: +49 721 91374 50 fax-no: +49 721 91374 20 e-mail: abuse@schlund.com admin-c: SPNC-RIPE tech-c: SPNC-RIPE nic-hdl: UI-RIPE notify: abuse@schlund.com mnt-by: SCHLUND-MNT changed: abuse@schlund.com 20040512 source: RIPE
Explain how he took your URL's and forwarded your traffic to his (clone site?) website and how Google helped him do this?
Haha, good luck getting some help from Schlund (otherwise known as 1&1). They are a german ISP with the crappiest customer service possible, and that's also taking into account Germans consider bad customer service their national sport next to soccer. They are truly stupid at 1&1 and I would bet their first level support would have no idea what the hell you are talking about with 302 redirects etc (Not to mention not all speak/write english properly). His affiliate program, Mediaplazza, makes far too much money to bother with a spammer: call the german rep directly: Marilyne Cafarelli Tel: +33 1 44 09 43 46 She will clear this up rather quickly.
Thanks a million! That's a Paris number, and not far from where I used to live!! I should go knock on their door! No answer and no voicemail but I'll try tomorrow during business hours. I called Canada's office, wrote, they did nothing. Obviously. He's still selling their ringtones. There are plenty of affiliate programs/companies making every bit as much money as MediaPlazza who simply don't permit abuses. I am REALLY disappointed with their ethics :-( Just all the way around... their content, this business... yuk, so uncivilized. I'll keep you posted! Did anyone check their own urls with this guy? And I still don't understand how you use 302s to redirect other people's content to your url... An administrator mentioned a Linux program called Kurl or something...?
Hi Anthony! I forgot to respond. I don't know how he did it but he did it. And, google didn't help him do it but, what happened was, google goes to spider his site - which WAS, mind you, only about 5 pages when he got started - and, because of this ..."thing" he's done (hijacking everyone else's sites), google finds he, in fact, has one of the largest web sites on the internet!!! So just about ANYTHING you search for google says "well THIS guy has THAT on a zillion pages AND, he is one of the biggest sites on the internet! He's got content out the whazoo about everything you can imagine!" And so.... they rank him in the top 10 - pushing me out of the running. So basically in google's rankings I am competing with my own site! And since I did such a good job with my own site I'm having trouble beating myself at HIS site! ) That's where google comes in. They simply indexed all my pages as being at HIS site. Does that make sense? Does your site work on his links url? try it, taking out the spaces, I don't wanna give him one more link: www. YOURDOMAINNAMEHERE . links . ringtones . ag
I don't understand how any of these sites can 'steal' your google traffic. Do you do any off page optimization? Just a little bit should leave them in the dust.