I was doing some research today on spam techniques and looking at the viagra keyword listings. I found an interesting result in the serp. #6 for viagra is keycontent.org. Of course nothing pertaining to viagra on the site. I checked the backlinks for the ranked page, nothing there. Checked to see if it was cloaked, figured it wouldn't be as no reason for them to rank for that word, nope no cloaking. Then checked the backlinks for the domain. And there it is, loads of comment and guestbook spam links pointing to a redirect page on their site. I check the redirect links and it appears they fixed the problem. This kind of thing has been going on for years but I never have looked into the effects on the "victim" site search wise. This is almost like a reverse 302 hijack. I'm unfortunatley a little ignorant on the specifics of how search engines look at redirect links. I was under the impression that they do not rank the content of the landing site for the redirect url. Is this correct? Or is this pushed solely on the quantity of links and anchor text? I know this won't last and it will eventually be corrected just like any other spam site that is pushed to the top by mass incoming links. In this case how is it going to be dealt with, will the "vicitim" site receive penalties by Google as if they were another spam company? I figure some credit would be given if they are an aged domain with no bad history and would likely flag a manual inspection if Google even notices this. Any history on this kind of thing?
i.e. (evil link: www. keycontent. org/tiki-directory_redirect.php?siteId=491#viagra) simply redirects to the keycontent.org home page, nothing viagra related.
www*ee.aston.ac.uk/intranet/tiki-directory_redirect.php?siteId=10 ^^^ This seems to be another hack of some form. It redirects to a viagra site and is ranking very high for what is a super high keyword. Hmm!
Yeah I'm seeing that script being abused like crazy. Google's just slurping up the results like candy. However, normally the url ranked is the redirecting script url. In this case it's the actual domain that is hosting the script that got the juice. I wonder if it originally ranked like the others, then when it was fixed, the google spider updated the url to the domain but the rankings weren't adjusted. Strange stuff. LOL, just had to add this link I found while researching: www. spamblackout .com/kbase/question.php?qstId=2 Scroll down on that page to see the humor. Ironic no?
So does anyone know how they are doing this? Only way I can see how they have done it to get a re-direct on those high ranking sites is by exploiting the server and placing the redirect and then creating lots of guestbook spam pointing to the re-direct... If they can get over 5 results in the 10 top for "viagra" they are doing something right! Surely Google will close this loop ASAP!! Yeah that is very funny...
Probably one of these or something similar. http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tikiwiki TikiWiki appears to be infested with security bugs.
Ahhh. So basically they are finding trusted domains using tikiwiki. Then they are exploiting the vuns so they can set-up a redirect to a non-trusted domain. They are they spamming guestbooks etc with links to promote "viagra" for a trusted domain so it rising VERY high in the serps. I bet they have made a lot of money from this! It is blatantly illegal (hacking a site) tho!
DING! you got it. This routine has been going on for years in BH and hacking circles, the only things that change are the exploits. Once the more widespread vulnerabilites get patched up they just go find the latest and greatest new ones and rinse-repeat. It still kind of boggles me that the main domain got so much juice for the taget keywordword. When the spam redirect was working the redirect url would normally appear in the serps. The redirect is a 302 and it's basically reverse 302 hijacking. The landing page I assume had virtually no pr so it was all just content and inbound links that drove it up. But now that it 302s back to the primary domain there is no longer content, just links. I wonder if the links still are driving this or if it's just some strange residual effect. Note: There is a lot to learn from the patterns the BH and hacking communities follow. You can implement similar models to your advantage and still be ethical, just need to be creative.
plone also recently had an exploit that allowed people to load javascript into the user's portrait image. The redirect would occur via the javascript, and the end user would have no idea what just happened. I'm also interested in the fact that since the exploits were fixed, the sites still rank well for those terms. If you check http://blogcityusa.com/ (which comes up as 4th on google.com.au for viagra), they've taken advantage of the situation and put an ad for viagra on the main page. It's kinda cool that after whatever initial headaches they had trying to sort out who, why, and how the sites got spammed, at least now they can sit back and make some money. I'm certainly curious to see how long the high rankings last. Kinda makes me envious
Hi: I'm one of the admins for KeyContent.org. Yes, I found that we were "spamed" with redirect links about two weeks ago. I've taken action to correct the issue (the link in question now simply redirects to our home page) . Is there any way to protect (or better yet, "fix") this? We don't wont our site to be ranted for Viagra. Tx
Yeah. Google reports 43,000+ links with "keycontent.org" and "viagra"... http://www.google.com/search?hl=en&ned=us&ie=UTF-8&q=%22keycontent.org%22+viagra&btnmeta%3Dsearch%3Dsearch=Search+the+Web
If I were you I would of made some money out of the situation with all that traffic looking to buy viagra you could of made £££££££ in a very short space of time! Maybe not "ideal" but its always good to make the best of a bad situation.
wow, I got some awesome examples now keycontent, ever thought of doing some affiliate work for a Viagra company? lol. hmmm, not too sure what you can do, but in the long run should help your PR lol, try emailing Google, saying summit like: Dear Google, we have spammed by a 3rd party using Viagra as the anchor text, we have always followed your guidelines and realise how much of a problem this will be, please can you help us not get deleted thanks to your Uber algo love keycontent or summit along those lines if that fails, then I guess you will have to try and remove all of the links individually or even temporarly stop the SE's from seeing your site.