Bot Herders Use SEO for Massive Search Spam - Other Paths and Repercussions
(Page 4 of 4 )
This latest spate of SEO-type attacks isn't the only way a hacker with a lot of computer power could take advantage of Google by manipulating its results. Early this year, GNU Citizen reported on a rather unusual form of Google poisoning. The poster's site was down for a week in December 2006, and checked Google during that time because he was afraid that the search engine would index the Wordpress default error page (which is what his site was showing because he had no database connectivity at that time). Well, his blog was still holding the number one position - but the other web sites listed "were showing parts of the notorious Wordpress default error page that is presented when there is no database connectivity."
From this, GNU Citizen composed, but did not test, the following possible scenario: an SEO expert sets up a network of splogs (spam blogs), each with lots of pay-per-click ads. When the Google bot arrives to crawl a splog, "a mod_rewrite directive matches the user agent and sends the notorious Wordpress error page (other types of error pages are possible too)." The spider will then associate the splog with pages that contain that particular failure. "This means that, if your website happens to display the Wordpress No Database Connectivity page" when it is crawled, "users who try to reach you through Google will get a poisoned result set."
This works because Google only cares about content, and automated computer searches still have problems with meaning. What I've just described, in short, is another way for keywords to be hijacked. It uses a technique that is different from the botnet, but the result is similar: a page gets a spot in the SERPs that it doesn't deserve.
These tricks and others are becoming more common; even Al Gore isn't immune to them, as he discovered recently when his blog was actually hacked to show search engine spiders tons of links to pharmaceutical sites. Sadly, they're giving SEO a bad name. One observer blogging about the latest exploits noted that "There's lots of talk within the tech community, especially the blogosphere about using SEO and how it's GOOD for bloggers and doesn't negatively affect readers/searchers/regular users. This is a lie. Instead of Search Engine Optimization, SEO should really stand for Search Engine Opportunism, because that's what it really is."
As a searcher, you can defend against the attacks by making sure your computer has all of the latest and most up-to-date patches. As an SEO, you can defend against the attitude of others by making sure your main focus is on the content of the site, rather than trying to game the system inappropriately.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
