Taco HTML Edit 1.7.2 has been released! The big change is that it is now distributed as a universal binary, so it runs natively on both Intel- and PowerPC-based Macs. There are also some bug fixes in this version.
February 25, 2006
A New Type of Google Spam
Some of you may be aware of the Google 302 Exploit. Basically, this exploit would allow a hijacker put its own web page in place of another person's web page in Google's search results. The result is that the hijacker (usually a spammer, or a seller of a competing product) could steal all of the traffic going from Google to the legitimate web page. Taco Software appears to be falling victim to a similar type of exploit.
The following screen shot illustrates what is happening:
Notice that in the first result, the URL contains "www" as a prefix. No other tacosw.com page listing on Google has this prefix. Also, notice the presence of spam terms in both results such as "Phentermine" and "ringtones". I assure you that these terms have never appeared on the Taco Software web site (other than the previous sentence, definitely not on the home page), but I first discovered this problem when I noticed that some people were arriving at tacosw.com using search terms such as these. Finally, you will see that Google does not have a cache available for either search result. Thus, the question now becomes, "What is going on here?"
I would like to start by mentioning that when I first discovered this problem, the only affected web page was www.tacosw.com. I then tried adding a permanent HTTP redirect to tacosw.com/index.php, and the result was the second spam result in the above image. Whoever is doing this is capable of adjusting quickly it would seem. The way I see it, there are two plausible scenarios for what is going on:
- My web host (HostGator) is making money by inserting these terms as links into my web page when GoogleBot visits.
- A spammer is taking advantage of a flaw in Google to modify search results
The first scenario can be eliminated as follows:
- Motive: HostGator would have little to gain and much to lose if it was doing this.
- Tests: I visited tacosw.com using the GoogleBot's user-agent, and no such spam links appeared
- The "www." prefix: The presence of the "www" prefix, when it probably should not be there, would indicate that this is the work of an outsider, not my own host.
From this, and in light of the previously described 302 exploit, I conclude that the second scenario describes what is happening. Someone is tricking Google to think that tacosw.com is linking to spam sites. This is presumably being done using HTTP somehow. The spammer wants to make it difficult to discover that this is going on, so it is leaving Taco Software's content intact, but just inserting spam links. The fortunate thing here is that Taco Software has not lost traffic because the spammer is leaving the content intact. However, Taco Sofware's PageRank on Google could ultimately be harmed if Google believes that Taco Software links to spam sites. Also, this could reflect badly on Taco Software if users discovered these strange terms seemingly appearing on our web pages.
If anyone can provide additional details about what is going on, or has advice about what I should do, feel free to send an email or post a comment. Your help is appreciated.
Posted by Raj Doshi at 6:29 PM
Copyright © 2007 Taco Software ®
