From My Spammers Toolbox Collection! Options

[yannis]

Check out this site spamming both Google as well as blogspot with re-directs! Both the Google's cache as well as the blogspot blog re-direct to a casino page!

As far I can ascertain they have used javascript to achieve this! Any thoughts?


Yannis

[JohnMu]

It's this:

CODE

<script language="JavaScript">
var a1='win', a2='dow.', a3='loca', a4='tion.', a5='replace',
a6='("http://www.vip-viagra.biz/roby/robi_index.html")';
var i,str="";
for(i=1;i<=6;i++)
{
str += eval("a"+i);
}
eval(str);
</script>

And they aren't the only ones . If you have the Webdeveloper extension for Firefox, you can turn Javascript + meta-redirects off in a click, it helps see them and the pages they use to get ranked.

John

[bobbb]

I see it as this: (same idea)

img src=xyz1234.gif onerror="str=unescape('d%6fcument%2el%6fc%61ti%6fn%3d%22'+ 'http://casino.take-doctor.com/online-blackjack.html' + '%22'); eval(str);"

In your example www dot vip-viagra dot biz slash roby slash robi_index.html what was the original page.

They are getting more devious.

I realize that the porn and gambling sites are huge business but do people fall for these redirects.

This post has been edited by bobbb: Jul 4 2006, 12:17 AM

[phaithful]

Ahh.... beautiful... obfuscated javascript call. document.location = spam url. This kind of thing has been around for quite some time and it's going to work for a long time coming.

Combine this with XSS injections, HEX or ASCII obfuscated CSS / Javascript and 'wha-la' instant black hat SEO

[PuneetJvw]

I don't think the site will remain for long.

Such redirects are not taken well by Google.

Sooner or later site will de-indexed.


Regards/Puneet M.

[SEOEgghead]

Google can never nail all of this in terms of actual spam detection. There is no (good) algorithm that detects the presense of the very creative infinite supply of obfuscated sorts of redirects. The computational time would be enormous, not to mention the fact that it would likely not work so well regardless -- FALSE NEGATIVES. And let's not even discuss the havoc of FALSE POSITIVES.

Google is better off spending their time devaluing these sites based on their poor content. I believe that's what's going on anyway. Analyzing copy for quality is a better and more attainable target IMO, but I'm not an expert here.

Does the site RANK well?

This post has been edited by SEOEgghead: Jul 7 2006, 12:52 PM

[Black_Knight]

Automated algorithmic detection of all redirects is a piece of cake to google, or anyone else who gets a few thousand users to download a toolbar that sends back the address of every URL it hits...

[SEOEgghead]

I would beg to differ there, but I won't argue. This goes back to classes on computer science and turing machines, etc. There are lots of ways to trick a search engine. I'm not saying they should ignore the problem, just that it's not an attainable goal when you're dealing with analyzing code -- and I'm sure Google zaps a lot of it. But we can't even prove that a program ends in computer science. There is no way an algorithm could detect every clever implementation of a spam redirect IMO.

This post has been edited by SEOEgghead: Jul 7 2006, 01:19 PM

[yannis]

There is no way an algorithm could detect every clever implementation of a spam redirect IMO.

I agree that it would be impossible to detect every possible way that a spamer could use redirects or as a matter of fact use other techniques. However, here we talking about a simple thing as disabling javascript on a cached page. I am sure any respectable 16 year old programmer can come up with a filter to remove all scripts on a cached page -with the exception of adsense scripts - since this might hurt Google's wallet!

Yannis

PS Afterall they claim to be know-alls so easily. See this post about phishing!

[phaithful]

Such redirects are not taken well by Google.

Sooner or later site will de-indexed.

What most people don't consider is: although this can be pulled from Google's index via their filters, algos, etc.... the traffic from Yahoo and MSN alone can be equally appealing (which combined is approximately the same traffic Google will produce).

Check out the screenshots I took

This post has been edited by phaithful: Jul 7 2006, 03:13 PM

[bobbb]

Ranks well for "carolina online blackjack" but I doubt if the owners are targeting exactly those keywords. How likely is someone going to enter carolina? I suspect online blackjack is the target and they aren't close.

And I suspect the text on the page is only filler.

"But he played a dramatically different role: While bin Laden was the hidden leader, issuing statements from hiding in Pakistan's border region with Afghanistan, al-Zarqawi portrayed himself as the warrior on the front lines."

[phaithful]

bobb I completely agree with you that "carolina online blackjack" may not be a highly trafficed keyword phrase. But what kind of effort did it take to get to number 1 for a 3 word phrase that may send him 10-20 free users a day.

Probably no effort at all since he probably used an automated tool.

Do that for a few hundred or a few thousand keyword phrase and you've got your self some decent traffic for almost no effort at all.

Obviously I don't condone this kind of spam... but it does make you think... how are engines supposed to combat this kind of stuff? obfuscated javascript... and what about obfuscated XSS... I mean even Google has been known to be susceptible, http://blog.searchenginewatch.com/blog/060706-090047 .

[bobbb]

OK. so why the ruse with that text about bin laden and the re-direct. Why not a page directly on that casino site. If the blog ranks 1 and 3 for "carolina online blackjack" why would a page from the casino site not get that rank too.

Maybe the engines ignore casino sites? I checked around last night and it looks like a lot of blogs are being used to promote gambling but most I saw just have a clickable image or 2.

[phaithful]

Actually the bin laden stuff is probably to avoid content filters that are looking for spammy stuff like sex, casino, viagra, etc.

The reason for the ruse is to leverage the blogspot.com domain.

Yahoo and MSN don't know and don't care about some no name casino site. However, they do perceive blogspot.com as a well known and highly link to site. Since Yahoo and MSN are still very easily prone to subdomain spam the blogspot page can more easily rank well than "no name casino site".

Now Google is still also prone to subdomain spam, but they are aware of the exploitations of blogger / blogspot so they smartly filter out content 1 paged blogs such as this.

Of course, this is all speculation since I don't work at any of the 3 search engines and since I don't know what the algorithms say. But from experience and simple piecing together... this is one highly plausible conclusion in my opinion.

This post has been edited by phaithful: Jul 9 2006, 02:45 AM

[SEOEgghead]

I finished my thoughts on this here if anyone is interested.

[Black_Knight]

If the Google Toolbar requests stats for Page B within 5 seconds of requesting stats for Page A, 80% or more of the time, there's a redirect.

Obfuscate that?

[SEOEgghead]

Interesting approach. How many people actually permit Google to mine data like that, though. I turn it off, but you have a point.

What's the default config on Dells?

TBH, that's a good answer. I'm just not sure they do it yet.

[Black_Knight]

The one thing that more and more SEOs are sure of is that more actual usage/visitation stats are getting used in the algorithms. Wherever such stats could be coming from, even if only Alexa data, would certainly have the data to automatically detect most redirects with a very high degree of accuracy and low degree of false-positives.

Now of course, many webmasters are, in my view, over-estimating the amount of usage data being used, but this is certainly possible, and we do know for sure that Alexa data has been used by at least one of the most major engines before.

How many people actually permit Google to mine data like that, though

Anyone addicted to the green pixie dust. The only way to get the PR data for a page visited is to ask for it, giving the URL to Google in that request. Any toolbar or extension or widget that shows the PR of each page vsited is automatically sending the url of each page visited to Google.

[SEOEgghead]

Isn't there a checkbox as to whether you permit them to use the data? Maybe I should read these things more closely, but I recall it being a choice. Maybe if you turn it off it disables the pixies too.

Anyway, it's an interesting approach, because it's using the (free) computational resources of a large number of users, which gives it a high degree of confidence.

I can think of a few loopholes, and I was only addressing on-page factors in my blog entry, but using that sort of data is a powerful approach.

It also scares me

This post has been edited by SEOEgghead: Jul 11 2006, 06:46 PM

[kensplace]

Its easy for a search engine to detect redirects, does not take any complex software at all.

Its just time / resource consuming, and risky as the only sure fired way is to visit the page and run the code......

But google has the money to buy enough resources to make the time issue go away, and to deal with the security also. They just dont want to solve the problem in my opinion.