Credit: Technology Review

Web

Search Spammers Hacking More Websites

The head of Google's Web-spam-fighting team warns that spammers are increasingly attacking websites.

  • Thursday, July 30, 2009
  • By Kristina Grifantini
Audio » Print small text medium text large text

The head of Google's Web-spam-fighting team, Matt Cutts, warned last week that spammers are increasingly hacking poorly secured websites in order to "game" search-engine results. At a conference on information retrieval, held in Boston, Cutts also discussed how Google deals with the growing problem of search spam.

Search spammers try to gain unfair prominence for their Web pages in search results, thereby making money from the products that these sites offer or from advertising posted on them. The practice, also known as "spamdexing," exploits the way search engines' algorithms figure out how to rank different pages for a particular search query. Google's page-rank algorithm, for instance, in part gives prominence to pages that are heavily linked to other material on the Web. Spammers can exploit this by adding links to their site on message boards and forums and by creating fake Web pages filled with these links. Garth Bruen, creator of the Knujon software that keeps track of reported search spam, says that some campaigns involve creating up to 10,000 unique domain names.

"We're getting better at spotting spammy pages," said Cutts after his talk, adding that spammers are increasingly hacking legitimate websites and filling their pages with spam links or redirecting users to other sites.

"As operating systems become more secure and users become savvier in protecting their home machines, I would expect the hacking to shift to poorly secured Web servers," said Cutts. He expects "that trend to continue until webmasters and website owners take precautions to secure Web-server software as well."

"I've talked to some spammers who have large databases of websites with security holes," Cutts said. "You definitely see more Web pages getting linked from hacked sites these days. The trend has been going on for at least a year or so, and I do believe we'll see more of this."

Bruen agrees. "We've seen an increase in spam e-mail and spam domains that not only sell illicit products, but that attempt to download malware and infect the visitor's PC," he says. Such malware could use an unknowing victim's computer to send out e-mail spam.

"It really is an arms race," says Daniel Tunkelang, one of the conference organizers and the chief scientist at search company Endeca.

Print Favorite Share facebook twitter

Related Articles

Wasting Hackers' Time to Keep Websites Safe

Instead of blocking attacks, a startup distracts attackers with false information.

Seven Ways to Get Yourself Hacked

As targeted scams become more common, it's vital to protect yourself.

A Multilingual Web Goes Live

Arabic and Cyrillic domain addresses are switched on.

Close Comments

To comment, please sign in or register

Forgot my password

Phineas

128 Comments

  • 1390 Days Ago
  • 07/30/2009

Honeypot

I noticed that an anti-spam webpage had three addresses written in white text against a white background. They would be invisible to the eye but perfectly apparent to a bot.
I sent an email to one of the addresses and got an 'undeliverable' reply. I'm waiting for further results.

Reply

fiberman

186 Comments

  • 1390 Days Ago
  • 07/30/2009

Happened to us

We think they got in through a SQL database. Had thousands of link pages hidden on the site - porn and selling drugs (probably counterfeit). We'd find and delete them, then they'd pop up in another directory in even larger numbers. We played a cat and mouse game for months trying to track them down. Until we killed the SQL database, they would find every new password. The even spoofed our home page and after one clean-up filled my inbox with over 1,100 emails from a online form. Had to move the site, delete the database and kill all the forms to defeat them.

Reply

Daniel Tunkelang

7 Comments

  • 1390 Days Ago
  • 07/30/2009

thanks for the coverage!

As I found out from doing my homework after the talk, Google (and Matt specifically) has talked publicly about Google's ability to parse / execute JavaScript--I commented about it in my blog post at The Noisy Channel about his presentation at the SIGIR 2009 Industry Track. But I am curious how robustly they do it. The research on random self-reducibility suggests that the spammers have an advantage in this arms race.

Reply

rcherukuri

1 Comment

  • 1388 Days Ago
  • 08/01/2009

spammers hacking websites...

google guys should know this too well.
blogspot is a prime conduit for most of the spammers re-direct urls.

Reply

EllenLee

5 Comments

  • 1385 Days Ago
  • 08/04/2009

Money

Capitalism make people do everything to gain more and more money.

Reply

Curt2004

90 Comments

  • 523 Days Ago
  • 12/14/2011

Re: Money

You don't think there was greed and money before capitalism?  One does not necessitate the other.

Reply

Blogs

Video

Jack Dorsey Talks Technology

More

Advertisement

Special Reports

Innovators Under 35: India

2012 India TR35

The INDIA TR35 list recognizes outstanding innovators under the age of 35 for their continuing work in India that has the highest impact locally and globally. We highlight innovators in India whose work--spanning medicine, computing, communications, electronics, nanotechnology, and more--is changing our world. See this year's list of winners.

View All Special Reports

Advertisement
Advertisement