Sphinn - Google Proxy Hacking: How A Third Party Can Remove Your Site From Google SERPs

107
Sphinn It!

Google Proxy Hacking: How A Third Party Can Remove Your Site From Google SERPs

Went Hot: August 16, 2007 - 11:27 am
Posted By: skinner 688 days ago
Topic Type: News Story (Jump to http://www.seofaststart.com)
Category: Google Other

Has anyone else here heard about this (apart from Danny Sullivan that is)?

22 Comments

Who Desphunn This (0)

Comments

from qwerty 688 days ago #

Votes: 2 | Vote:

+ -

Sphunn, reddited, stumbled and delicioused. This is pretty important stuff.

from skinner 688 days ago #

Votes: 0 | Vote:

+ -

Yes I agree. There should be a hall of infamy somewhere where we put the details of people who do this stuff.

from DanThies 688 days ago #

Votes: 1 | Vote:

+ -

It's actually come up in a few places, I'm publishing because it's not some isolated problem that only happens to a few underlinked MFA sites.

from graywolf 688 days ago #

Votes: 1 | Vote:

+ -

Nice job with the tips on how to prevent/fix it at the end of the article.

from DanThies 688 days ago #

Votes: 0 | Vote:

+ -

Thanks, Michael. So far, knock on wood, the reverse cloaking has held up for several months with every site.

from g1smd 688 days ago #

Votes: 3 | Vote:

+ -

This has been going on for years, as the article says, but to allude that only "a few people" knew about it "and kept quiet for the good of the community" is plain false I think.

It has been discussed in several public forums many times over the last few years. There is much prior information out there; but this article does a very good job of putting all the facts in one place in an orderly manner.

from majorbta 688 days ago #

Votes: 0 | Vote:

+ -

wow

from DJLitten 688 days ago #

Votes: 0 | Vote:

+ -

Wonderful article Dan. I'm looking forward to see what comes of this.

from simplepixel 688 days ago #

Votes: 0 | Vote:

+ -

Great article. I have a question though.

The work around is to basically validate that the search engine bots are in fact who they say they are via IPs, and if not include a noindex for proxies. Correct?

What is to prevent the proxies from just stripping out the noindex from pages? Especially if they are setup for malicious purposes.

I can see it working to prevent the typical proxy, but it seems to me that the major issue is when these are used in the form an attack on a website's position in the search engines.

from DanThies 688 days ago #

Votes: 0 | Vote:

+ -

Simple, this is addressed in comments on the post as well... but the "advantage" of this exploit for black hats is that it's hands-off. They aren't creating their own proxies, they are exploiting someone else's proxy server(s), and it appears to be a numbers game - you need to use a bunch of proxies to get the job done.

To deploy even one (much less hundreds or thousands) of proxy servers that strip meta tags would mean that you need to get them hosted somewhere. Which makes it a lot less "hands off." You could get caught. A guy like Brad Fallon could send lawyers (or worse) after you.

from simplepixel 688 days ago #

Votes: 0 | Vote:

+ -

Thanks Dan, I guess I didn't make it all the way through the comments.

from DanThies 688 days ago #

Votes: 0 | Vote:

+ -

Can't say I blame you - a few of us are writing mini-novels over there!

from g1smd 688 days ago # - show/hide this comment

Votes: -1 | Vote:

+ -

I am not sure what to make of http://www.bradfallon.com/linkrequest.html and I do wonder if any of that is part of his downfall...

from DanThies 688 days ago # - show/hide this comment

Votes: -1 | Vote:

+ -

Yeah... that's why he got hacked all right.

from dannysullivan 687 days ago #

Votes: 1 | Vote:

+ -

Wish I could say I did all the behind the scenes stuff, Dan -- but really, I've mainly added to the other voices that have expressed concerns over domain hijacking and the need to understand what's an "original" site.

from MattMcGee 687 days ago #

Votes: 0 | Vote:

+ -

If this has truly been ignored or even back-burnered at Google, Yahoo, etc. ... shame on them. Great write-up, Dan -- you made it easy to understand.

from DanThies 687 days ago #

Votes: 0 | Vote:

+ -

Danny, thanks for clearing that up. I guess you creating a platform (the Bot Obedience panels) was good enough. :D

from IncrediBILL 685 days ago #

Votes: 0 | Vote:

+ -

Yup, this is all old news as we covered this topic at Bot Obedience panels in SES San Jose '06 and SES Chicago '06 and even in PubCon '06 with Google's Vanessa Fox sitting right there.

Google did make good on their promise to provide a way to accurately detect Googlebot so we could stop the spoofing when the Googlebot user agent is passed through the proxy but if it's filtered out you're still in trouble.

I've personally not seen hard evidence of that happening until Dan's article and I'm not sure the user agent was filtered our or they cached copies and then let Googlebot crawl their cache, but the net result is the same.

If Google would just properly attribute content to the rightful owner, where they found it in the first place, and not give the second instance encountered ownership, then the proxy issue and full content scraping forcing your content into duplicate penalties would no longer be a problem.

The problem is how do you identify it's truly your content in such a way that someone else stealing your content also couldn't duplicate that ID.

The simplest suggestion I have has always been that Google would have to add a push/pull mechanism to where you register the page and they instantly pull it, just like the AdSense mediabot does currently.

Since the first person to PUSH the content wins ownership your blog would have to wait until Google confirmed receipt of the new content before you could publish it.

Guess what I'm advocating is kind of like a real-time interactive version of Google sitemaps which would solve this once and for all.