homepage Welcome to WebmasterWorld Guest from 54.243.13.30
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Home / Forums Index / Google / Google SEO News and Discussion
Forum Library, Charter, Moderators: Robert Charlton & aakk9999 & brotherhood of lan & goodroi

Google SEO News and Discussion Forum

This 52 message thread spans 2 pages: 52 ( [1] 2 > >     
Google Adds "Hacked Site" Notices to SERPs
tedster




msg:4243743
 7:23 pm on Dec 17, 2010 (gmt 0)

For a long time, Google has placed malware warnings in the SERPs. Today they announced a new notice - for the hacked or compromised site, even if they did not discover malware.

...we're expanding the search results notifications to help people avoid sites that may have been compromised and altered by a third party, typically for spam. When a user visits a site, we want her to be confident the information on that site comes from the original publisher.

[google.com...]

 

mhansen




msg:4243753
 7:58 pm on Dec 17, 2010 (gmt 0)

Wow... and they still try to say they are not the keepers of the web? Eventually, they are just gonna upset everyone...

We already have an overbearing Gov't in the USA, now we have Google to watch our backs also.

I predict this will go away very quickly, when the same group that stood behind wikileaks goes on a tear against more authority sites, just to pee in Eric Schmidts wheaties.

My .02 cents.

tedster




msg:4243804
 10:08 pm on Dec 17, 2010 (gmt 0)

I do not see this as anything but helpful. Most sites who have had parasite content injected into their pages are not aware of it. Even less would visitors have a way of knowing that the page was tampered with.

Parasite hosting is one of the major epidemics that spammers have unleashed on the web - and this time it is not only sneaky, it's illegal.

I'm all behind these notices.

mhansen




msg:4243830
 10:34 pm on Dec 17, 2010 (gmt 0)

I see where you are coming from Ted. I still think thats between Google and Webmaster, not Google and the public. If they feel that strongly about protecting people, they should not list the site at all until the issue is resolved, not permantly tarnish the reputation of a mostly innocent website owner.

They are taking on even more of a role of Internet Police and watchdog.

What is their definition of a "Hacker"? (assume the typical google gray area) In the article it states:


The intent can include phishing...(snip) or spamming (violating search engine quality guidelines to rank pages more highly than they should rank).


So the site owner bought a few links, and now ranks better. In Googles' gray area, link buyer may = hacker.

I DO understand the reason for this... but the methodology is wrong. If they feel the need to protect, then just remove the site from the index temporarily.

MH

ken_b




msg:4243835
 10:46 pm on Dec 17, 2010 (gmt 0)

I tend to think temporarily delisting the site and placing the note in Webmaster Tools would be a better way to go.

For one thing, I wonder how many of these affected sites are just abandoned sites that are unlikely to make any corrections.

For the active sites, delisting may well get their attention, and corrective action, a lot quicker.

Has G ever been sued for damaging a sites name by placing the earlier warnings in the public serps?

indyank




msg:4243900
 4:11 am on Dec 18, 2010 (gmt 0)

Yes, i do agree with mhansen here..they could remove it from the listing and inform the website owner of what they found via GWT..

anallawalla




msg:4243939
 9:32 am on Dec 18, 2010 (gmt 0)

I tend to think temporarily delisting the site and placing the note in Webmaster Tools would be a better way to go.


I doubt if even 1% of webmasters know about WMT and guess that a much smaller number has opened an account in WMT, so they wouldn't get the message.

I know a few SMEs like my accountant whose websites are a brochure built years ago and nobody in that office would think to see if the website was up or down.

But I also take the view that this is a good thing for surfers.

wheel




msg:4243973
 2:48 pm on Dec 18, 2010 (gmt 0)

By placing hacker notices up, Google is effectively providing negative commentary on someone's website.

J_RaD




msg:4243979
 2:58 pm on Dec 18, 2010 (gmt 0)

I for one have gotten falsely nailed by goog with that "malware" crap. Site was perfectly fine but goog had big scary warnings all over me. Oh yes and they also kept letting me spend adwords $$$ to my so called infected dangerous site.

funny people over there at goog.

J_RaD




msg:4243980
 2:59 pm on Dec 18, 2010 (gmt 0)


I doubt if even 1% of webmasters know about WMT and guess that a much smaller number has opened an account in WMT, so they wouldn't get the message.


I don't use googs WMT on purpose!

defanjos




msg:4244001
 5:23 pm on Dec 18, 2010 (gmt 0)

This happened to me a couple of weeks ago, if it wasn't for Google's warning I would not have discovered that one of my shared hosting accounts had been hacked. I am very glad they did it.

The reason I would not have discovered it easily, is because they did not hack my existing pages, they uploaded a bunch of new files to the sites.

By the way, once you fix the problem, Google gets rid of the warning fairly quickly.

mareng




msg:4244004
 5:32 pm on Dec 18, 2010 (gmt 0)

A site:.edu search for cialis gives a good view of the scope of the problem and the uneven implementation of the warning. I think the warning is a good addition to the SERP as long as Google is somewhat quick about refreshing the index. False positives after corrective actions have been taken aren't helpful to anyone.

iamlost




msg:4244009
 6:02 pm on Dec 18, 2010 (gmt 0)

I disagreed with their malware notice behaviour and consider this latest crack/spam notice equally ridiculous.

Most queries, especially those attracting purveyors of malware, site cracking/spamming interest, etc. are not light on available pages. An appropriate SE behaviour IMO is to drop either the page or the site (depending on problem) from the results. Period.

It would be helpful to have an index quarantine list that webdevs could search if they notice traffic drop or vanishing SERP but regardless stop offering up visitation rights...

At the very least, delink the bloody URL.

jbinbpt




msg:4244011
 6:10 pm on Dec 18, 2010 (gmt 0)

Let Google inform the host and have the host contact their clients. No host will want Google looking for other hacked sites on their servers.

MrFewkes




msg:4244031
 8:26 pm on Dec 18, 2010 (gmt 0)

This is just your google filth again.

The more sites in the serps which they show this message for - the more likely people are to click on their adwords sites.

They could EASILY drop the site until it was sorted by the owner.

Ahh - but that would mean them not getting the benefit of hacked sites.

Come on guys - think like google - multiply this across the net - it will be making them a lot of money.

Dont go thinking "google police and all that" - they are not police - they are greedy - and they will kill all sites eventually who arent paying to be on page 1.

How come hardly anyone here can see this? I find it infuriating.

walrus




msg:4244034
 8:37 pm on Dec 18, 2010 (gmt 0)

funny people over there at goog


It can sympathize with the fair minded employees that find themselves employed at what they thought was a great company only to find themselves shaking their heads at convoluted company policies, strategies etc. I quit such a company years ago when i was constantly forced to chisel loyal customers with new charges. Started off great , best companies to work for, then every 3-6 months, charge more, or give less.

aakk9999




msg:4244046
 9:55 pm on Dec 18, 2010 (gmt 0)

An appropriate SE behaviour IMO is to drop either the page or the site (depending on problem) from the results. Period.

It would be helpful to have an index quarantine list that webdevs could search if they notice traffic drop or vanishing SERP but regardless stop offering up visitation rights...


I like this... I also think that putting the words on the SERPS is damaging to site reputation. Excuse my ignorance, but how could they say for certain that the site is hacked if it is not downloading malware?

shoreline




msg:4244058
 11:31 pm on Dec 18, 2010 (gmt 0)

If you own a website, you better make sure your have a WMT account and check it regularly! If you allow comments, better make sure spam didn't get through, or Google will notify your visitors that a third party altered your site!

Amazing!

tangor




msg:4244079
 12:01 am on Dec 19, 2010 (gmt 0)

They are taking on even more of a role of Internet Police and watchdog.


Is Google sure they want to take on this responsibility? Once one claims to have knowledge of illegal acts (most countries/jurisdictions) they have a duty to REMOVE such activity. FAILURE to do so can open the "watcher/whistleblower" to litigation if they do not mitigate the danger/activity when it is in their power/knowledge to do so.

Somebody did not think this through, because once you say you have the ability others will rely on it to their detriment.

indyank




msg:4244106
 3:56 am on Dec 19, 2010 (gmt 0)

Excuse my ignorance, but how could they say for certain that the site is hacked if it is not downloading malware?


I too have the same doubts and you just asked before I did...it is really strange..

indyank




msg:4244107
 4:07 am on Dec 19, 2010 (gmt 0)

Even the link to "Learn about hacked sites" points to to page that talks only about malware..

In both cases, our detection might not be perfect -- we continually work on improving our system -- but it would be wise to proceed with caution.


When you are in doubt, you should remove the result and notify the webmaster..why they hell do you show it to the end user as a suspicious site...it is even more damaging...

I am also not very sure about google's intention on the "hacked sites" warning as I still feel that the malware warning was sufficient..so this additional warning for which there is no clear definition raises more suspicion...do you intend showing sites as "hacked sites" when they use something you don't like? that will be evil...

tedster




msg:4244110
 4:16 am on Dec 19, 2010 (gmt 0)

The footprint of a parasite hosting hack isn't all that inscrutable for Google since they process such a large number of web pages. For one, the same content and links often get injected on many sites, not just one or two.

Also, it is also common that the content displayed to a googlebot user-agent is often different from the content displayed to a regular browser. And Google has been known to check up on web pages through methods that don't use googlebot.

mareng gave a good clue in the above post: "A site:.edu search for cialis gives a good view of the scope of the problem."

Indeed it does - over 4 million results, just for that one example! For some terms you can easily uncover entire pages of content that are orphaned from the regular website but backlinked from various link pyramids and rings. Sometimes you can even find an entire directory of parasite content.

This is not some small whim of Google's. The web has an epidemic.

indyank




msg:4244120
 6:01 am on Dec 19, 2010 (gmt 0)

Tedster, I too tried mareng's example.They do show me over 5 million results! But when I click trough I see a max. of 171 results. Even if do try to "repeat the search with the omitted results included" I see no difference in the numbers.

tedster




msg:4244122
 6:06 am on Dec 19, 2010 (gmt 0)

Interesting - sounds like Google may be "working" the back end on those results.

I can definitely confirm how common this kind of hack is - even for major enterprise sites. I run into it regularly doing various backlink analyses for my clients.

frontpage




msg:4244171
 2:32 pm on Dec 19, 2010 (gmt 0)

What is funny is that one edu site I found hacked redirects to a pill shop that uses Google Analytics and Uservoice.

mhansen




msg:4244175
 2:55 pm on Dec 19, 2010 (gmt 0)

No doubt there is a MAJOR issue with injections and hacked sites. Its Googles way of handling it that's poor. Especially when they admit that their system is not perfect!

I can see the "Next Big Thing" in SEO being some group that offers a service of exploiting websites and injecting malware, so they get the "Kiss-Of-Death" discredit from Google in SERP's. After all, who wants to walk into a Leper's home, even if its just a false positive, or someone elses temporary lie about them?

I still hold firm that if Google is concerned about its own visitors, it should just sandbox the site in question, remove it from serp's completely, and make site owners use their tools to see why. (That's got to be done anyhow doesn't it?)

Legit problem, wrong way of dealing with it, that's going to hurt a lot of innocent businesses who didn't know better.

MH

kaled




msg:4244178
 3:27 pm on Dec 19, 2010 (gmt 0)

Having briefly checked the site:.edu cialis search is seems to me that some of the results are based purely on inbound links but others are definitely the results of some cloaking hack or other - i.e. a Cialis promoting page is delivered to googlebot whilst users get the standard page.

For such pages the suggestion that google should simply delist affected pages is dumb because they are effectively delisted already. They may show up in searches as a result of inbound links but they will not show up as a result of content - and I seem to remember hearing something about content is king and something else about on-page SEO.

In life, you have to look at the alternatives. For Google, the alternatives are
1) Do nothing, let the spammers/hackers play their little game at everyone else's expense.
2) Contact the webmaster if possible.
3) Inform users in the hope that the webmaster will get wind of it eventually.

I slightly favour 2) but I think it comes down to the wording of the message with respect to 3) and maybe the detection method used.

For instance, if Googlebot roams the net incognito in order to check for cloaking (pretty reasonable I would say) detection should be fairly reliable - false positives should be rare provided they filter for common spam words as well as major cloaking.

Perhaps if people feel strongly about this they might offer suggestions as to alternative wording, etc of the warning message - Google may well be receptive to constructive criticism.

That said, I think contacting the webmaster via whois data is a better solution - and if the problem has not been rectified within 30 days (or no valid whois information can be found) then inform users of the problem.

Kaled.

mhansen




msg:4244377
 11:46 am on Dec 20, 2010 (gmt 0)

If the site:.edu cialis type results are what Google is out to try and help with, how will the warning message even help? In effect, Googlebot does not even know the redirect is taking place, since its being shown different content. If it DOES know the redirects are happening, drop the pages from the index. (Completely drop)

The example is even more of a reason to completely delist "pages" that are compromised, and develop an effective way to communicate the issue to a Webmaster.

In my opinion, if Google knows enough, or even has enough of a clue that they should show a warning message, they should simply remove the content and the links (within their own control) to the content from serp's completely.

It's about protecting the people, right? What if some unscrupulous person started a false rumor about E Schmidt having some horrific disease, yet he didn't know the rumor himself?

Would we just tattoo it onto his forehead for the world to see, or pull him to the side to talk about it first?

AG4Life




msg:4244422
 3:10 pm on Dec 20, 2010 (gmt 0)

I agree with what most people have said so far, that this really should be a private thing between Google and webmasters, not something made public to an audience that doesn't understand nor has the ability to do anything about the problem. By all means remove the pages from the index, but a public warning serves no purpose, other than to embarrass the website's operators (who can be considered the victims here).

They could even pull the admin email from a whois for the domain and email webmasters that way if they don't have WMT accounts, it's all better than a public "warning" and not actually telling the webmaster about the problem. It's like the police going to the home of a victim of identity fraud, posting a huge sign outside that says "this person's identity is being used by criminals", without first informing the victim.

kaled




msg:4244451
 4:16 pm on Dec 20, 2010 (gmt 0)

It's like the police going to the home of a victim of identity fraud, posting a huge sign outside that says "this person's identity is being used by criminals", without first informing the victim.
I like that analogy but I don't think it's quite right. How about this...

It's like the police going to a shop who's card-processing system has been hacked, posting a huge sign outside that says "this shop is unsafe", without first informing the shopkeeper. (Of course, in the real world, the shopkeeper would at least see the sign.)

In my comment above, I ommited a fourth option available to Google...
4) Index the real page and dump the cloaked/spam version.

That would remove the motivation for such attacks. If Google also attempted to contact the webmaster, that would be helpful. Have I missed something? Can anyone find fault with this solution?

Kaled.

This 52 message thread spans 2 pages: 52 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google SEO News and Discussion
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved