Welcome to WebmasterWorld Guest from 3.85.214.0

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

Google is Broken - Spam and Hacked Sites Dominating Google Search Results

     
12:50 pm on Jan 9, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member hobbs is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 19, 2004
posts: 3056
votes: 5


Seeing something very strange, it's as if Google was hacked.
Was searching for a friend for cnn frequency nilesat,
limited the results to the past 24 hours and what G returned was Scary:

All, repeat, ALL results redirected to One Single P0rn Site
to a page titled "Campaign Launcher Page"
and from there redirecting again to multiple other same genre sites

Tested from multiple browsers.
Searching without the "past 24 hours" filter returns 'normal' clean(er) results
it's as it that filter passes through zero algo filtering, but still,
all results redirecting to a single site is kind of a new low.
12:37 pm on Jan 11, 2016 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Apr 30, 2008
posts:2630
votes: 191


Interesting.
Does it still happen or has it gone away?
Have you tried multiple PCs (not just multiple browsers)?
1:05 pm on Jan 11, 2016 (gmt 0)

New User from GB 

joined:Feb 27, 2015
posts: 27
votes: 1


All seems to work fine here in the UK using Chrome. Are you sure you don't have malware on your computer? It seems more likely than Google being hacked?
3:24 pm on Jan 11, 2016 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member redbar is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Oct 14, 2013
posts:3327
votes: 546


Hobbs hacked? Noooo, what's happening now?
6:04 pm on Jan 11, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member hobbs is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 19, 2004
posts: 3056
votes: 5


Looks like they've cleaned few but not all the results
still many redirect to the same .mobi domain with the word sex in it, which then redirects to other random (advertisers) with every click, some of which are p0rn.

Few 'normal' results are creeping in now, which makes sense as I reported it to Google 2 days ago when I made this post.

I did other tests on the mobile and tablet, from different networks too, also google.com and google cctld, seeing similar results (different domains redirecting to one advertising gateway), highly unlikely to be malware or hallucinations.
You have to select "past 24 hours" to see this.

Who knows, maybe I've unlocked a gateway to the future and this is our new normal :)
9:17 am on Jan 12, 2016 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 1, 2004
posts:873
votes: 21


Yup, I see it! It's not on every result but seeing it for sure on UK. It's just looked to my colleague that I am looking at P0rn at work though! :-)
9:31 am on Jan 12, 2016 (gmt 0)

New User from GB 

joined:Feb 27, 2015
posts: 27
votes: 1


Strange - I can now see it too although yesterday it was clean. Hobbs, I do hope you haven't unlocked the gateway to the future!
10:12 am on Jan 12, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member hobbs is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 19, 2004
posts: 3056
votes: 5


There's work, and there's metawork, I'm no expert, but from here the future might be favoring more meta than real work, specially as algo mishaps and complexity accumulate.
10:40 am on Jan 12, 2016 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26367
votes: 1034


Interesting, eh, as Google's Gary Illyes the latest changes were part of a core algo update [webmasterworld.com...]

How odd that these serps are visible, Hobbs. I can't see them myself, but then, I guess it depends on what i'm searching for.
10:45 am on Jan 12, 2016 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10456
votes: 1091


Can't see it in US, and note that most above are UK. Also wonder what browsers are being used and if that has anything to do with it?
11:09 am on Jan 12, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member hobbs is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 19, 2004
posts: 3056
votes: 5


For those that can't see it, can email you
2 html pages, from google.com and google.co.uk in a zip file
11:31 am on Jan 12, 2016 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26367
votes: 1034


Warning! I see what you mean - you can't see the adult content until you click. Warning! At first glance they look like hijacked sites appearing in the Google SERPs.
11:38 am on Jan 12, 2016 (gmt 0)

New User from GB 

joined:Feb 27, 2015
posts: 27
votes: 1


Warning! I see what you mean - you can't see the adult content until you click. Warning! At first glance they look like hijacked sites appearing in the Google SERPs.

I forgot to mention that. When you click on what looks like ordinary results they go to the wrong sites. Not all of them but as you work down the list it becomes obvious. Mr Mcafee jumped in and stopped me going to them, which was nice of him :)
11:43 am on Jan 12, 2016 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 1, 2004
posts:873
votes: 21


Having spent the whole morning researching this, I'm very tired and i.... don't. I thi... ;-)
11:58 am on Jan 12, 2016 (gmt 0)

New User from GB 

joined:Feb 27, 2015
posts: 27
votes: 1


Now that did make me smile :-)
4:24 pm on Jan 12, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
posts:5072
votes: 12


I'm curious as to why someone does this? Does getting your pron site listed on unrelated search terms actually do anything for your income? This exercise seems pointless.
4:56 pm on Jan 12, 2016 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26367
votes: 1034


wheel, it's traffic acquisition, that's all. Of course, there could also be a payload on those sites.

I see that google has fixed the SERPs that were showing the hijacked sites. There may be others, but it seems it's been "dealt with."
5:21 pm on Jan 12, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member hobbs is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 19, 2004
posts: 3056
votes: 5


What worries me more is how complacent Google is becoming, and I'm not talking about such easy to detect hit & run operations, probably like many, I've repeatedly reported to G similar big networks, hosted in tight neighborhoods, running scraped SERPs, and many algo updates later, they're still there, ranking, with AdSense & AdWords accounts and all, you stop bothering after a while.
10:15 am on Jan 13, 2016 (gmt 0)

New User from SG 

Top Contributors Of The Month

joined:Dec 2, 2015
posts: 7
votes: 0


If you do a search for: my little pony games, you will see a link from cvisiontech.com on the 1st page results. I've seen such such targeted attacks since mid November 2015. Eventually the pages get taken down, but of course this hurts the business etc. The worst part is that the AdSense is right up there and I don't think fixing these one by one is going to help.
11:22 am on Jan 13, 2016 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:12388
votes: 409


With various specific phrases being suggested, let me caution most users not to click on them, unless you're running a browser in a virtual machine. Very possibly, these sites are carrying malware, as I don't see, with the phrases suggested, that there's likely to be sufficient targeted traffic for these to be spam in the traditional sense.

The phrase that the OP suggested only has 102 exact matches on Google, so these are not what I'd call competitive money phrases. Worth noting that they are obscure enough that they would go beneath the radar of the new spam algos which Google is deploying, which I'm assuming rely on lists of competitive niches. These are anything but competitve.

If these aren't targeting highly competitive profit making phrases, what are they doing? Some may be doorways to p*rn, but perhaps not all. Are they basically simply giving Google the finger by suggesting that they've evaded whatever the anti-spam algo currently is? Or are they proof of concept, whatever that concept is? Or are they carrying malware, spreading the targeted phrases for the morbidly curious (as we're doing for them here)... and perhaps holding computers hostage for ransom?

Regarding how traditional churn and burn sites operate for those who don't know, see the thread below. These most likely still require hacking... but they may not require also a lot of hacked links pointing at the targeted sites....

Understanding hacked sites that rank in Google
April, 2013
https://www.webmasterworld.com/google/4561487.htm [webmasterworld.com]

I'm not at all convinced that these have anything to do with the update that's also in progress.
10:56 pm on Jan 13, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2004
posts:1995
votes: 75


Something was dropped on my lap 3 days before NewYears, something very Juicy, 7 hacked sites belonging to ONE company. I was contacted by a friend of mine on the DEC 28th to help their clients that they maintain networks for.

Nasty outdated version of WordPress Hack. Got my sleeves rolled up, got all the info needed, analyzed the code. Made changes. put all site in to static Mode - Used a home cooked scraper to generate static version of each site. All 7 sites are currently running on a Static content with no PHP enabled.

Changed .htaccess for each site to return 410 to urls created by the hack, 51,400 to be exact on each site. Made a few changes in GWMT for each site.

6 site out of 7 are now clean According to G, M and Y. Internal team is now porting the content to a mo stable(not PHP/freebie) CMS.

At the same time when researching the hack found about 90 the sites out there that have the same problem. Contacted half a dozen, Actually called one of the regional managers for a US NONE Profit Company that was established in Late 1800's, think several million members - spoke with, emailed exact info what to do. No response, still hacked. after 2 weeks. They are still selling POLO tee-shirts a Nike snickers.
12:00 pm on Jan 14, 2016 (gmt 0)

New User

joined:Jan 14, 2016
posts: 3
votes: 3


<moved from another location>


Hello everyone I'm Nikolas, a new member.

I am seeing a lot of spam coming up for just about any search term I am using, some niche related some not.

A simple search term you can see is <well known brand of popular fashion accessories> or <another search term>

The <website name removed> website seems to be coming up very often , they are rewriting titles depending on the query and redirecting to a spam ecommerce site called <spam website name removed> or similar. I think they are hacked but when you search for their domain in google you see the normal website.

It is dominating google.com for just about any terms I search for many times irrelevant to our own niche.

I have reported it 3 times to the Google webspam team in the last few days but they seem to have become even more aggresively ranking.

Have you seen similar results in search and is it interfeiring in your own niche ?

[edited by: aakk9999 at 7:15 pm (utc) on Jan 14, 2016]
[edit reason] Removed search terms and domain names [/edit]

7:06 pm on Jan 14, 2016 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Apr 30, 2008
posts:2630
votes: 191


Welcome to WebmasterWorld, Nikolas!

There have been recent reports of spam in Google SERPs and Google has confirmed that Core Search Ranking Update was done on 10th of January so I guess this is the same issue. Unfortunately I had to edit out search terms and website names, I have had a quick look and for the benefit of other members I can describe the following:

The search term is popular fashion accessory product name. The website that ranks for it is a legit sports league website (which even has wiki page written about). That website has been hacked and URLs that rank for the search term are something like /somexyzgarbagestring.

When clicked from Google SERPs, the page on the hacked website does 302 redirect to a spam shopping site. If that URL is put directly into browser address bar, it redirects to that legit website home page. Therefore the redirect is done only if the visitor arrives from Google SERPs, probably based on the referrer being google.

Looking at the cached version of the page in SERPs, it is clear that the page was cloaked, showing something completely different to Google. There was no redirect and the page instead contains spam content repeating search term many many times in paragraphs written in many languages. The right sidebar has links to other such pages on the same legit site with anchor text of all of these links containing searched product name in various variants, but clicking on any of these links takes you to home page - you can only see the article content if you search for that URL on Google and click from Google.

You are asking whether anyone have sen similar search results - yes they have and this is why I moved your post to this thread :)
7:29 pm on Jan 14, 2016 (gmt 0)

New User

joined:Jan 14, 2016
posts: 3
votes: 3


Thanks aakk9999, its like the specific website/websites are running after me for just about anything I search for (even non niche related stuff).

It will probably be sorted out, but the more time they take the more search titles that will be rewritten and more issues in other verticals.

For us it's not that big of a deal (for now) as it's a very new ecommerce site (2 months old), with very little revenue ATM. We rank quite well though (1st page or first-half of page 2) for most of our longtail keywords.
12:31 am on Jan 31, 2016 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Oct 17, 2015
posts: 111
votes: 32


I think I mentioned this same thing in the January update thread, in this shopping category they, at least five different domains, redirect to .cn domains. I used feedback to report it, got listed as hacked but then the warning disappeared when saw it again and it and the others are still there, and yes, annoying when underneath them and should be on page one.

Staggering how many uk and com sites have been hacked though. You'd think it would have made the news. As a tag holder I reported it to Nominet but didn't hear anything back. Makes you wonder if they knew something bigger occurred.